Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fakty i mity o cybersecurity

Published byOswin Leonard Modified over 6 years ago

Similar presentations

Presentation on theme: "Fakty i mity o cybersecurity"— Presentation transcript:

1 Fakty i mity o cybersecurity
27 kwiecień 2017 Fakty i mity o cybersecurity Andrzej Kroczek, Systems Engineer Manager © 2017 F5 Networks

2 80% of the Internet © 2017 F5 Networks

3 Source: Sandvine, Global Internet Phenomena Spotlight, 2016
70% SSL is growing, and that presents a challenge for our customers. Privacy and security concerns are driving encrypted traffic growth, which is expected to represent 70 percent of all Internet traffic this year. Source: Sandvine, Global Internet Phenomena Spotlight, 2016 © 2017 F5 Networks © 2017 F5 Networks

4 Encryption Creates Blind Spots in Your Network
making the security tools you trust and rely on less effective DLP Fire- walls Anti Virus APT IDS/ IPS With more and more information being encrypted, customers are having a difficult time detecting and assessing threats in encrypted traffic. Organizations are effectively blind to potential threats; existing security architectures and security solutions are inadequate. This ultimately forces administrators to make a choice: let the traffic go uninspected, or suffer extreme application performance losses. © 2017 F5 Networks © 2017 F5 Networks

5 Encryption Creates Blind Spots in Your Network
making the security tools you trust and rely on less effective DLP Fire- walls Anti Virus With more and more information being encrypted, customers are having a difficult time detecting and assessing threats in encrypted traffic. Organizations are effectively blind to potential threats; existing security architectures and security solutions are inadequate. This ultimately forces administrators to make a choice: let the traffic go uninspected, or suffer extreme application performance losses. IDS/ IPS APT © 2017 F5 Networks © 2017 F5 Networks

6 no performance impact © 2017 F5 Networks

7 Visiblity – Outbound Traffic
Decrypt and re-encrypt on each device Decrypt, Inspect, Re-encrypt Decrypt, Inspect, Re-encrypt Decrypt, Inspect, Re-encrypt Users / Devices User Internet Firewall Firewall Web Gateway DLP Anti-Malware IPS Decrypt, Inspect, Re-encrypt Decrypt, Inspect, Re-encrypt © 2017 F5 Networks © 2017 F5 Networks

8 What we know about SSL/TLS
SSL is a Significant Performance Hit on Security SSL % 79 % 75 % 100 Security architectures are not built for SSL encryption. Not handling SSL traffic creates blind spots and enables SSL on next-gen security products to impact their performance, sometimes by over 80%! Next-Gen Firewall Performance Impact Next-Gen IPS Performance Impact Sandbox/Anti-Malware No SSL Support Additional performance loss when multiple security devices each decrypt, inspect and re-encrypt But, it’s not just performance: Latest cipher support is often missing from security devices Source: NSS Labs and vendor data © 2017 F5 Networks © 2017 F5 Networks

9 ECC SSL Hardware Offload
First ADC vendor to provide Elliptic Curve Cryptography (ECC) SSL TPS in hardware across all platforms TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 © 2017 F5 Networks © 2017 F5 Networks

10 F5 SSL Orchestrator Solution Highlights
Gain visibility into SSL traffic with centralized SSL decryption across multiple security tools Flexible deployment options provide ease of integration with unique network topologies Dynamically chain services based on context-based policy to efficiently deploy security © 2017 F5 Networks © 2017 F5 Networks

11 F5 SSL Orchestrator – Key Benefits
SSL decrypt / encrypt at high performance Policy-based decrypt / handoff / encrypt of traffic flows Dynamic service chaining of security solutions Load balancing of SSL traffic flows across security devices Flexible deployment for seamless fit into networks Proxy architecture allows support for DHE/ECDHE and Forward Secrecy Purpose-built, all-in-one SSL appliance, providing security solutions with visibility into SSL/ TLS-encrypted outbound traffic © 2017 F5 Networks © 2017 F5 Networks

12 ½ of web traffic © 2017 F5 Networks

13 Control Bots – F5 Application Security Manager
52% of all Internet traffic is non-human 1 of every 10 requests is hostile © 2017 F5 Networks © 2017 F5 Networks

14 © 2017 F5 Networks © 2017 F5 Networks

15 BOT Impact Internet traffic that is non-human. % 52 52% of your businesses power was consumed by another business Website traffic from malicious bots % 29 29% of the time your business received a visitor, they tried to rob you. 41 Malicious bots enter a website network disguised as a human. % 82% of the time a malicious bot talked to your website, they were impersonating a human or a good bot. Source: Incapsula, CheckPoint, ANA/White Ops, Dell SecureWorks. © 2017 F5 Networks © 2017 F5 Networks

16 Layers of Bot Protection
Threat Intelligence Profiling Behavioral Device Fingerprinting Geo-location Proactive classification Intelligence Feeds BOT signatures Inline Fingerprinting Identity Session Anomaly Transaction Anomaly Brute Force © 2017 F5 Networks © 2017 F5 Networks

17 How unique are you? https://panopticlick.eff.org https://amiunique.org
© 2017 F5 Networks © 2017 F5 Networks

18 Mitigations URL randomization Code integrity Code obfuscation
Backend APP Code integrity URL randomization Code obfuscation Turing Tests Data APP Data Backend Public app API APP ASM injects a JS challenge with obfuscated cookie Legitimate browsers resend the request with cookie ASM checks and validates the cookie Requests with valid signed cookie are then passed through to the server Invalidated requests are dropped or terminated Cookie expiration and client IP address are enforced – no replay attacks Prevented attacks will be reported and logged w/o detected attack + BOT © 2017 F5 Networks © 2017 F5 Networks

19 1,2 Tbps Ddos – iot © 2017 F5 Networks

20 World Record Volumetric DDoS Attacks
IoT – Mirai Botnet © 2017 F5 Networks © 2017 F5 Networks

21 News on DDoS threats isn’t going away
ARS TECHNICA “Major DNS Provider Hit by Mysterious, Focused DDoS Attack” “Rent-a-Botnet Services Making Massive DDoS Attacks More Common than Ever Before” PC WORLD News on DDoS threats isn’t going away “DDoS Attacks: Getting Bigger and More Dangerous All the Time” ZD NET “DDoS Attacks Continue to Rise in Power and Sophistication” SECURITY WEEK Source: THE HACKER NEWS “New Botnet Hunts for Linux – Launching 20 DDoS Attacks/Day” © 2017 F5 Networks © 2017 F5 Networks

22 Protecting Against DDoS is Challenging
Good vs. Bad Traffic All traffic/connections look the same – hard to distinguish the good from the bad Multiple Vulnerable Points Attacks target weakest link network, WAN bandwidth, authentication, and applications Multi vector attacks leveraging TLS connections, with malware planted on botnets Sophisticated and Targeted DDoS Attacks are Easy to Launch Attacks can be crowd- sourced and monetized, launched by simple apps © 2017 F5 Networks © 2017 F5 Networks

23 Today’s Solutions Fall Short
Good vs. Bad Traffic Rate limiting or black holing techniques impact legitimate traffic (and the business) DDoS Attacks are Easy to Launch Blind to SSL and easily overwhelmed, contributing to the DDoS Sophisticated and Targeted Too little too late due to out-of-band deployment against short, bursty traffic Multiple Vulnerable Points Partially effective depending on type of solution and placement in the network © 2017 F5 Networks © 2017 F5 Networks

24 DDoS Hybrid Defender Quickly Detect Attack Behavior
Behavioral-based attack detection with ability to sustain DDoS due to the high performance proxy solution Block DDoS with Real-Time Decryption SSL visibility with real-time traffic decryption and inspection of malicious data Ultra-Fast Attack Detection Sub-second attack detection with hardware assist inline or in out-of-band mode Full Protection on All Fronts Holistic DDoS protection for network, application, and bandwidth with hybrid DDoS approach © 2017 F5 Networks © 2017 F5 Networks

25 Application Protection
F5 DDOS Hybrid Defender Network Protection Multiple techniques - statistical method to baseline L3/4 metrics & auto thresholds IP reputation feeds Application Protection Leverages SSL inspection to defend against L7 DDoS with behavioral analysis WAN Bandwidth Saturation DDoS Hybrid Defender to send Layer 3, 4, and 7 DDoS attack info via a JSON blob to Silverline DDoS Hybrid Defender seamlessly integrates on-premises protection with cloud-based scrubbing service for the most complete DDoS threat coverage. DDoS Hybrid Defender offers simplified user interface and “out-of-the-box” experience with new licensing, targeted for DDoS use case and security buyer. © 2017 F5 Networks © 2017 F5 Networks

26 DDoS Hybrid Defender – Key Benefits
Protects against attacks on the network through to the application Only vendor with native, seamlessly integrated on-premises and cloud-based scrubbing services Leverages industry-leading application protections to defend against L7 DDoS Unsurpassed SSL performance with SSL termination and outbound SSL interception protection Ensures app availability and performance with leading datacenter scalability and up to 2 Tbps of cloud-based scrubbing capacity F5 delivers comprehensive protection in a single box © 2017 F5 Networks © 2017 F5 Networks

27 2,697,631,690 accounts © 2017 F5 Networks

28 https://haveibeenpwned.com/
User Credentials LinkedIn: 164M Dropbox: 68M Yahoo: 500M Adobe: 152M © 2017 F5 Networks © 2017 F5 Networks

29 14,766 PayPal Phishing © 2017 F5 Networks

30 Let's Encrypt SSL Certificates
During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity Let's Encrypt expected to issue ~35,000 SSL certs for rogue domains © 2017 F5 Networks © 2017 F5 Networks

31 Protect User Credentials with F5
Transaction Execution Site Log In User Navigation Transactions Site Visit Device Fingerprinting Geo-location Brute Force Detection Behavioral Analysis Behavioral and Click Analysis Abnormal Money Movement Analysis Customer Fraud Alerts Phishing Threats Credential Grabbing & Remote Access Trojans Malware Injections Transaction manipulation Automated Transactions © 2017 F5 Networks © 2017 F5 Networks

32 Thank You © 2017 F5 Networks

33 © 2017 F5 Networks

34

Download ppt "Fakty i mity o cybersecurity"

Similar presentations

Stonesoft Roadmap WHAT FEATURES WILL COME IN 2013-2014.

Stonesoft Roadmap WHAT FEATURES WILL COME IN
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.

CONFIDENTIAL & PROPRIETARY 1 WAF and Identity and Access Management Integration The Next Step in the Evolution of Application Security Best Practices Jan.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.

©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
The Most Analytical and Comprehensive Defense Network in a Box.

The Most Analytical and Comprehensive Defense Network in a Box.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Web Application Firewall (WAF) RSA ® Conference 2013.

Web Application Firewall (WAF) RSA ® Conference 2013.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.

DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.
Kaspersky Small Office Security INTRODUCING New for 2014!

Kaspersky Small Office Security INTRODUCING New for 2014!
Web Content Security Unlock the Power of the Web

Web Content Security Unlock the Power of the Web

Similar presentations

Ads by Google