ddos and your new attack surface -...
TRANSCRIPT
© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
DDoS And Your New Digital Attack SurfaceGuest Speaker:Joseph Blankenship, Senior Analyst
May 22, 2017
We work with business and technology leaders to develop customer-obsessed strategies that drive growth.
4© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
5© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
The Dynamic Between Businesses And Customers Empowered By Technology Has Changed Fundamentally
?
Customer forced to move towards business to
participate in its process
Business forced to move towards customer to participate
in their journey
© 2017 Forrester Research, Inc. Reproduction Prohibited
Customers are changing their behaviors faster than organizations can evolve their business models, business processes, and technology.
© 2017 Forrester Research, Inc. Reproduction Prohibited
Digital transformation closes the gap: It’s a fundamental shift in how a firm delivers value and drives revenue.
© 2017 Forrester Research, Inc. Reproduction Prohibited
Source: Business Technographics® Business and Technology Services Survey, 2017, Base: 2810
55% of firms are undergoing a digital transformation.
© 2017 Forrester Research, Inc. Reproduction Prohibited
Digital operationsReconceive products and capabilities to deliver better outcomes.
Digital experienceDeliver experiences that are easy, effective, and emotional.
Digital ecosystemsBuild platforms and partnerships to accelerate and scale.
Digital innovationContinuously improve and break through at the digital frontier.
11© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Digitally Transforming The Service CallPart
Malfunctions(System Offline)
Customer Calls Service
Service Dept.Schedules
Appointment
Technician Arrives
Diagnose Problem
Determine Needed Part
Parts Clerk Orders Part
Part Arrives At Service Center
Call To Schedule Follow-Up
Technician Scheduled
Technician Installs Parts
System Back Online
12© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Digitally Transforming The Service CallIoT Sensor
Detects Malfunction
Part Automatically
OrderedService Order
Created
Technician Performs Remote
Diagnostic
Client Notified By TextPart ArrivesTechnician
DispatchedClient Notified
By Text
Technician Installs Part
(System Offline)
System Back Online
13© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Environments Are Instrumented Differently
Source: Forrester Research “Cloud Service Provider Categories Are Shifting: Here's Your Guide” report
14© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Continuous Everything Is The New Goal
Build
Measure
Learn Continuous Delivery
Continuous Development
Continuous Security
All contents © Kentik Inc. 16
Who is Kentik?• HQ: San Francisco
• Founded: 2014
• Customers: 100+
• Founders: Akamai, Netflix, YouTube
Ingesting 125B+ network data records per day
Kentik provides a SaaS and Big Data platform for network traffic intelligence and DDoS defense
All contents © Kentik Inc. 17
Digital Business Means Network-Based Dependencies on…
• All the sub-systems and services that power your digital transformation!
• The Internet: to reach customers & cloud resources (IaaS/PaaS/SaaS)
• East-west inter-service traffic from disaggregated apps
• Foundational or value-added API services:• DNS, Payments, Maps
• Comms, Messaging, Social Media
• Martech, Catalogs
All contents © Kentik Inc. 18
Digital Business & Network Traffic Intelligence
The network doesn’t just serve the business, it sees the business.
The traffic data you already have can give you the actionable intelligence you really need.
Traffic flow data (NetFlow, sFlow, IPFIX)
Plus BGP routing, performance, http, DNS, geolocation and beyond
Internal & Internet
Scalable
High-resolution
Usable for all teams
Real-time & Historical
Open & Easy
06 01
02
0304
05
What’s Needed
Network Traffic Intelligence:Modern NPM with real-time BI
All contents © Kentik Inc. 19
Modern, Big Data-Powered Architecture
DATA FUSION
DecoderModules
MemTable
sNetFlow v5
NetFlow v9
IPFIX
BGP RIB
Custom Tags
SNMP Poller
BGP Daemons
Enrichment DB
DATA FUSION
Geo ←→ IP
ASN ←→ IP
SFlow
NETWORKINFRASTRUCTURE
NETWORK-SAVVY DATASTORE
Single flowfused row
sent to storage
PCAP
PCAPagent
proxy
All contents © Kentik Inc. 20
Modern Network Traffic Intelligence – More Than Just Defense
Anomaly Detection
Planning and Peering
Traffic Engineering
DDoS DefensePerformanceManagement
ThreatDetection
InnovationNetwork Forensics
Business Analytics
22© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Digital Businesses Have A Broader Attack Surface
› New device types offer new vulnerabilities• IoT• Mobile
› Digital businesses are largely cloud dependent• SaaS vendors
› Web-enabled apps must be protected• Everything is internet facing
23© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Security Pros Concerned About Resiliency Of Customer Facing Systems
Base: 2,586 North American and European security decision-makers (20+ employees)Source: Forrester’s Global Business Technographics Security Survey, 2016
34%35%
37%37%
38%39%40%41%41%
42%42%
Failure to capitalize on big data initiativesFailure to capitalize on technology innovation
Disturbance in business operations due to a catastrophic eventSecurity attack originating from foreign governments
Issues arising from using and leveraging social media channels …Inability to properly identify, measure, and track risk
Employee use of personal and cloud technologySecurity attack originating from non-state actors
Increasing regulatory pressures IT outage impacting customer-facing systems
Customer concerns over privacy issues
Please rate your concern for each source of information risk and the potential impact they could have on your organization.
© 2017 Forrester Research, Inc. Reproduction Prohibited
Customers expect your business to be available no matter what the disruption.
© 2017 Forrester Research, Inc. Reproduction Prohibited
Businesses are dependent on technology to serve customers and data to make decisions.
26© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Do You Know Your Dependencies?
Source: BMC, The Backbone to Digital Service Management
27© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
What Happens Upstream Has Downstream Impacts
28© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Recent Disruptions Caused Downstream Outages
› Dyn attack• Massive DDoS attack against
DNS provider, Dyn caused downstream outages
• Twitter, Okta, PagerDuty and many other cloud applications were unavailable
› S3 outage• While not an attack, an error
caused an outage for The Amazon Simple Storage Service (S3)
• Sites like Airbnb, Netflix, Pinterest, Slack and Spotify were affected
Source: www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080losangeles.cbslocal.com/2017/02/28/the-far-reaching-effect-of-the-amazon-s3-outage/
29© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
DDoS Attacks Increasing Year Over Year
27%
20%
11%
201620152014
How was the external attack carried out?DDoS
Base: Enterprise network security decision-makers whose firms had an external security breach in the past 12 months (1000+ employees)Source: Forrester’s Global Business Technographics Security Survey, 2016
N=192 N=165 N=152
30© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
DDoS Attacker Motivations› Hacktivists
• Driven by political and ideological goals
› Ransom• Holding companies hostage and demanding money to stop attack
› Diversionary attack• Using DDoS as a smoke screen to steal data or commit fraud
› Competitive• Paying an attacker to DDoS a business competitor
› Politically motivated• Attempting to influence a political outcome or make a point
Source: Forrester’s Develop A Two-Phased DDoS Mitigation Strategy report
All contents © Kentik Inc. 32
Understanding is Key to Proper Defense
• You can’t defend what you can’t understand
• Key: develop a strong grip on what your cloud & internet service dependencies are
• What do they “look like”?
• Big data network traffic intelligence can help.
All contents © Kentik Inc. 34
East-West Traffic AnalyticsSource IPs
IngressInterfaces
Device
EgressInterfaces
Dest IPs
39© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Know Your Digital Attack Surface
› Map your application dependencies
› Understand third party risk
› Build contingency plans
40© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Protect Against DDoS Attacks
› Adopt a two-phased DDoS mitigation strategy
• Downstream mitigation delivers defense at point of attack
› Upstream mitigation provides protection closer to the attacker, before traffic reaches your network
Source: Forrester’s Develop A Two-Phased DDoS Mitigation Strategy report
41© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Add DDoS To Your Incident Response Plan
› You don’t want to be developing your IR plan during an incident• Build a plan• Test the plan• Evaluate and update the plan regularly
Image source: https://flic.kr/p/df1bK6
42© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Plan For Potential Service Disruptions
› The Dyn DNS attack showed that the company behind the company can impact your enterprise
• Ask vendors and partners your business relies on about their DDoS mitigation strategy
43© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Wrap-Up
› Businesses are undergoing digital transformation• Customers demand always-on services
› Service disruptions have a material impact on business• DDoS attacks and other disruptions are a risk
› Disruptions of upstream applications and providers have impacts downstream
• The target company or application may not be the only victim
› Knowing your digital attack surface and dependencies• Plan for and protect against DDoS attacks
FORRESTER.COM
Thank you© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.
Joseph Blankenshipwww.forrester.com/Joseph-Blankenship
@infosec_jb
All contents © Kentik Inc. 46
ConfigMgmt Visibility
DDoS Detection Mitigation
Key Elements of Modern DDoS Defense
All contents © Kentik Inc. 47
ConfigMgmt Visibility
DDoS Detection Mitigation
Key Elements: Configuration Management
• Set up and manage configurations and policies with the least possible manual upkeep needed
• Kentik makes this easy with intelligent and adaptive baselining
All contents © Kentik Inc. 48
ConfigMgmt Visibility
DDoS Detection Mitigation
Key Elements: Customer Portal
• Rich, ad-hoc forensics• Easy way to jump from
alerts to dashboards
• Access all info and functionality thru open, RESTful API to tie into SIEMs
All contents © Kentik Inc. 49
ConfigMgmt Visibility
DDoS Detection Mitigation
Key Elements: DDoS Detection
• Intelligent baselining and detection• Individual host IPs• Network-wide data• Multi-dimension criteria• Auto-adaptive sets
• Detect inbound, outbound, and cross-bound attacks
• Continuously expanding data set to support future service enrichment
• Field-measured accuracy advantage over traditional appliances
All contents © Kentik Inc. 50
ConfigMgmt Visibility
DDoS Detection Mitigation
Key Elements: Mitigation
• Powerful bi-directional integrations with leading mitigation devices and cloud services
• A10, Radware• Tiered thresholds / alerts
• Superior accuracy powers full automation, lowering cost of defense
All contents © Kentik Inc. 51
Detection Accuracy: PenTeleData Case Study
SituationLeading provider of voice, video, data and Internet services in New Jersey and Pennsylvania
ChallengeToo many false negatives and service disruptions with legacy DDoS defense solution
Solution Kentik Detect paired with RadwareDefense Pro
Results • 30% greater DDoS defense accuracy• Greater overall network visibility
Brian MengelBrian MengelCTO @ PenTeleData
“Kentik is a game-changer for network operations. Since deploying Kentik’s big data-based detection and automated triggering of our Radware mitigation platform in May of this year, we have seen an over 30 percent improvement in catching and stopping DDoS attacks.”
All contents © Kentik Inc. 52
Detection Accuracy: PenTeleData Case Study
SituationLeading provider of voice, video, data and Internet services in New Jersey and Pennsylvania
ChallengeToo many false negatives and service disruptions with legacy DDoS defense solution
Solution Kentik Detect paired with RadwareDefense Pro
Results • 30% greater DDoS defense accuracy• Greater overall network visibility
Brian MengelBrian MengelCTO @ PenTeleData
“Kentik Detect has become a trusted source of visibility for our teams, and makes it much easier to do our job, which at the end of the day is to deliver excellent service.”
All contents © Kentik Inc. 53
Key Take-Aways
• Digital business requires awareness and defense of all your cloud and Internet service dependencies, not just your website
• Modern DDoS defense involves:• Data-driven approach
• Rich visibility and forensics
• Granular DDoS detection
• Automation
• Kentik is the big data network traffic intelligence platform for visibility and DDoS defense
All contents © Kentik Inc. 54
Thank you and Resources
• A link to a recording of this webinar will be sent out to attendees and registrants
• To get more information about Kentik, please visit www.kentik.com
• If you know you want to start experiencing the power of big data network traffic intelligence and DDoS protection:
• Start a free trial or
• Request a demo on our website or by emailing [email protected]