Presentation is loading. Please wait.

Presentation is loading. Please wait.

DDoS Attacks: The Stakes Have Changed. Have You?

Published byJody Harper Modified over 7 years ago

Similar presentations

Presentation on theme: "DDoS Attacks: The Stakes Have Changed. Have You?"— Presentation transcript:

1 DDoS Attacks: The Stakes Have Changed. Have You?
Introduction on my background Joined NETSCOUT after selling ONPATH 4 years ago for what became the PFS BU combining the Simena acquisition from 2011. Prior to that I was at ADVA Optical Networking for 12 years – networking is in my foundation The acquisition of Danaher Communications added VSS to the PFS BU. VSS had an innovative history of packet brokers for service provider monitoring and enterprise security – the security portion of PFS is now the fastest growing area for us. I became President of Arbor Networks in July as we created a new Security-focused business unit that includes both our PFS and Arbor businesses. While I am new to Security, I am very excited about the potential ahead and the advantages we have for network-based traffic visibility in Security applications. In the past 3 months of my new responsibility for Arbor Networks, my attention has been focused in an order of priority: People – what can we do together Products – what are our technologies and platforms capable of Now moving to Partners – leveraging our combined strengths to provide customers more value End-Customers – getting ready to engage with Service Provider and Enterprise customers to hear directly what they need. November 17, 2016

2 Today’s Speakers Kevin Whalen
Sr. Director, Corporate & Marketing Communications, Arbor Networks Sean Pike Program Vice President, Security Products, IDC Tom Bienkowski Director, Product Marketing, Arbor Networks Why is it important?

3 DDoS is a very different game than only a few years ago
Not just because it’s getting bigger, more regular, and more complicated But also because it’s beginning to reach broad adoption Arbor has said ‘Everyone is a target’ for years – and yes we have a vested interest in that statement But it’s become true – from the largest businesses to those who write blogs. The prevalence of IoT leverage and botnets for hire as cheap as $5/hour makes this a very real concerned THE STAKES HAVE CHANGED. We want to help you and your customers prepare for the future – and it starts by getting ready today.

4 Recent IoT Botnet Attack Against Dyn
DDoS is a very different game than only a few years ago Not just because it’s getting bigger, more regular, and more complicated But also because it’s beginning to reach broad adoption Arbor has said ‘Everyone is a target’ for years – and yes we have a vested interest in that statement But it’s become true – from the largest businesses to those who write blogs. The prevalence of IoT leverage and botnets for hire as cheap as $5/hour makes this a very real concerned THE STAKES HAVE CHANGED. We want to help you and your customers prepare for the future – and it starts by getting ready today.

5 IDC’s Perspectives on DDoS Attack Trends…

6 © IDC Visit us at IDC.com and follow us on Twitter: @IDC
Uptick in DDoS Attacks This is my favorite graphic from the DBIR for DDOS Demonstrtates Continued uptick in DDoS attacks – DBIR records approximately 9500 incidents across industry. Source: Verizon DBIR 2016 © IDC Visit us at IDC.com and follow us on

7 © IDC Visit us at IDC.com and follow us on Twitter: @IDC
Probably vs. Capable Mean Values Largest Attacks Spamhaus 400 Gbps BBC 600Gbps Rio 540 Gbps Source: DBIR 2016 © IDC Visit us at IDC.com and follow us on

8 © IDC Visit us at IDC.com and follow us on Twitter: @IDC
Heavy Spending Priority on Newsworthy Incidents 63.1% Top 2 IT Security spending is following the news. Data security events (including ransomware) and ddos attacks dominating security news. Planned spending is reflective of that 63.1% planned spending for data protection 63.4% on improved network security included DDoS protections 59.1% for disruptive malware technology and then a large drop off in priority 63.4% © IDC Visit us at IDC.com and follow us on

9 Arbor’s Perspectives on DDoS Attack Trends…

10 DDoS Attack Trends Fact: DDoS Attacks Increasing in Size, Frequency & Complexity 600+ Gbps The rise in DDoS attack size, frequency and complexity. Mention the source for most of this information comes from our 10th Annual WISR Size: Talk about how DDoS attacks are growing in size. Most are around 1G range, seeing an increase in those over 20G and some as large as 500G (11th WISR) Frequency: 100% of organization have experienced a DDoS attack. 12% experience 500 multiple per month! ***Relate to persona: As you probably know, financial services organizations such as yourself are prime targets for DDoS attacks. 11th WISR Looking at attack frequency, the number of attacks experienced per month has increased again (Figure 23), revealing a trend of very rapid attack frequency growth. Two years ago, only 25 percent reported seeing more than 21 attacks per month. Last year, that proportion increased to 38 percent, and this year it has risen to 44 percent. This trend backs up anecdotal feedback from Arbor customers, who indicate they have seen significantly more and larger attacks during this survey period. Complexity: Modern day DDoS attacks are dynamic combination of volumetric, TCP state exhaustion and application layer attacks. As you can see from our study 56% have experienced multi-vector attacks, up from 42% last year (11th WISR) And finally…we are starting to see DDoS used as a smoke screen for more nefarious activity – in other words being used in advanced threat campaigns as a smoke screen to hide the stealing of confidential data or Intellectual Property. This is something that I’m sure your upper management team is concerned about. 11th WISR: In line with other surveys, a growing proportion of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration. Last year, 19 percent saw this as a common or very common motivation; this has increased to 26 percent — backing up other surveys and reports that have shown growth in this area. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

11 DDoS Attack Trends Fact: DDoS Attacks Increasing in Size, Frequency & Complexity (per month) The rise in DDoS attack size, frequency and complexity. Mention the source for most of this information comes from our 10th Annual WISR Size: Talk about how DDoS attacks are growing in size. Most are around 1G range, seeing an increase in those over 20G and some as large as 500G (11th WISR) Frequency: 100% of organization have experienced a DDoS attack. 12% experience 500 multiple per month! ***Relate to persona: As you probably know, financial services organizations such as yourself are prime targets for DDoS attacks. 11th WISR Looking at attack frequency, the number of attacks experienced per month has increased again (Figure 23), revealing a trend of very rapid attack frequency growth. Two years ago, only 25 percent reported seeing more than 21 attacks per month. Last year, that proportion increased to 38 percent, and this year it has risen to 44 percent. This trend backs up anecdotal feedback from Arbor customers, who indicate they have seen significantly more and larger attacks during this survey period. Complexity: Modern day DDoS attacks are dynamic combination of volumetric, TCP state exhaustion and application layer attacks. As you can see from our study 56% have experienced multi-vector attacks, up from 42% last year (11th WISR) And finally…we are starting to see DDoS used as a smoke screen for more nefarious activity – in other words being used in advanced threat campaigns as a smoke screen to hide the stealing of confidential data or Intellectual Property. This is something that I’m sure your upper management team is concerned about. 11th WISR: In line with other surveys, a growing proportion of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration. Last year, 19 percent saw this as a common or very common motivation; this has increased to 26 percent — backing up other surveys and reports that have shown growth in this area. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

12 DDoS Attack Trends Fact: DDoS Attacks Increasing in Size, Frequency & Complexity The rise in DDoS attack size, frequency and complexity. Mention the source for most of this information comes from our 10th Annual WISR Size: Talk about how DDoS attacks are growing in size. Most are around 1G range, seeing an increase in those over 20G and some as large as 500G (11th WISR) Frequency: 100% of organization have experienced a DDoS attack. 12% experience 500 multiple per month! ***Relate to persona: As you probably know, financial services organizations such as yourself are prime targets for DDoS attacks. 11th WISR Looking at attack frequency, the number of attacks experienced per month has increased again (Figure 23), revealing a trend of very rapid attack frequency growth. Two years ago, only 25 percent reported seeing more than 21 attacks per month. Last year, that proportion increased to 38 percent, and this year it has risen to 44 percent. This trend backs up anecdotal feedback from Arbor customers, who indicate they have seen significantly more and larger attacks during this survey period. Complexity: Modern day DDoS attacks are dynamic combination of volumetric, TCP state exhaustion and application layer attacks. As you can see from our study 56% have experienced multi-vector attacks, up from 42% last year (11th WISR) And finally…we are starting to see DDoS used as a smoke screen for more nefarious activity – in other words being used in advanced threat campaigns as a smoke screen to hide the stealing of confidential data or Intellectual Property. This is something that I’m sure your upper management team is concerned about. 11th WISR: In line with other surveys, a growing proportion of respondents are seeing DDoS attacks being used as a distraction for either malware infiltration or data exfiltration. Last year, 19 percent saw this as a common or very common motivation; this has increased to 26 percent — backing up other surveys and reports that have shown growth in this area. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

13 The Modern Day DDoS Attack Is Complex
Dynamic, Multi-vector Combination TCP State-Exhaustion Attacks Crashes stateful devices (Load balancers, firewalls, IPSs) Your Data Center The Internet Your ISP Volumetric Attacks Large(up to 500 Gbps) Saturates links Low and Slow, Stealth attacks Crashes application servers Application Layer Attacks Legitimate Traffic Firewall BotNet While Volumetric attacks that saturate network links and prevent valid network traffic from passing through the affected links may be obvious, other types of DDoS attacks, like State Exhaustion and Application layer attacks may not….Unless you have the right tools to detect them. State Exhaustion attacks overload state tables in devices like load balancers, firewalls, IPSs, sandboxes, servers, etc.. Application Layer attacks are typically the stealthiest. Industry Best Practices Exist to Stop All of These Attacks

14 Why the Rise in Size, Frequency & Complexity?

15 $5:$100sK Ability It’s Never Been Easier to Launch a DDoS Attack Fact:
Cost of DDoS Service Impact to Victim DDoS Attacks Are The Great Equalizer… Over one-quarter of respondents are now seeing ore than 21 attacks per month.

16 Motivations Many Motivations Behind DDoS Attacks Fact:
Over one-quarter of respondents are now seeing ore than 21 attacks per month. Source: Arbor Networks 11th Annual Worldwide Infrastructure Security Report

17 The Cyber Reflection Every Physical Geo-Political Event…
DDoS Attacks Are The Great Equalizer… Has a Cyber Reflection…

18 Examples of Cyber Reflections
Attack targets were not necessarily the events themselves, but organizations tangentially associated with the events.

19 What is IDC Hearing from Their Clients?

20 © IDC Visit us at IDC.com and follow us on Twitter: @IDC
Common Questions About DDoS Reliability? Continuity? Digital Transformation? Common Questions? Challenges? Impact of DDoS attacks o Businesses more reliant on availability than ever, its as fundamental as electricity. o A successful DDoS attack is not just about lost revenue from public facing commerce-driven websites. DDoS increasingly targets back office applications that power the business, connect the supply chain, its about business continuity. o Platform Technologies including mobile, social and cloud expand attack surface yet Digital Transformation is inevitable for most organizations. This should elevate DDoS defense to a Board level concern Survey data around non-adoption of IOT devices. Could that be dragged down even further with DDoS reports? © IDC Visit us at IDC.com and follow us on

21 © IDC Visit us at IDC.com and follow us on Twitter: @IDC
The Role IoT is Playing in DDoS Attacks The Role of IoT Ransom Protecting Endpoints © IDC Visit us at IDC.com and follow us on

22 Recent Dyn Attack & IoT Botnets

23 Mirai Botnet A floating population of approximately 500,000 compromised IoT devices worldwide (Internet- enabled digital video recorders (DVRs), surveillance cameras). Relatively high concentrations of Mirai nodes have been observed in Asia, Brazil, North America and Europe. Compromised due to default user name and passwords being enabled on devices and open ports in firewalls (Telnet TCP 23/2323). IoT devices are subsumed into the Mirai botnet by continuous, automated scanning by other compromised Mirai botnet IoT devices. Rebooting the device removes the malware running in memory, but its estimated that it will take less than 10 min to be rescanned and become part of botnet again.

24 Mirai is NOT Just a DNS Attack
Mirai Botnet is a Multi-vector DDoS Attack Mirai is capable of launching multiple types of DDoS attacks, including: SYN-flooding UDP flooding Valve Source Engine (VSE) query-flooding GRE-flooding ACK-flooding Pseudo-random DNS label-prepending attacks (also known as DNS ‘Water Torture’ attacks) HTTP GET, POST and HEAD attacks. Mirai features segmented command-and- control, which allows the botnet to launch simultaneous DDoS attacks against multiple, unrelated targets. To date, no verified spoofed DDoS traffic has been observed being sourced from the Mirai botnet. This could change in future versions/variants of Mirai The code has been released to wild…we are already seeing signs of alteration and attacks using the botnet.

25 IoT Botnets: More than Mirai
Never heard of these? That’s because the defenders were prepared. They had the proper people, products and processes in place well before the event occurred. LizardStresser IoT Botnet Targets Brazil Pre-event activity Targets were organizations affiliated with major international sporting events (e.g. gov’t, banks, sponsors, etc.). Chart shows uses of Lizard stresser botnet as far back as July 2014 during the Fifa World Cup Most recently, the Rio Olympics…show how botnet was tested in April 2016 (200 Gbps) and then grew and was used again in Aug 2016 (500 Gbps)…stress the fact that no one heard about these atatcks because the defenders (the local ISPs) were well prepared (and worked closely with Arbor) Most recent Mirai botnet attacks against Krebs Security Blog and Dyn…now that the Mirai source code as been released to the wild…what will Shirley come next? (have already seen Liberia being hit with Mirai botnet) July 2014 June 2016 Aug 2016

26 IDC Recommendations for DDoS Attack Protection

27 © IDC Visit us at IDC.com and follow us on Twitter: @IDC
IDC Recommendations FW/IPS vs. DDoS Defense Hybrid Solutions Managed Services People & Process Q: (Sean) What Q’s should companies be asking when they evaluate a DDoS SP? Don't be fooled, DDoS defense requires DDoS solutions. o Don't try and ask your FW/IPS to also do DDoS defense. o Hybrid - In-Cloud only is half protection. Also need on-premises with intelligent integration with cloud. o Consider a Managed Service that can offer Integrated Multi-Layered Defense People and process play a huge role © IDC Visit us at IDC.com and follow us on

28 Arbor DDoS Attack Protection Solutions

29 The Modern Day DDoS Attack Is Complex
Dynamic, Multi-vector Combination Mirai Botnet is Multi-Vector TCP State-Exhaustion Attacks Crashes stateful devices (Load balancers, firewalls, IPSs) Your Data Center The Internet Your ISP Legitimate Traffic Firewall BotNet While Volumetric attacks that saturate network links and prevent valid network traffic from passing through the affected links may be obvious, other types of DDoS attacks, like State Exhaustion and Application layer attacks may not….Unless you have the right tools to detect them. State Exhaustion attacks overload state tables in devices like load balancers, firewalls, IPSs, sandboxes, servers, etc.. Application Layer attacks are typically the stealthiest. Volumetric Attacks Application Layer Attacks Large(up to 500 Gbps) Saturates links Low and Slow, Stealth attacks Crashes application servers Industry Best Practices Exist to Stop All of These Attacks

30 Stopping Modern Day DDoS Attacks
Layered DDoS Attack Protection Stop volumetric attacks In-Cloud 3 Cloud Signal Intelligent communication between both environments 2 Scrubbing Center Volumetric Attack Application Attack Your (ISP’s) Network Stop application layer DDoS attacks & other advanced threats; detect abnormal outbound activity 1 Your Data Centers/ Internal Networks To stop modern day DDoS attacks you need to take a Layered approach DDoS Attack protection – backed by continuous threat intelligence. What do we mean by this? 1. Stop volumetric attacks in the cloud (yours or your ISPs) before the attacks saturate circuits and overwhelm on-prem security devices. 2. Stop application layer attacks on premises where you have more control over protection of services that matter most. 3. There needs to be Intelligent communications between two environments to stop dynamic, multi-vector attacks. Last but not least… 4) These solutions need to be back by continuous threat intelligence to stay abreast of the latest threats. In fact its not just Arbor saying this…the analyst community is also recommending this to their clients. The Internet 4 Backed by continuous threat intelligence Backed by Continuous Threat Intelligence

31 Arbor’s DDoS Protection Solution
Comprehensive DDoS Protection Products & Services The Internet In-Cloud On-Premise Cloud Signal Arbor deployment in majority of ISPs Arbor Cloud Volumetric Attack Target/Compromised Hosts Application Attack/Malware Use this diagram to briefly explain the integrated solution and how it works and is continuously backed by ATLAS/ASERT. Arbor’s proven, industry leading, comprehensive set of products and managed services provide a fully integrated, in-cloud and on-premises DDoS (and advanced threat) protection solution – that is continuously armed with the actionable, threat intelligence from ATLAS and ASERT. We have On-prem products (appliances or virtual version ) that can stop in-bound ddos attacks and other threats. These products can also stop outbound activity from compromised hosts. In the event that these on-prem products sense that they are going to become overwhelmed with a large volumetric ddos attack, they can “call for help” using a feature called “cloud signaling”. In which case volumetric attack traffic is handled by our fully managed in-cloud DDoS protection service called Arbor Cloud. What’s unique about our solution is how how we (ASERT) leverage our 15 year, worldwide deployment of product used by majority of the world’s service providers to gain unmatched experience and visibility into global threat activity (we call this ATLAS). The global insight derived from ATLAS/ASERT continuously arm all of our products and services in the form of features, integrated workflow and actionable, threat intelligence. No one in the industry offers such a comprehensive DDoS protection solution. Let’s talk about the right combination of products and services for your organization. SERT Security Engineering & Response Team Armed with Global Visibility & Actionable Threat Intelligence

32 Closing Remarks

33 Knowledge & Preparation Are the Keys to Protection
Without the proper knowledge of… DDoS Attack Trends (i.e. Ease, motivations, attack types, relationship with data breach) Best Practices in DDoS Mitigation (i.e. Products, People and Processes) Impact to Your Business (i.e. Downtime, loss revenue, mitigation costs etc.) …You cannot accurately calculate the risk of a DDoS Attack. X

34 Q&A Thank You

Download ppt "DDoS Attacks: The Stakes Have Changed. Have You?"

Similar presentations

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.

Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala

2011 Infrastructure Security Report 7 th Annual Edition CE Latinamerica Carlos A. Ayala
©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.

©2014 Bit9. All Rights Reserved Building a Continuous Response Architecture.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Arbor Networks solutions

Arbor Networks solutions
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Worldwide Infrastructure Security Report C F Chui, Arbor Networks.

Worldwide Infrastructure Security Report C F Chui, Arbor Networks.
2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.

2012 Infrastructure Security Report Darren Anstee, Arbor Solutions Architect 8 th Annual Edition.
©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.

©2014 Bit9. All Rights Reserved Endpoint Threat Prevention Charles Roussey | Sr. Sales Engineer Detection and Response in Seconds.
Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.

It’s Not Just You! Your Site Looks Down From Here Santo Hartono, ANZ Country Manager March 2014 Latest Trends in Cyber Security.
Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.

Internet Security Trends LACNOG 2011 Julio Arruda LATAM Engineering Manager.
©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY1 Rob Pollock - Sr. Channel Sales Manager Bilal Javaid - Manager, Consulting Engineering, Central U.S. Data Connectors.

©2015 ARBOR ® CONFIDENTIAL & PROPRIETARY1 Rob Pollock - Sr. Channel Sales Manager Bilal Javaid - Manager, Consulting Engineering, Central U.S. Data Connectors.
Re-writing the Playbook for DDoS Mitigation Strategies

Re-writing the Playbook for DDoS Mitigation Strategies
Context Rich Systems Market to Global Analysis and Forecasts by Component, Device and Vertical No of Pages: 150 Publishing Date: Jan 2017 Single.

Context Rich Systems Market to Global Analysis and Forecasts by Component, Device and Vertical No of Pages: 150 Publishing Date: Jan 2017 Single.
Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Jan 2017 Single User PDF: US$

Physical Security Market to Global Analysis and Forecasts by Application, Services No of Pages: 150 Publishing Date: Jan 2017 Single User PDF: US$
Context Rich Systems Market to Global Analysis and Forecasts by Component, Device and Vertical No of Pages: 150 Publishing Date: Feb 2017 Single.

Context Rich Systems Market to Global Analysis and Forecasts by Component, Device and Vertical No of Pages: 150 Publishing Date: Feb 2017 Single.

Similar presentations

Ads by Google