corero network security first line of defense introduction © 2014 corero
TRANSCRIPT
Corero Network SecurityFirst Line of Defense Introduction
© 2014 Corero www.corero.com
DDoS attacks making headlines
© 2014 Corero www.corero.com
DDoS Attacks, 2013-2014Total Attack Bandwidth Gbps
Data shown represents the top ~2% of reported attacks
JUN 1 JUL 1 AUG 1 SEP 1 OCT 1 NOV 1 JAN 12014
FEB 1 APR 1 MAY 1MAR 1 JUN 1 JUL 1
100
200
300
400
DEC 42013
MAR 17 2014 JUNE 23 2014HONG KONG VOTING SITES
JUNE 21 2013
AUG 92013
DEC 1
MAR 29 2014DEC 31 2013MAJOR HOSTING
SITES
Source: Network Computing/Ponemon Institute
© 2014 Corero www.corero.com3
20% of data center downtime is caused by a DDoS attack86 minutes is an average of data
center downtime due to DDoS attacks
€8K per minute is the average cost of this downtime€700K per incident is the
average cost of a DDoS outage
Source: Digital Attack Map - DDoS attacks around the globe
Businesses need protection from the InternetWith a first line of defense that:
network/service outages by blocking attacks in real time
PREVENTS
the effective life of your existing
security investments
EXTENDS
insight into attacks and evolving threats
PROVIDES
customers can access online
services
ASSURES
© 2014 Corero www.corero.com4
5
Solution - Corero’s First Line of Defense
© 2013 Corero www.corero.com
Corero protects your IT infrastructure by removing broad based attacks
Attackers
Good Users
Router
IPS
SLB
WAF
Undesired Users & Services
AETs & Protocol Abuse
First Line of Defense
Efficient Firewalls
Effective IT Infrastructure
High Performing Applications
XX
XX
Customer Traffic
DDoS Attacks
Server Side Exploits
The hybrid approach
© 2014 Corero www.corero.com
Service Provider Defenses
L3-L4
AttackTraffic
AttackLeakage
GoodTraffic
Protected CriticalInfrastructure
Good Traffic
Attack Traffic
On-PremisesDefenses L3-L7
GoodTraffic
GoodUsers
AttackersN
Series1
Always on
Redirection Method
Attack Type
Size of Attack
Base Service
$
$$
$$$
$$$$
Cloud Service Pricing
30 Mins.
20Mins.
10 Mins.
Attack Begins
Attack Detected
Rerouted to Scrubbing
Center
Time to Reroute
Attack Detection to Prevention Process
What categories do I need to defend against?
THREAT LANDSCAPE
ATTACKS & TECHNIQUES
© 2014 Corero www.corero.com7
Network Level DDoS
SYN, TCP, UDP, ICMP Floods
Reflective Amplified DDoS
DNS, NTP, SNMP, QOTD Floods
Fragmented Packet DDoS
Overlapping, Missing, Too Many
Application Layer DDoS
Low and Slow, App Scripts
Specially Crafted Packet
Stack, Protocol, Buffer
Corero First Line of Defense
THREAT LANDSCAPE
CORERO FIRST LINE OF DEFENSE
ATTACKS & TECHNIQUES
Total System Failures
Escalating Costs
Critical Network Services
Productivity
Online Business Integrity
Lines of Business
Traditional Border Infrastructure
Investment
Other Security Technologies
Public Image
Network Level DDoS
Reflective Amplified DDoS
Fragmented Packet DDoS
Application Layer DDoS
Specially Crafted Packet
© 2014 Corero www.corero.com8
PROTECTION
SYN, TCP, UDP, ICMP Floods
DNS, NTP, SNMP, QOTD Floods
Overlapping, Missing, Too Many
Low and Slow, App Scripts
Stack, Protocol, Buffer
Existing security layers can’t handle the onslaught
Corero’s attack observations: Bandwidth Saturation Connection Saturation Spoofed Connections Reflections/Amplifications Fragments Partial Saturation
© 2014 Corero www.corero.com
Real concerns with partial saturation attacks They’re beyond small attacks exhausting a particular resource Worse than traditional attacks targeting infrastructure Designed to consume time, attention, resources, and storage Attacks are a diversion for much larger threats Enable persistent backdoors, planting malware, data exfiltration
© 2014 Corero www.corero.com
Expect password-guessing attacks on SSH, HTTPS, FTP, and others
11
Corero First Line of Defense Product Family
© 2014 Corero www.corero.com
SmartWall® Threat Defense System (TDS)
ADVANCED DDOS&CYBERTHREAT
TECHNOLOGY
NEW GENERATION ARCHITECTURE
COMPREHENSIVE ATTACK VISIBILITY &
NETWORK FORENSICS
KEY COMPONENTS
The Corero First Line of Defense Solution Includes:The Corero SmartWall TDSTech support, software maintenance, threat updatesSecureWatch server for 24x7 monitoring by Corero SOCMonitoring of system faults and security eventsAutomatic support case creation for incident escalationsAlerting/notification to customer within 1 business dayAccess to SecureWatch Analytics dashboards
Available Services (additional): SecureWatch PLUS Advance Hardware Replacement
Enterprises & Service/Hosting Providers
On Premises or Cloud deployments Protection in modular increments of 1-
10 Gbps In-line or scrubbing topologies
12
SmartWall TDS – Power in a Small Package
© 2014 Corero www.corero.com
Scalable Deployment Increments of 10 Gbps, 30M PPS
¼ rack width
Next Gen - First Line of Defense Modular Security Appliances (each 4 x 10Gb ports)
• Network Threat Defense (DDoS)• Network Forensics (PCAP)• Network Bypass (ZPB, TAP)
Corero Management Server• Single Management View
13 © 2014 Corero www.corero.com
1RU
Rack Width
Corero ManagementServer
10 Gbps Packet Flow(10 Gbps)
Packet Flow(10 Gbps)
Packet Flow(10 Gbps)10 Gbps
Service Providers(Internet)
1 RU
DataCenter
Network BypassAppliance Threat
DefenseAppliance
PacketCaptureStorage10 Gig (iSCSI)
NetworkForensicsAppliance
Internal side packet flowExternal side packet flow
Legend
CLIWeb UIREST API
SNMPSyslog
SmartWallMgmt VLAN
Connection: Bypass-Forensics-Threat Defense
Example 10G HA Deployment with Bypass
© 2014 Corero www.corero.com
Peers(Internet)
SERVICE PROVIDER
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
Packet Flow (10 Gbps)
OSPF or 802.1d (layer 2)
10 G
bps
10 G
bps
10 G
bps
10 G
bps
HOSTING PROVIDERS & DATA CENTERS
Internal side packet flow
External side packet flow
Legend
NB = Network BypassNTD = Network Threat Defense
NB NTD NB NTD
• Central Management
• Splunk Analytics/ Reporting
Server
19
SmartWall – Solution Architecture
© 2014 Corero www.corero.com16
ANALYTICS AND REPORTING ENGINE
AUTOMATION ANDPROVISIONINGSYSTEM
DO-NO-HARMDETECTION AND PROTECTION
TECHNOLOGYPARTNERS
Threat Defense Appliance
n x 1/10G
Automated ProvisioningREST API - CLI
CoreroCMS
Web User InterfaceBrowser
Corero CMS
Event and Alert ReportingSyslog - SNMP
Management
Unified
Real-time Alerting, Historical Reporting, Behavioral Analysis
1G/10GN1G/ 10G
Advanced DDoS/Cyber Threat Protection
Comprehensive Visibility
© 2014 Corero www.corero.com17
Next Generation Architecture
Next Generation ArchitectureIndustry Leading DDoS Protection and Performance
NFV/SDN AND CLOUD READY
MODULAR AND SCALABLE
AUTOMATED PROVISIONING
PURPOSE-BUILT MULTI-CORE PLATFORM
DO-NO-HARM PROTECTION
© 2014 Corero www.corero.com18
Advanced DDoS/Cyber Threat Protection
Inspect / Analyze /Respond / Mitigate
Multiple Protection Groups
IP Reputation /Whitelists / Blacklists
Configurable Rate Limits
FLEXIBLEPOLICY CONTROLS
Do No Harm Philosophy Volumetric DDoS attack
mitigation Reflective / Amplification
DDoS attack mitigation Application Layer DDoS
attack mitigation
PRECISEENFORCEMENT
Protect firewalls, IPSs, routers, switches, servers
Bandwidth Optimization Service Availability
/Optimization
INFRASTRUCTURE PROTECTION
© 2014 Corero www.corero.com19
Comprehensive Visibility
© 2014 Corero www.corero.com20
REAL-TIME SECURITY EVENT VISUALIZATION
ARCHIVED EVENT & PACKET CAPTURE
ANALYTICS, REPORTING AND FORENSICS
ADVANCED SYSLOG EVENT DATA
BUILT-IN REPORTS & CUSTOM QUERY
CAPABILITIES
Comprehensive Visibility and Analytics using the Corero SmartWall
SecurityEvents
ThreatIntelligence
System HealthData
ForensicsData
NetworkStatistics
Powered by
Corero First Line of Defense®
VALUABLE RAW DATA
ACTIONABLE SECURITY ANALYTICS & VISUALIZATION
Real-time Dashboards
Historical Reporting Forensic AnalysisBehavioral Analysis
Virtual SOC Portal
Powerful Analytics Engine
© 2014 Corero www.corero.com
10:00 PM
21
Network & Security Level Visibility Provide complete traffic visibility
• Bandwidth• Flows & Setups• Packets• Security Events
Monitor all connections• Monitor all requests• Block all unwanted traffic• Allow all good traffic
© 2015 Corero www.corero.com22
Network & Security Level Visibility
INSTANTANEOUS attack VISIBILITY and HISTORICAL view into your environment
© 2015 Corero www.corero.com23
Provide in-depth security information• Bandwidth• Blocked clients• Targeted Servers & Ports• Log all security policy
violations• Record attack traffic – PCAP• Gather attack intelligence
Who is Corero Network Security?
Corero products and services PROTECT AND OPTIMIZE your critical infrastructure and online services
HQBoston, MA, USAPublicly traded CNS:LNSales through channelsEMEA sales office in F, D, CH, UK, Spain
500+active customers across many verticals world-wide E-commerce, Finance, Admin, Hosting, ISP, Insurance, etc.
First Line of Defense® against DDoS attacks and cyber threats
ENTERPRISESERVICE PROVIDERSHOSTING PROVIDERS & DATA CENTERS
© 2014 Corero www.corero.com24
First Line of Defense Applications
© 2014 Corero www.corero.com18
In the CloudService providers, IT hosting and Cloud providers
On Premises Enterprises – financial services, e-commerce providers,
gaming, education
SP
Internet
Protected CriticalInfrastructure and Services
SLB/ADC
IPS/APT
WAF
Peering Points
DDOS Cloud
Service
DDOS Protection
Hosting
On Premise
Integration with the Provider’s Customer Portal
Corero Secure Operations Center CORERO SOC CAN REMOTELY ASSIST THE PROVIDER Provider
PROVIDERS CAN PROVISION AND CUSTOMIZE DASHBOARDS PER CUSTOMER
Provider’s CustomerCUSTOMERS CAN VIEW DASHBOARDS OF THEIR OWN DATA
DASHBOARD 3 Dashboard 6
DASHBOARD 1 DASHBOARD 2
DASHBOARD 4
DASHBOARD 5
DASHBOARD 6
Corero Management Server &Splunk Enabled Analytics App
Customer A Customer C
© 2014 Corero www.corero.com26
Customer BProviders get a single point of provisioning and analytics reporting.
Corero’s Analytics Splunk app can integrate with provider’s customer portal for customer accessible reporting.
First Line of DefenseST
RATE
GIC
OPE
RATI
ON
AL
TECHNOLOGY BUSINESS
Infrastructure OptimizationBroad protection at all layers protects critical infrastructure & optimizes its performance.
Actionable IntelligenceReal-time visibility and historical analysis provide actionable intelligence so you can not only stop threats today but also be better prepared for the future.
Operational Uptime Service availability protects business integrity, increases productivity, and reduces costs.
Extensible PlatformModular and scalable architecture makes your DDoS protection investment timeless. And it evolves with industry trends (NFV/SDN) so you can utilize off-the shelf hardware that best fits your needs.
© 2014 Corero www.corero.com27
© 2014 Corero www.corero.com28
Arrange for a proof of conceptLearn more at: www.corero.com
Adrian BisazVP of Sales [email protected]+41 79 540 2420
NEXT STEPS