Upload
corero-network-security
View
340
Download
5
Embed Size (px)
Citation preview
Service Provider Deploymentof DDoS MitigationAn IHS Infonetics Webinar
#DDoS
© 2015 IHS
Today’s Speakers Service Provider Deployment of DDoS Mitigation
2
Dave LarsonChief Operating Officer
Corero Network Security
Stephen ClarkDirector, IP Networks
Telesystem
Allen TataraManager, Webinar Events(Moderator)IHS
Jeff WilsonSenior Research DirectorCybersecurity TechnologyIHS
#DDoS
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS 4
20 Years of DDoS Attacks
First Hacktivist event: Zapatista National Liberation Army
Packeting for bragging rights
MafiaBoy DDoS: Yahoo!, Amazon, Dell, CNN, Ebay, Etrade
Spammers discover botnets
Organized crime:
Extortion
Estonia: Parliament, banks, media, Estonia Reform Party
Spamhaus attack: Reported to reach 310 Gbps
1993 20131995 1997 1999 2001 2003 2005 2007 2009 2011
DDoS Timeline
Anon hits Church of Scientology
Panix.net hit with first major DDoS
2015
Coordinated bank attacks: Attack sized to 170 Gbps,continues today
500 Gbps attack in Hong KongFrance swarmed after terror attackPlayStation & Xbox hit at Christmas
ProtonMailattack
© 2015 IHS 5
Solution Evolution
Primary focus: Tier 1 service providers
2003
2009
2013
2001
2007
2011
2015
Commercialproducts
Cloud scrubbing
De-factostandardsolution
Massive increasein attack volume
Massive increasein attack complexity
Demand foron-prem
New on-premsolutions
© 2015 IHS
The Dirty Secret: Tier 2/3 Peering Connections
6Source: peeringdb.com
© 2015 IHS 7
Long-Term Deployment Strategies
‣ We surveyed 25 tier 1 and 2 operators around the globe
‣ On-prem is a no-brainer for tier 1, and becoming a viable option for tier 2
‣ Even those who won’t deploy 100% on prem plan hybrid deployments
Partner for or purchase ahosted DDoS mitigation service
Deploy a hybrid solution, with bothDDoS mitigation infrastructure on
premise and hosted services
Build out our own DDoS mitigationinfrastructure in our data centers
-20% 0% 20% 40% 60%
12%
38%
50%
Percent of Service Provider Respondents
IHS Infonetics Cloud & Data Center Security Strategies & Vendor Leadership: Global Service Provider Survey; December 2015
© 2015 IHS 8
Mitigation Capacity
‣ Same 25 operators
‣ 77% expect to have only 50G of on-premise mitigation (or less)
IHS Infonetics Cloud & Data Center Security Strategies & Vendor Leadership: Global Service Provider Survey; December 2015
>100G
100G
50G
10G
1G
0% 20% 40% 60% 80%
8%
15%
38%
27%
12%
62%
27%
12%
0%
0%
HostedOn-premises
Percent of Service Provider Respondents
© 2015 IHS 9
Providers Planning Investments Today
‣ DDoS mitigation is a top investment priority today
‣ Would make capital investments in on-premise DDoS mitigation if the economics work
IHS Infonetics Cloud & Data Center Security Strategies & Vendor Leadership: Global Service Provider Survey; December 2015
Don’t know
Web application firewall
UTM
Sandboxing/advancedmalware protection
Intrusion prevention system
Integrated network securityplatform that offers firewall,IPS, and content security
Web security gateway
Virtual security appliances/security solutions for
virtualized environments
Next gen firewall
Firewall
DDoS protection system
-20% 0% 20% 40% 60%
4%
4%
4%
4%
4%
4%
8%
23%
27%
46%
50%
Percent of Service Provider Respondents
Secu
rity
Plat
form
s
© 2015 IHS 10
DDoS Mitigation Generates Revenue
‣ Providers can turn mitigation infrastructure around and re-sell as a service
IHS Infonetics Cloud & Data Center Security Strategies & Vendor Leadership: Global Service Provider Survey; December 2015
Incident response
Authentication
Vulnerability assessment
Sandboxing/advanced threat prevention
Secure web gateway
Secure remote access
E-mail/messaging security
Firewall/UTM/NGFW
DDoS protection
0% 20% 40% 60% 80% 100%
46%
46%
46%
50%
58%
65%
69%
88%
96%
Percent of Respondents
Host
ed/M
anag
ed S
ecur
ity S
ervi
ces
IHS Infonetics Cloud and CPE Managed Security Services Market Size & Forecasts; March 2015
CY13 CY14 CY15 CY16 CY17 CY18 CY19$0
$500,000,000
$1,000,000,000
$1,500,000,000 DDoS Mitigation Revenue
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS
Unprotected Customer
Attack TrafficNon-Attack Traffic
DDoS Detection(NetFlow Collector/Analyzer)
NetFlow
Null Routeon Destination IP
Native Traffic Path
All traffic discarded
DDoS Defense 1.0 - Null Route
12
© 2015 IHS
Partially Protected Customers
DDoS Detection(NetFlow Collector/Analyzer)
Non-Attack Traffic
Diverted Traffic Path
New Route via BGP
GRE Tunnel to Customer
Native Traffic Path
Industry Leader’sScrubbing Approach
NetFlow
DDoS Defense 2.0 - Scrubbing
Legacy
13
Attack TrafficNon-Attack Traffic
© 2015 IHS
Attack TrafficNon-Attack Traffic
Non-Attack Traffic
DDoS Traffic Blocked Inline
CompletelyProtected Customers
DDoS Defense 3.0 - Inline, Always-On
Real-time Alerting and Reporting
14
In-line Appliance
© 2015 IHS
In-line ApplianceIn-line
Appliance
In-line Appliance
Always-On, Service Provider Managed Threat DefenseAvailable as a Shared or a Dedicated Threat Defense Service
Protected Resource
Single Customer
10G
10G
DEDICATED 10G THREAT DEFENSE
DEDICATED MULTIPLE 10G THREAT DEFENSE
10G
Protected Resource
Single Customer
10G
10G
10G
Protected Resource
Customer 1
40G
10M
SHARED <10G THREAT DEFENSE
Protected Resource
Customer 2
1G
Protected Resource
Customer N
100M
10G
10G
Internet
15
In-line Appliance
© 2015 IHS
Example Peering/Transit Point Deployment
SP
Upstream Provider A
In-Line Appliances Deployed on 10G Peering/Transit Connections
Upstream Provider B
Service Provider Network
16
In-line Appliance
In-line Appliance
In-line Appliance
In-line Appliance
© 2015 IHS
Attack TrafficNon-Attack Traffic
Alerting and Reporting
Non-Attack Traffic
DDoS Traffic Blocked
at Subscriber Edge
Completely Protected ISP, Hosting, and Enterprise
Customers
Example Subscriber Edge Deployment
17
In-line Appliance
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS 19
Block Communications Overview
‣ Communication, Internet, and Computing Solutions Provider
‣ Block Communications Commercial Telecommunications divisions, Telesystem (www.telesystem.us) and Line Systems (LSI) (www.linesystems.com) offer voice, internet, and cloud computing solutions to thousands of commercial customers extending from the east coast throughout the Midwest
© 2015 IHS 20
Block’s DDoS Mitigation Deployment‣ Number/size of links protected
• TSM – eight (8) 10Gig links being mitigated
• LSI – three (3) 10Gigs links being mitigated; two (2) 1Gig links being mitigated
• MaxxSouth – Four (4) 10Gig links; expect to be in mitigation mode by end of month
‣ In-line deployment automatic DDoS mitigation on each of the vital interconnects
‣ Eliminate DDoS attack traffic at the peering edge
© 2015 IHS 21
Relief with In-Line Mitigation‣ Post deployment success.
DDoS is handled automatically, and good user traffic flows as intended.
Week start date Traffic blocked (GB)9/27/2015 7935.42
10/4/2015 5442.49
10/11/2015 4515.76
10/18/2015 2040.66
10/25/2015 5280.27
11/1/2015 6018.34
11/8/2015 4506.04
11/15/2015 3903.47
11/22/2015 5833.86
11/29/2015 4941.37
12/6/2015 2457.96
12/13/2015 5262.04
12/20/2015 25005.61
12/27/2015 8610.96
25 terabytes of DDoS attack traffic automatically removed! No human intervention
Near saturation attack event on
12/22
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS 23
What was your previous DDoS mitigation strategy?
© 2015 IHS 24
What drove the decision to look at new solutions?
© 2015 IHS 25
How did you become comfortable with going to in-line mitigation?
© 2015 IHS 26
What other capabilities are you looking to deploy with this new solution?
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS
Corero SmartWall Network Threat Defense
ADVANCED DDOS & CYBER THREAT DEFENSE
TECHNOLOGY
BUILT ON NEXT GENERATION
ARCHITECTURE
COMPREHENSIVE ATTACK VISIBILITY & NETWORK
FORENSICS
SmartWall® Threat Defense System (TDS)
Service/hosting providers On-premises or cloud deployments Protection in modular increments of 10 Gbps In-line or scrubbing topologies
28
1/10/20 Gbps80 Gbps
320 Gbps
© 2015 IHS
Corero Cost Savings Opportunity‣ From a scrubbing center perspective*
- 85% rackspace advantage
- 75% power advantage
- 4x packet-per-second performance
- >85% OPEX savings
- >50% CAPEX savings
* Per gigabit of scrubbing center capacity
29
© 2015 IHS 30
DDoS as-a-Service ROI Advantage
Types of Customers
# of Current Customers
Average Monthly Charge
Current Monthly
RevenuePenetration
Rate# of DDoS
service Customers
% Upcharge New Price For Service
New Revenue
stream
10Gbps 100 $5,000 $500,000 50% 50 3% $5,150 $7,500
1Gbps 200 $3,000 $600,000 25% 50 4% $3,120 $6,000
100Mbps 500 $500 $250,000 20% 100 8% $540 $4,000
50 Mbps 100 $100 $100,000 10% 100 10% $110 $1,000
Additional monthly DDoS as-a-service revenue - $18,500 Additional annual DDoS as-a-service revenue - $222,000
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS 32
DDoS mitigation is everyone’s problem
The solutions for in-line mitigation have changed
There is opportunity today to save operational and bandwidth cost, and generate new revenue
© 2015 IHS
1
54
23
DDoS Attacks and Service Providers
Mitigation Architectures for Providers
Block Communications Overview
Deployment Discussion
Sponsor Approach
67
Conclusions
Audience Q&A
#DDoS
© 2015 IHS
Audience Q&AService Provider Deployment of DDoS Mitigation
34
Dave LarsonChief Operating Officer
[email protected] Network Security
Stephen ClarkDirector, IP Networks
Allen TataraManager, Webinar Events(Moderator)[email protected]
Jeff WilsonSenior Research DirectorCybersecurity [email protected]
#DDoS
Thank YouThis webcast will be available on-demand for 90 days.
For additional IHS Infonetics events, visit: https://www.infonetics.com/infonetics-events/
Follow us on Twitter at @infonetics and @infoneticsevent
#DDoS