ddos and your new attack surface -...

DDoS and Your New Attack Surface

© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.

DDoS And Your New Digital Attack SurfaceGuest Speaker:Joseph Blankenship, Senior Analyst

May 22, 2017

We work with business and technology leaders to develop customer-obsessed strategies that drive growth.

4© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.


The Dynamic Between Businesses And Customers Empowered By Technology Has Changed Fundamentally

?

Customer forced to move towards business to

participate in its process

Business forced to move towards customer to participate

in their journey

© 2017 Forrester Research, Inc. Reproduction Prohibited

Customers are changing their behaviors faster than organizations can evolve their business models, business processes, and technology.


Digital transformation closes the gap: It’s a fundamental shift in how a firm delivers value and drives revenue.


Source: Business Technographics® Business and Technology Services Survey, 2017, Base: 2810

55% of firms are undergoing a digital transformation.


Digital operationsReconceive products and capabilities to deliver better outcomes.

Digital experienceDeliver experiences that are easy, effective, and emotional.

Digital ecosystemsBuild platforms and partnerships to accelerate and scale.

Digital innovationContinuously improve and break through at the digital frontier.


Digitally Transforming The Service CallPart

Malfunctions(System Offline)

Customer Calls Service

Service Dept.Schedules

Appointment

Technician Arrives

Diagnose Problem

Determine Needed Part

Parts Clerk Orders Part

Part Arrives At Service Center

Call To Schedule Follow-Up

Technician Scheduled

Technician Installs Parts

System Back Online


Digitally Transforming The Service CallIoT Sensor

Detects Malfunction

Part Automatically

OrderedService Order

Created

Technician Performs Remote

Diagnostic

Client Notified By TextPart ArrivesTechnician

DispatchedClient Notified

By Text

Technician Installs Part

(System Offline)

System Back Online


Environments Are Instrumented Differently

Source: Forrester Research “Cloud Service Provider Categories Are Shifting: Here's Your Guide” report


Continuous Everything Is The New Goal

Build

Measure

Learn Continuous Delivery

Continuous Development

Continuous Security

Digital Business & Network Traffic Intelligence

All contents © Kentik Inc. 16

Who is Kentik?• HQ: San Francisco

• Founded: 2014

• Customers: 100+

• Founders: Akamai, Netflix, YouTube

Ingesting 125B+ network data records per day

Kentik provides a SaaS and Big Data platform for network traffic intelligence and DDoS defense


Digital Business Means Network-Based Dependencies on…

• All the sub-systems and services that power your digital transformation!

• The Internet: to reach customers & cloud resources (IaaS/PaaS/SaaS)

• East-west inter-service traffic from disaggregated apps

• Foundational or value-added API services:• DNS, Payments, Maps

• Comms, Messaging, Social Media

• Martech, Catalogs


Digital Business & Network Traffic Intelligence

The network doesn’t just serve the business, it sees the business.

The traffic data you already have can give you the actionable intelligence you really need.

Traffic flow data (NetFlow, sFlow, IPFIX)

Plus BGP routing, performance, http, DNS, geolocation and beyond

Internal & Internet

Scalable

High-resolution

Usable for all teams

Real-time & Historical

Open & Easy

06 01

02

0304

05

What’s Needed

Network Traffic Intelligence:Modern NPM with real-time BI


Modern, Big Data-Powered Architecture

DATA FUSION

DecoderModules

MemTable

sNetFlow v5

NetFlow v9

IPFIX

BGP RIB

Custom Tags

SNMP Poller

BGP Daemons

Enrichment DB

DATA FUSION

Geo ←→ IP

ASN ←→ IP

SFlow

NETWORKINFRASTRUCTURE

NETWORK-SAVVY DATASTORE

Single flowfused row

sent to storage

PCAP

PCAPagent

proxy


Modern Network Traffic Intelligence – More Than Just Defense

Anomaly Detection

Planning and Peering

Traffic Engineering

DDoS DefensePerformanceManagement

ThreatDetection

InnovationNetwork Forensics

Business Analytics


Your Digital Attack Surface


Digital Businesses Have A Broader Attack Surface

› New device types offer new vulnerabilities• IoT• Mobile

› Digital businesses are largely cloud dependent• SaaS vendors

› Web-enabled apps must be protected• Everything is internet facing


Security Pros Concerned About Resiliency Of Customer Facing Systems

Base: 2,586 North American and European security decision-makers (20+ employees)Source: Forrester’s Global Business Technographics Security Survey, 2016

34%35%

37%37%

38%39%40%41%41%

42%42%

Failure to capitalize on big data initiativesFailure to capitalize on technology innovation

Disturbance in business operations due to a catastrophic eventSecurity attack originating from foreign governments

Issues arising from using and leveraging social media channels …Inability to properly identify, measure, and track risk

Employee use of personal and cloud technologySecurity attack originating from non-state actors

Increasing regulatory pressures IT outage impacting customer-facing systems

Customer concerns over privacy issues

Please rate your concern for each source of information risk and the potential impact they could have on your organization.


Customers expect your business to be available no matter what the disruption.


Businesses are dependent on technology to serve customers and data to make decisions.


Do You Know Your Dependencies?

Source: BMC, The Backbone to Digital Service Management


What Happens Upstream Has Downstream Impacts


Recent Disruptions Caused Downstream Outages

› Dyn attack• Massive DDoS attack against

DNS provider, Dyn caused downstream outages

• Twitter, Okta, PagerDuty and many other cloud applications were unavailable

› S3 outage• While not an attack, an error

caused an outage for The Amazon Simple Storage Service (S3)

• Sites like Airbnb, Netflix, Pinterest, Slack and Spotify were affected

Source: www.wsj.com/articles/denial-of-service-web-attack-affects-amazon-twitter-others-1477056080losangeles.cbslocal.com/2017/02/28/the-far-reaching-effect-of-the-amazon-s3-outage/


DDoS Attacks Increasing Year Over Year

27%

20%

11%

201620152014

How was the external attack carried out?DDoS

Base: Enterprise network security decision-makers whose firms had an external security breach in the past 12 months (1000+ employees)Source: Forrester’s Global Business Technographics Security Survey, 2016

N=192 N=165 N=152


DDoS Attacker Motivations› Hacktivists

• Driven by political and ideological goals

› Ransom• Holding companies hostage and demanding money to stop attack

› Diversionary attack• Using DDoS as a smoke screen to steal data or commit fraud

› Competitive• Paying an attacker to DDoS a business competitor

› Politically motivated• Attempting to influence a political outcome or make a point

Source: Forrester’s Develop A Two-Phased DDoS Mitigation Strategy report

Understanding Your Cloud & Internet Service Dependencies


Understanding is Key to Proper Defense

• You can’t defend what you can’t understand

• Key: develop a strong grip on what your cloud & internet service dependencies are

• What do they “look like”?

• Big data network traffic intelligence can help.


Understanding Your Traffic to/from the Internet


East-West Traffic AnalyticsSource IPs

IngressInterfaces

Device

EgressInterfaces

Dest IPs


HTTP User Agents


DNS Return Code by PPS


An Anomalous Set of DNS Traffic…


Recommendations


Know Your Digital Attack Surface

› Map your application dependencies

› Understand third party risk

› Build contingency plans


Protect Against DDoS Attacks

› Adopt a two-phased DDoS mitigation strategy

• Downstream mitigation delivers defense at point of attack

› Upstream mitigation provides protection closer to the attacker, before traffic reaches your network

Source: Forrester’s Develop A Two-Phased DDoS Mitigation Strategy report


Add DDoS To Your Incident Response Plan

› You don’t want to be developing your IR plan during an incident• Build a plan• Test the plan• Evaluate and update the plan regularly

Image source: https://flic.kr/p/df1bK6


Plan For Potential Service Disruptions

› The Dyn DNS attack showed that the company behind the company can impact your enterprise

• Ask vendors and partners your business relies on about their DDoS mitigation strategy


Wrap-Up

› Businesses are undergoing digital transformation• Customers demand always-on services

› Service disruptions have a material impact on business• DDoS attacks and other disruptions are a risk

› Disruptions of upstream applications and providers have impacts downstream

• The target company or application may not be the only victim

› Knowing your digital attack surface and dependencies• Plan for and protect against DDoS attacks

FORRESTER.COM

Thank you© 2017 F O RRE S T E R. RE P RO DUCT I O N P RO HI B I T E D.

Joseph Blankenshipwww.forrester.com/Joseph-Blankenship

@infosec_jb

Modern DDoS Defense with Big Data Analytics


ConfigMgmt Visibility

DDoS Detection Mitigation

Key Elements of Modern DDoS Defense




Key Elements: Configuration Management

• Set up and manage configurations and policies with the least possible manual upkeep needed

• Kentik makes this easy with intelligent and adaptive baselining




Key Elements: Customer Portal

• Rich, ad-hoc forensics• Easy way to jump from

alerts to dashboards

• Access all info and functionality thru open, RESTful API to tie into SIEMs




Key Elements: DDoS Detection

• Intelligent baselining and detection• Individual host IPs• Network-wide data• Multi-dimension criteria• Auto-adaptive sets

• Detect inbound, outbound, and cross-bound attacks

• Continuously expanding data set to support future service enrichment

• Field-measured accuracy advantage over traditional appliances




Key Elements: Mitigation

• Powerful bi-directional integrations with leading mitigation devices and cloud services

• A10, Radware• Tiered thresholds / alerts

• Superior accuracy powers full automation, lowering cost of defense


Detection Accuracy: PenTeleData Case Study

SituationLeading provider of voice, video, data and Internet services in New Jersey and Pennsylvania

ChallengeToo many false negatives and service disruptions with legacy DDoS defense solution

Solution Kentik Detect paired with RadwareDefense Pro

Results • 30% greater DDoS defense accuracy• Greater overall network visibility

Brian MengelBrian MengelCTO @ PenTeleData

“Kentik is a game-changer for network operations. Since deploying Kentik’s big data-based detection and automated triggering of our Radware mitigation platform in May of this year, we have seen an over 30 percent improvement in catching and stopping DDoS attacks.”


Detection Accuracy: PenTeleData Case Study

SituationLeading provider of voice, video, data and Internet services in New Jersey and Pennsylvania

ChallengeToo many false negatives and service disruptions with legacy DDoS defense solution

Solution Kentik Detect paired with RadwareDefense Pro

Results • 30% greater DDoS defense accuracy• Greater overall network visibility

Brian MengelBrian MengelCTO @ PenTeleData

“Kentik Detect has become a trusted source of visibility for our teams, and makes it much easier to do our job, which at the end of the day is to deliver excellent service.”


Key Take-Aways

• Digital business requires awareness and defense of all your cloud and Internet service dependencies, not just your website

• Modern DDoS defense involves:• Data-driven approach

• Rich visibility and forensics

• Granular DDoS detection

• Automation

• Kentik is the big data network traffic intelligence platform for visibility and DDoS defense


Thank you and Resources

• A link to a recording of this webinar will be sent out to attendees and registrants

• To get more information about Kentik, please visit www.kentik.com

• If you know you want to start experiencing the power of big data network traffic intelligence and DDoS protection:

• Start a free trial or

• Request a demo on our website or by emailing [email protected]

kentik.com

Thank You

ddos and your new attack surface -...

Documents