Embed Size (px)
Citation preview
Landscape
Ponemon Research 2012:
Cyber security threats
2.8
3.0
3.2
5.4
6.4
7.7
7.9
8.2
8.6
9.0
0.0 2.0 4.0 6.0 8.0 10.0
Phishing and social engineering
Web scrapping
Cross site scripting
Malicious insiders
Botnets
Malware
Viruses, worms and trojans
Distributed denial of service (DDoS)
Server side injection
Denial of service (DoS)
Cyber security threats according to risk mitigation priority 10 = Highest Priority to 1 = Lowest Priority
3
4
Attacks Have Become More Complex
0%
10%
20%
30%
5-6
7-8
9-10
4% 16%
7%
16%
29%
29%
Complexity 2011 2012
ERT Cases – Attack Vectors
Attacks are more complex: 2013 DoS/DDoS attacks have become more sophisticated, using
more complex attack vectors. Note the number of attacks with a complexity level of 7-10.
Individual Servers Malicious software
installed on hosts and
servers (mostly located
at Russian and east
European universities), controlled by a single entity
by direct communication.
Examples:
Trin00, TFN, Trinity
Botnets Stealthy malicious
software installed mostly
on personal computers
without the owner’s
consent; controlled by a single entity through
indirect channels (IRC,
HTTP)
Examples: Agobot, DirtJumper,
Zemra
Voluntary Botnets Many users, at times as
part of a Hacktivist group,
willingly share their
personal computers.
Using predetermined and
publicly available attack
tools and methods, with
an optional remote control
channel.
Examples:
LOIC, HOIC
New Server-based Botnets
Powerful, well
orchestrated attacks,
using a geographically
spread server infrastructure. Few
attacking servers generate
the same impact as
hundreds of clients.
5
2012 1998 - 2002 1998 - Present 2010 - Present
Botnet Evolution To subdue the enemy without fighting is the acme of skill.
DDoS from Russia – Just business
Slide 6
7
It is cheap!
Current prices on the Russian underground market:
Hacking corporate mailbox: $500
Winlocker ransomware: $10-$20
Unintelligent exploit bundle: $25
Intelligent exploit bundle: $10-$3,000
Basic crypter (for inserting rogue code into benign file): $10-$30
SOCKS bot (to get around firewalls): $100
Hiring a DDoS attack: $30-$70 / day, $1,200 / month
Botnet: $200 for 2,000 bots
DDoS Botnet: $700
ZeuS source code: $200-$250
Windows rootkit (for installing malicious drivers): $292
Hacking Facebook or Twitter account: $130
Hacking Gmail account: $162
Email spam: $10 per one million emails
Email scam (using customer database): $50-$500 per one million emails
• Lithuania – just weeks before becoming a chairman of EU
(1.07.2013) – DDoS attack on a news website resulted by
harming Internet for the entire country. New waves of the
attack are coming every several weeks on governmental
and private sites using 7-8 different attack vectors
• In July new DDoS protection system from Radware
installed and protecting sites with coverage of Emergency
Response Team
8
• Russia – Anonymous Caucasus attacking all major banks
(Central Bank, Sberbank, VTB, Alfa, Gazprombank) a
month ago
• Old fashion systems/services they used before that (IPS,
IDS, DDoS, NG Firewalls, Kaspersky etc) were unable to
stop the attacks
9
Russia – Anonymous Caucasus attacking
all major banks (Central Bank,
• US – Op Ababil – all major banks were attacked in multiple
waves by Iranian and Arab fundamentalists since 09\12
• 5-6 vectors per attack including TCP, UDP, HTTP, HTTPS
floods, DNS amplification attacks etc
• Old fashion systems they used before that (IPS, IDS,
DDoS, NG Firewalls, etc) were unable to stop the attacks
• Radware DDoS protection was installed in march – just
before 3rd wave of attack and stopped 3rd and 4th waves
10
• Attacks become more complex!
• Attacks become longer!
• More financially motivated attacks, but at the
same time more politically motivated attacks
on government and private organizations !
You never know if you are on sight of future
attack!
11
Radware Attack Mitigation System (AMS)
Old fashion systems are volnurable
Radware Confidential Jan 2012 13
Firewall, IPS (even NG) cannot stop DDoS !
Mapping Security Protection Tools
Business
UDP Garbage flood on ports 80 and 443
SSL/TLS negotiation attacks
Server cracking attacks
HTTPS flood attack
ICMP flood attacks
HTTP flood attack
14
SYN/TCP OOS flood attacks
Web attacks: XSS, SQL Injection, Brute force
DoS protection
Behavioral analysis
SSL protection
IPS
WAF
In the cloud DDoS protection
To fight back you need:
• An integrated solution with all security technologies
• Mitigate attacks beyond the perimeter
Radware Attack Mitigation System (AMS)
15
Radware AMS Architecture
Volumetric DoS
Protection IPS & FRAUD
PROTECTION L3 – 7 Anomaly Detection
& Reputation Engine
Application
Firewall
Web Application
Protection
Application
At tacks
Behavior protection mechanisms
HW/SW specially developed to fight against all levels of attacks !
Static signatures
Radware AMS Portfolio
AppWall Appliance & VA
Web Application Firewall (WAF)
DefensePro On demand 200Mbps – 40Gbps of legitimate traffic
Anti-DoS, NBA, IPS, Rep. Engine
APSolute Vision HW или VA
Security Event Management (SEM)
17
DefensePro Protection Layers
Available
Service
Behavioral
DoS
SYN
Protection
Out-Of-State
BL/WL
Connection
Limit
DNS
Protection
Anti-Scan
HTTP Flood
Protection
Server
Cracking
Connection
PPS Limit
Signature
Protection
Application
Server
Network
US Banks Under Attack: AMS Deployment
19
DefensePro
Application Infrastructure
AppWall Alteon
• Mitigate all type of
DDoS attacks
• Mitigate SSL attacks
• Mitigate web
application explits
Customer Success -
Leading the DDoS Protection Market
Top Account Wins in Every Segment
21
Carrier/ISP DDoS Mitigation Service
Critical Infrastructure
Online Businesses
Hosting Cloud Scrubbers
Carrier Backbone
Radware is THE leader in the DDoS
protection market.
Our Customers Select AMS
22
Financial Services Retail Services
Government, Healthcare & Education Carrier & Technology Services
We Protect Against the Top Attack Campaigns
23
24
Radware AMS
Application SLA Assurance
Even Under Attack!
