cloud mitigation alliance - file.ehuiapp.comfile.ehuiapp.com/2015/1009/293494.pdf · tools,...
TRANSCRIPT
2
Trend of DDoS Attacks
0
50
100
150
200
250
300
350
400
450
1999 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
100Gbps
10Gbps 334Gbps
400Gbps
Personal Attack Organized Attack Commercial or Political Attack
300Gbps
DDoS Attacks History
• DOS Attacks/Spoofed DDoS • L7 DDoS • 2015 Q1,100G+ Global Attacks >25 Times • Mainly Reply Flood Attack:DNS/NTP/SSDP
4 Attacker increase the traffic to 300G
Multiple European ISP pipeline congestion
5
Tier-2/3
Tier-1
1 Attacker launched DNS attack
75G global DNS attack traffic to the target server
2
3
Zombie Host
Attacker
DNS Server
CDN
Target Server
CDN Provider mitigate the traffic
Large Traffic Attack Frequently
• DDoS attack develop into
Commercial or Political
attack gradually.
• Low cost, automatic
tools, technical
simplicity is the
important reason for the
frequent Attack.
3
Weakness of current mitigation solution
Global-oriented MSSP
Limited bandwidth
Limited territory
Limited resource
Carrier
Only mitigate internal DDoS attack
Ignore outbound DDoS traffic
Lack for solution to international customer
4
Cloud Mitigation Alliance (CMA)
CMA unites carriers and managed security service providers to coordinate global mitigation resources to carry out near source mitigation by open API
• Open,non-vendor centric • Better utilization of existing resources • Information collaboration
5
Core Components of CMA
Cloud Coordination
Center
Scrubbing Centers
Emergency Response
Center
The CCC communicates with cloud instructions
among the alliance members evaluated by IPOP
position, cost and SLA, and in order to select the best
scrubbing resource to mitigate the attack traffic.
Scrubbing center must have global deployments,
big mitigation capacity, and establish GRE tunnels
in advance.
Expert teams of Huawei and the alliance members
are distributed in major regions across the globe,
providing 24/7 emergency response services.
6
Architecture of Cloud Mitigation Alliance (CMA)
① Alliance member detects volumetric attacks exceed its mitigation capacity ② Cloud signal to CCC (Cloud Coordination Center) to request global near source mitigation ③ CCC dispatch alliance members to initiate near-source mitigation
Cloud Coordination Center(CCC) including Big Data
Member Mitigation System
Scrubbing Center
Member under attack(e.g. Tier-2/3 IGW)
CMA unites carriers and MSSPs to coordinate global mitigation resources to
carry out near source mitigation by open API and Data.
7
Cloud Mitigation Alliance
Cloud Mitigation Alliance
Process of CMA near source mitigation
Tier-2/3 Member Network
Cloud signal
Member’s Mitigation Center
CCC
Member’s Mitigation Center
Member’s Mitigation Center
Tier-2/3 Member Network
Member’s Mitigation Center
CCC
Member’s Mitigation Center
Member’s Mitigation Center
8
Cloud Mitigation Alliance features
Near-Source Scrubbing Cloud Dispatch Globally
Global attack trend presentation
Global near-source cleaning within minutes
Open : API & Data
Compatible, reduce TCO
Open and Win-Win Connect quickly, Profit share
Global Coverage Cleaning Center
10+ cleaning centers
4 Continents
9
Benefits of Alliance Member Analysis
Alliance Member's Own Network
Internet
A member can provide global inbound DDoS attack defense services for customers(esp multinational).
Internet
A member can provide outbound DDoS attack mitigation services for other members
Alliance Member's Own Network
10
Social Value & Governance of CMA solution
Awareness of global DDoS
Attack, information sharing between “islands”.
Protect customer’s business
and Reduce carrier operation cost .
60+
Saving energy and global carrier pipeline
resource to the utmost via near source
mitigation, so as to reduce global carbon
emissions.
Make cutting outbound attack become a
social responsibility .
Governance Work Group elected by members to establish an Open, Collaborative and Secure based line operation for Alliance members to counter Global DDoS attacks
13
Cloud Mitigation Scrubbing center Maps
SAN JOSE
LOS ANGELES
ASHBURN
MIAMI
LONDON
HONGKONG
SINGAPORE
AMSTERDAM
SAN FRANCISCO
GUANGZHOU
SHANGHAI
BEIJING
Scrubbing Center
FRANKFURT
LANGFANG TOKYO
Cloud Coordination Center
Scrubbing Center
Cloud Coordination Center
10+ Scrubbing Center 6 + Members Corporate with CCC
3 DateCenters ,in Europe/Asia/China
Coordinate with Member’s scrubbing center with Open API
Operated by Huawei
14
Cloud Mitigation Resources and Members
Member capacity Region percentage Mitigation Center
North America
Alliance Members 1.2T
USA 23.62%
• San Jose
• Miami
• Los Angeles • Ashburn
Europe 20.84% • London
Asia 31.92% • Singapore • Hong Kong
QSSEC 580G
China 19.09%
• Quanzhou
• Dongguan480
• Shenyang
• Luoyang
ChinaTelecom 500G
• Beijing
• Shanghai
• Guangzhou • Hong Kong
• Global Mitigation Capacity 2T+
15
Progress Of CMA
May June July August
China Telecom QSSec Huawei
GSM Meeting Tlf Communication O2 Communication CCSA to set up standard
September
Orange Meeting NA Partner trial China Unicom
Now…
Staminus NDA DoSarrest NDA Micron21 NDA
16
How to join CMA
Stage 1 - Join
Member joins CMA by signing a MOU with Huawei, which would allow member to
use CMA Brand and attend CMA’s routine workshops and seminars. Member
would obtain the global DDoS research achievements.
Stage 2 – Connect (Optional)
Member signs the formal contract with Huawei and its mitigation system technically
connects to CCC. Member mitigates outbound DDoS traffic and requests inbound
DDoS traffic mitigation service by communication with CCC. Huawei would make
settlement with member according to how much service member contributes and
obtains.
17
Huawei’s on-premise device features
Big Data Analytics High Performance Hardware Platform
All Traffic, Packet-by-
Packet Detection
Analysis Based on
60+ Traffic Models
60+
Full-Scale Reputation
System Fingerprint
Protection
1.44T
Service Processor
with 4 CPUs
10 X Linear Expansion
Capability
1.44T capability
Attack response time < 2s
8X industry
Copyright©2015 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without limitation, statements regarding the
future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could
cause actual results and developments to differ materially from those expressed or implied in the predictive statements.
Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei
may change the information at any time without notice.