Presentation is loading. Please wait.

Presentation is loading. Please wait.

Arbor Multi-Layer Cloud DDoS Protection

Published byKathleen Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "Arbor Multi-Layer Cloud DDoS Protection"— Presentation transcript:

1 Arbor Multi-Layer Cloud DDoS Protection
Nurfedin Zejnulahi, Arbor Consultant

2 Ten + Years of Innovation 500+ of The Worlds Most Demanding Networks
Who is Arbor Networks? Founded from DARPA grant Over 40 networking and security patents Ten + Years of Innovation 500+ of The Worlds Most Demanding Networks Across all continents Service Providers, Hosters, Fortune 50 companies Largest financials and online giants Trusted Experts Globally Over 400 employees across all continents >50% in Engineering, Service and Support Best in class support experts, global infrastructure Arbor best kept secret 2000- u of m darpa grant 450 customers- in 60 countries – isps, hosters, enterprises DdoS solutions Global intelligence Distributed systems- DdoS at the begginning in 2000 when taking govt websites down,Traffic and routing of Internet infrastrcture. This history allows Arbor to take a look back Global ATLAS 290+ World-wide Sensors Analyzing over >160Tb of data per second Monitoring over 260K malware families Proprietary and Confidential Information of Arbor Networks, Inc.

3 Enterprise Incident Response

4 DDoS attacks can be very large
Largest (Gbps) / longest reported DDoS attack, Worldwide infrastructure security report, 2005 to 2014.

5 Targets of Application-Layer Attacks

6 DDoS Attack Types

7 Most DDoS Attacks are relatively short and small

8 DDoS : case of MORoCco (janvier 2015)

9 Stopping Attacks in the Right Place
SCRUBBING CENTER Cloud-based DDoS Protection Peakflow SP/TMS Cloud Signaling DATA CENTER INTERNET Pravail APS Firewall IPS Load Balancer Target Applications & Services CPE-based DDoS Protection

10 Arbor Cloud: Global Availability
4 strategically placed scrubbing centers each with scrubbing capacity: East Coast West Coast Central Europe Asia Point out that the field have been running mitigations for their customers…this is not a new service for us, it’s a new product – but we are well versed in the business practices that are delivered with a cloud service.

11 Customizable Service Options
Traffic re-routing mechanisms DNS DNS A records are modified by customer to point attacked FQDN to Arbor cloud Full DNS proxy in cloud will route clean traffic to its destination Full proxy requires traffic in both directions Clean Traffic = Inbound + outbound traffic BGP Must divert a minimum of a /24 subnet Traffic returned via GRE Clean Traffic = Inbound traffic only DNS GRE Arbor Cloud GRE DNS Proxy ISP Network ISP Arbor’s DDoS Protection Appliance on-site Arbor’s DDoS Protection Appliance on-site DNS Reroute: DNS A records are modified to point attack FQDN to Arbor cloud Full DNS proxy in cloud will route clean traffic to its destination Full proxy requires traffic in both directions Clean Traffic = Inbound + outbound traffic BGP Reroute Must divert a minimum of a /24 subnet Arbor requires 3 days to register routes with Internet Registry If customer only has a /24, then customer must de-announce the route when Arbor announces it Traffic returned via GRE Clean Traffic = Inbound traffic only Normally traffic – green Redirect – red Enterprise Network Enterprise Network

12 Traffic Diversion Options
DNS BGP Proxy ISP ISP GRE DNS Reroute: DNS A records are modified to point attack FQDN to Arbor cloud Full DNS proxy in cloud will route clean traffic to its destination Full proxy requires traffic in both directions Clean Traffic = Inbound + outbound traffic BGP Reroute Must divert a minimum of a /24 subnet Arbor requires 3 days to register routes with Internet Registry If customer only has a /24, then customer must de-announce the route when Arbor announces it Traffic returned via GRE Clean Traffic = Inbound traffic only Pravail APS Pravail APS Enterprise Network Enterprise Network

13 DNS Diversion Option Proxy
Internet Proxy ISP Network DNS A records are modified to point attack FQDN to Arbor Cloud Full Proxy will route clean traffic to its original destination or customer-defined IP address Full Proxy redirects traffic in both directions Clean Traffic = Maximum of inbound or outbound traffic Pravail APS Enterprise Network

14 BGP Diversion Option May need to divert a minimum of a /24 subnet
Internet GRE ISP Network May need to divert a minimum of a /24 subnet Arbor requires 3 days to register routes with Internet registry Traffic returned via GRE Clean Traffic = Inbound only Pravail APS Enterprise Network

15 Reporting Customers have four ways of accessing statistics for their incidents (mitigations): Via the Service Reporting Portal Via Incident (mitigation) Reports ed out within two business days of incident termination Via automated update reports sent hourly during an incident (mitigation) Via a two-hourly update to a mitigation ticket, done by the customer specialist team

16 DDoS Mitigation with Arbor Cloud
When you subscribe to Arbor Cloud, you will: receive a Provisioning Questionnaire that you can use to provide all information relevant to your protected services review the questionnaire with Arbor SOC during the Orientation Call receive a Welcome Pack document with all the service’s details receive a welcome with your Arbor Cloud portal access credentials

17 DDoS Mitigation with Arbor Cloud
After the orientation call: a test mitigation will be scheduled purpose of the test mitigation is: make sure that traffic diversion and reinjection work as expected analyze production traffic and fine tune the mitigation policy Arbor recommends that test mitigations are performed every six months, to verify that all is working as expected even if no attacks are detected.

18 DDoS Mitigation with Arbor Cloud
The portal includes the customer’s configuration data

19 ATLAS Global Threat Analysis and Monitoring System
Spam Traps Botnet Reconnaissance Tool Worlds Largest Distributed Honeypot Sensors Public Intelligence The ATLAS Global Threat Analysis and Monitoring System is actively monitoring more than 160 Tbps or 1/3 of all internet traffic 24/7 ATLAS is a collaborative project with more than 275 ISP’s customers sharing anonymous traffic data through spam traps, Botnet reconnaissance tools, the worlds largest distributed honeypot, globally dispersed sensors and publicly shared intelligence

20 Thank You

Download ppt "Arbor Multi-Layer Cloud DDoS Protection"

Similar presentations

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.

© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.

Not to be distributed or reproduced by anyone other than Qwest entities. Copyright © 2010 Qwest. All Rights Reserved. Government Services TIC from an Industry.
Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.

Security Monitoring & Management Security Control Panel Sensors & Detection Devices $ $ $ $ $ $ Physical Security Monitoring.
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.

COPYRIGHT © 2013 ALCATEL-LUCENT. ALL RIGHTS RESERVED. ALCATEL-LUCENT — CONFIDENTIAL — SOLELY FOR AUTHORIZED PERSONS HAVING A NEED TO KNOW — PROPRIETARY.
Frederic Fleurat ffleurat@arbor.net SIT mazagan 2014 Frederic Fleurat ffleurat@arbor.net.

Frederic Fleurat SIT mazagan 2014 Frederic Fleurat
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Arbor Networks solutions

Arbor Networks solutions
Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg

Jak zwiększyć bezpieczeństwo i wysoką dostępność aplikacji wg
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
Mitigating network security threats for superior online availability and service in the iGaming industry Tony Teo, Arbor Networks.

Mitigating network security threats for superior online availability and service in the iGaming industry Tony Teo, Arbor Networks.
© 2013 Imperva, Inc. All rights reserved. Imperva Incapsula Confidential1 Doug Smith, Region Sales Mgr 416.574.2799.

© 2013 Imperva, Inc. All rights reserved. Imperva Incapsula Confidential1 Doug Smith, Region Sales Mgr
Worldwide Infrastructure Security Report C F Chui, Arbor Networks.

Worldwide Infrastructure Security Report C F Chui, Arbor Networks.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.

Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.

Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Barracuda Networks Steve Scheidegger Commercial Account Manager 734-887-2422

Barracuda Networks Steve Scheidegger Commercial Account Manager
BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Similar presentations

Ads by Google