Presentation is loading. Please wait.

Presentation is loading. Please wait.

Worldwide Infrastructure Security Report C F Chui, Arbor Networks.

Published byPaul Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "Worldwide Infrastructure Security Report C F Chui, Arbor Networks."— Presentation transcript:

1 Worldwide Infrastructure Security Report C F Chui, Arbor Networks

2 Tenth Year of WISR….. `The more things change, the more they stay the same.’ Ten years of surveying the operational security community on threats, concerns, mitigation/detection strategies and technologies. Significant broadening in both survey scope and respondent mix over this time period Some clear, ongoing trends and some new insights every year Valuable repository of data on the evolution of threats and our means of combating them

3 Infrastructure Survey Demographics Survey conducted in October 2014 287 total respondents across different market segments 60% Internet Service Providers

4 Key Findings Continued growth in peak attack sizes Huge number of VERY large attacks reported / monitored Attack frequency jumps up again More respondents see cloud services being hit Intelligent DDoS Mitigation Solutions (IDMS) usage moves ahead of ACLs for the first time DDoS in 2014: A Time of Reflection… ISP and Enterprise/Government/Education (EGE) data this year Only half of respondents at least reasonably prepared for an incident DDoS a top threat for both ISP and EGE respondents Nearly half of EGE respondents saw DDoS attacks, with a significant proportion of attacks saturating connectivity APT a top concern for EGE going forward Corporate Network Security

5 Key Findings Traffic growing strongly, but still not significant Nearly three-quarters of service providers now have some customers utilizing IPv6 services IPv6 Big increase in those seeing revenue loss due to DDoS Almost two thirds reported DDoS attacks, 38% see attacks exceed total Internet bandwidth Big rises in use of IDMS and ACLs Data Center Worrying trend indicating a decrease in focus on DNS security Lower number of respondents see customer visible outages DNS Most respondents have dedicated resources, but hiring / retaining still an issue Concerning reductions in anti-spoofing and DDoS incident rehearsal Security Practices LTE being pervasively deployed Fewer respondents see customer visible outage due to a security incident Attacks targeting infrastructure up, but down against Gi/SGi Mobile

6 ATLAS Demographics ATLAS provides invaluable data to Arbor customers and the broader operational security community 330+ participating customers – 32% Europe – 24% North America – 17% Asia – 9% South America – 9% Global Tracking a peak of over 120Tbps

7 Substantial Growth in Largest Attacks Largest reported attacks ranged from 400Gbps at the top end, through 300Gbps, 200Gbps and 170Gbps Some saw multiple events above 100Gbps but only reported largest

8  2014 Q3/Q4 attacks summary :  BPS : 117.15Gbps / 31.26Mpps, NTP reflection (port 22), 15 mins. APAC DDoS attacks summary

9 2014, A Time of Reflection….. (part 1)

10 2014, A Time of Reflection….. (part 2) NTP significant throughout 2014 – 93 attacks over 100Gbps, 5 over 200Gbps. DNS has historically been the ‘leading’ protocol used for reflection amplification SSDP significant post Q3 – 25K attacks per month in Q4 – Largest at 131Gbps Other protocols still a concern

11 APAC – Reflection/Amplification attacks seen Protocols for Amplification  Given the huge storm of NTP reflection activity, there has been some focus on other protocols that can be used in this way.  Looking at attacks with source-ports of services used for reflection.  DNS has been used by attackers for several years.  Significant growth in attacks with source port 1900 (SSDP)  2.1% of total attacks in Q4 are SSDP  Max attack seen – 49Gbps

12 ATLAS – Unprecedented Flood of Attacks Peak monitored attack at 325Gbps, up 32% on last year – Attacks larger than 2013 peak in January, February, August and December 2014 ATLAS also monitored more than 4x the number of attacks over 100Gbps in 2014, as compared to 2013

13 Large DDoS attacks seen in 2014 APAC Peak Attack Growth trend in Gbps Q1Q2Q3Q4 235Gbps / 63Mpps to India, NTP reflection attack targeting port 80, 21 min 23 sec 127Gbps / 34Mpps to Malaysia, NTP reflection attack targeting port 52606, 29 min 99Gbps / 26Mpps to India, NTP reflection attack targeting port 80, 31 min 117Gbps / 31Mpps to India, NTP reflection attack targeting port 22, 15 min 37 sec

14 Large Attacks Analysis  28 events over 50Gb/sec in Q4, this gives 132 for year 2014.  Q4 saw numbers of larger events trend down from Q4.  0.13% above 10Gbps, compared to 0.22% in Q3 Large DDoS attacks analysis – 2014 APAC  NTP reflection attacks trending down over the quarter (in terms of large attacks):  3.51% of events overall (1.14% in Q3)  2.11% of events (NTP reflection attacks) over 10Gbps (5.34% in Q3)

15 DDoS : Who is being hit? End users and e-commerce are top two targets, as last year Finance moves down to fifth, behind government and gaming Customers of respondents most common targets of attacks Percentage of attacks targeting Infrastructure continues to rise

16 DDoS : Attack Types HTTP and DNS are top targets of application-layer attacks Drop in proportion of respondents seeing attacks targeting HTTPS Two-thirds of attacks are volumetric, up slightly – No surprise given reflection storm 90% of respondents report seeing application-layer attacks – 4% fall in proportion of application-layer attacks

17 ATLAS attack types stats Q4 2014 APAC Dest Port Break-Out (Q4)  Port 80 (HTTP) stays at number 1, with 17% of events  Roughly the same as Q3 (17%)  Fragment stays at number 2 with 7%  Slightly decrease from 10% in Q3  Attacks targeting port 53 (DNS) in top 3 for the past 6 months.  8% Q3, 4% Q4

18 DDoS : Why? And, How Often? Significant increase in proportion of respondents seeing more than 21 attacks per month – Up to 38% from 25% last year Top 3 motivations stay the same, but order changes – Ideological hacktivism knocked off top spot! Continued increase in extortion, market manipulation or disguise as motivations

19 DDoS : A Top Priority for ISP Customers 70% of service providers see increased demand for DDoS detection and mitigation services from their customers Cloud / Hosting providers top vertical interested in DDoS services – Not surprising given big jump in proportion of respondents seeing attacks targeting cloud (29%, up from 19%) Finance, Government and e-commerce also top list

20 ISP Threat Detection and Mitigation NetFlow analyzers are the most effective and most commonly deployed detection mechanism Firewall logs, the 2 nd most commonly deployed detection mechanism rank 6 th in terms of effectiveness IDMS moves ahead of ACLs as most common mitigation mechanism Firewalls fall back again Proportion of respondents able to mitigate in < 20 mins up to 60%

21 IPv6, Still Not Pervasive Over two-thirds of service provider respondents indicated that they have IPv6 deployed. Only a third of enterprise, government and educational respondents indicated the same Nearly three-quarters of service provider respondents now have subscribers utilizing IPv6 services, but IPv6 service take-up rates for both subscribers and business customers are still mostly under 25%

22 IPv6 Growth Expectation vs. Reality Largest reported volume of IPv6 traffic reported was 80Gbps, a 4x increase over last year’s 20Gbps ATLAS shows a 3x increase in monitored native IPv6 traffic growth, to a peak of 1.24Tbps

23 Data Center DDoS, Attacks & Impact Almost two thirds reported DDoS attacks, down from last year Most common attack target is now customer, rather than service infrastructure 38% see attacks exceed total Internet bandwidth, same as last year As last year 81% see increased operational expenses as top issue Big increase in proportion seeing revenue loss, from 27% to 44%

24 Protecting the Data Center Firewalls, application firewalls and IPS are still top three deployed security technologies Big rises in use of IDMS, 6% to 48%, and ACLs, 13% to 30% 49% see firewalls fail due to DDoS 37% offer DDoS protection services to their customers, either as standard or as an option. 21% offer multiple tiers of service

25 DNS, Still not a Security Focus Proportion of respondents with NO security group with formal responsibility for DNS continues to rise, now 33% Only 17% of respondents of respondents saw a customer visible outage due to DDoS, down from 36% last year – Maybe due to attacker focus on other protocols Layer 7 visibility improved to 41% from, 37% last year and 27% in 2012

26 Best Current Practices 94% of respondents have dedicated security resources The challenges facing organizations in building out teams remain the same - hiring / retaining skilled personnel is a key issue The proportion of respondent implementing anti-spoofing has fallen – This is a big concern given reflection amplification attacks The proportion of respondents who practice DDoS defense continues to fall

27 MNOs : LTE Becoming Pervasive 68% of respondents who operate mobile networks have over 1 million subscribers – 22% have more than 25M LTE deployments becoming pervasive 80% of MNOs do NOT support IPv6 in either subscriber devices or mobile infrastructure

28 Mobile Security 36% experienced poorly implemented mobile applications impacting service 17% of respondents indicated that they have suffered a customer-visible outage due to a security incident Three quarters of respondents cannot detect a compromised subscriber on their networks iACLs and NAT/PAT are still the most common defensive measures used by MNOs, but there have also been big increases in the use of other technologies

29 DDoS in the MNO 36% of respondents see attacks against their mobile users, RAN, back-haul or packet core, up from 25% last year Only 7% see attacks on the Internet (Gi) Infrastructure, down from 24% last year – 57% still don’t know due to lack of visibility – External firewalls top attack target

30 Conclusions Arbor has been conducting the WISR now for 10 years, and there have been some big changes – Networks, and the way in which we use them, have changed – Massive increase in respondents – More diverse respondent mix – Broader range of question topics The WISR represents a hugely valuable repository of the observations, experiences and concerns of the OpSec community – Identifies ongoing trends – Unexpected shifts in behavior Goals remain the same – Educate the broader community – Share solutions to common issues

31 Thank You

Download ppt "Worldwide Infrastructure Security Report C F Chui, Arbor Networks."

Similar presentations

Cloud Communications Ecosystem Panel Alan Bugos, Vice President of Technology October 15th, 2013.

Cloud Communications Ecosystem Panel Alan Bugos, Vice President of Technology October 15th, 2013.
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
Northern Ireland Tourism Performance Overview January –March 2014.

Northern Ireland Tourism Performance Overview January –March 2014.
Key Performance Indicators for the Junior Resource Sector: Q2 2014 Update Prepared by Mike Doggett August 27, 2014.

Key Performance Indicators for the Junior Resource Sector: Q Update Prepared by Mike Doggett August 27, 2014.
David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.

David Grochocki et al.  Lures Potential attackers  Smartmeters do two way communication  Millions of Meters has to be replaced  Serious damages just.
ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.
1 © Aberdeen Group 2013 – Not For Distribution ™ Meeting the Rising Challenge of Modern Networks.

1 © Aberdeen Group 2013 – Not For Distribution ™ Meeting the Rising Challenge of Modern Networks.
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
April 2014 Dairy Commodity Market Situation & Outlook.

April 2014 Dairy Commodity Market Situation & Outlook.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala

2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.

©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Check Point DDoS Protector June 2012.
Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. Taking up the Task of Business Transformation Global CIO Study 2015.

© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. Taking up the Task of Business Transformation Global CIO Study 2015.
Arbor Multi-Layer Cloud DDoS Protection

Arbor Multi-Layer Cloud DDoS Protection
Arbor Networks solutions

Arbor Networks solutions
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Mitigating network security threats for superior online availability and service in the iGaming industry Tony Teo, Arbor Networks.

Mitigating network security threats for superior online availability and service in the iGaming industry Tony Teo, Arbor Networks.
2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.

2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.

Similar presentations

Ads by Google