nas nie zaatakują!

Arbor Networks Poland. 3rd October 2013

Simon Cartwright Director of Security Services !

Agenda

•  Who is Arbor ? •  What is DDoS •  Evolu3on of DDoS •  Trends in DDoS •  A9ack Traffic Details Poland •  Protec3on Op3ons •  The Enterprise Ques3on •  Visibility & Control •  Ne3a/Arbor/NCR Partnership •  Ques3ons. At Booth

4

Arbor - a Trusted & Proven Vendor Securing the World’s Largest and Most Demanding Networks

90% Percentage of world’s Tier 1 service providers who are Arbor customers 107

Number of countries with Arbor products deployed

47.1 Tbps

Amount of global traffic monitored by the ATLAS security intelligence ini3a3ve right now – 25% of global Internet traffic!

#1

Arbor market posi3on in Carrier, Enterprise and Mobile DDoS equipment market segments – 61% of total market [Infone3cs Research Dec 2011]

Number of years Arbor has been delivering innova3ve security and network visibility technologies & products

13

$16B

2011 GAAP revenues [USD] of Danaher – Arbor’s parent company providing deep financial backing

Arbor’s proud history of productizing innovation in distributed networks.#

Arbor is the mosttrusted and widelydeployed solution forDDoS & Botnets.#

Arbor sees more global traffic and threats than anyone else on the planet."

Only Arbor has a fully integrated solution to quickly detect & stop advanced threats."

•  Honored as a top 10 global innovations#•  Key patents in networking & security.#

•  Analyzing over 48TB of data per second#•  Monitoring over 110K malware families#

•  Integrated to detect & stop threats anywhere#•  See beyond the network through ATLAS#

•  Over 90% of the world’s Tier 1 ISPs#•  9 of the top 10 largest business networks#

Arbor Networks Overview

Threat Landscape Era’s

Network Protocol Content Advanced

Threats 1999-‐2005 2006-‐2010 2010-‐Today

§  Synflood (Trinoo/TFN) §  Code Red §  Slammer §  Zotob §  Conficker (2008)

§  Web Browser §  Web Applications §  Doc/PDF/etc. §  Flash/Shockwave §  Java

§  Aurora §  Operation Payback §  Stuxnet/Flame/Duqu §  APT §  Cyber Warfare

During a Distributed Denial of Service (DDoS) attack, compromised hosts or bots coming from distributed sources

overwhelm the target with illegitimate traffic so that the servers can not respond to legitimate clients.

What is a DDoS Attack?

7

DDoS

The DDoS weapon of choice for Anonymous activists LOIC, was downloaded from the internet 1.167.305 times during 2011/12(sourceforge.net)

DDoS Motivations

9

Everyone is a Target

10

DDoS Devastating Costs

11 *Neustar Insights DDoS Survey: Q1 2012

The impact of loss of service availability goes beyond financials:

Opera@ons Help Desk Recovery Employee Output

Penal@es Lost Business Brand &

Reputa@on Damage

11

35% of those a9acked said it lasted

More than a day 67%

of retailers said outages cost

$100,000 per hour 21%

overall said outages cost

$50,000 per hour

Today’s Attacks are More Frequent

12

Today’s Attacks

13

2012 2013 (so far….)

Number of A9acks 713 986

Average Dura3on 38mins 37secs 29mins 50secs

Longest A9ack 1day 16hrs 07secs 1day 4hrs 45mins 58secs

Volu

met

ric

DDoS"

Bots & Botnets"

Mobile

Malw

are"

Availability# Confidentiality#IMPACT"

THREAT SPECTRUM"

The Next Generation of Threats

Netia’s Unique Threat Ecosystem

16

The ecosystem between smart providers & enterprises to offer comprehensive protec3on from ac3ve threats

Enterprise Networks Netia

D

Enterprise data center services are now fully available and secure from advanced threats!

Diverse end-points are accessing your network from anywhere."

Your assets are distributed everywhere."

Corporate Offices"

Broadband"Mobile"

Content" Corporate Servers &

Applications"

SaaS"A Global, Hybrid infrastructure"

Private Network"

Public Clouds"

Internet"

The Global Network is Your Business

CDNs"

Mobile Carriers"

Service Providers"

SaaS"

Cloud Providers"

Enterprise Perimeter" Mobile

WiFi"

Employees"

Corporate Servers"

Remote Offices"

InternalApps"

Never see the externalthreat traffic"

Can’twithstand a direct attack"

Never see the threat already

inside enterprise "

Existing Solutions Have Critical Gaps

Cloud"Pravail"

Availability Protection System"Pravail"

Network Security Intelligence"

See and stop the threat anywhere#

Stop the threat#

See the threat lurking inside the enterprise#

CDNs"

Mobile Carriers"

Service Providers"

SaaS"

Cloud Providers"

Enterprise Perimeter" Mobile

WiFi"

Employees"

Corporate Servers"

Remote Offices"

Threat Dashboard"

Netia’s Solution Bridges the Gaps

InternalApps"

Users

An@-‐Virus

IDS/IPS

NAC Firewall

Secure Trust Perimeter

Mobile Users

Malware BYOD

Internet

Mobile Users

Secure Trust Perimeter

Insider Misuse

Home Office(s)

Cloud Services VPN

Malware

Advanced Threats: From Outside AND Inside

Network boundaries are harder to define –  Cloud based data and applications –  Employee mobility / BYOD –  Home Working

Threats are harder to keep out –  Targeted threats –  Walk-in threats (on portable devices) –  Malicious insider

Challenge: Control & Security of business data, applications and services as businesses evolve.

Data Center

Attack Mitigation. In Poland

CP

TMS


1. Detect (Network wide: CP using Flow)

CP

TMS



2. Activate Mitigation (TMS)

CP

TMS




3. Divert Traffic (Network wide: BGP OFF-Ramp announcement)

CP

TMS




4. Clean the Traffic and forward the legitimate (Network wide: using ON-Ramp Technique [e.g. MPLS, GRE, VLAN, …])

5. Protected

3. Divert Traffic (Network wide: BGP OFF-Ramp announcement)

CP

TMS

Thank You Questions?

nas nie zaatakują!

Technology

attack mitigation

global network

mitigation tms cp tms

poland cp tms

stop threats

flow cp tms

arbor networks poland

traffic network wide