tierpoint webinar: multi-vector ddos attacks: detection and mitigation_jan2016
TRANSCRIPT
Key Reasons for Cyber Attacks
Source: Hackmagedden Source: Hackmagedden
4 months later …December 2014
DoS/DDoS Attacks New Cyber Weapon of Choice
Cyber Attack Sophistication Is Increasing
• Lower bandwidth attacks occur morefrequently, last longer, evade detection
- Overwhelm servers, take down site• Multi-vector campaigns
- Booter services- Dark DDoS attacks (smokescreens)
- Distract victims, other attacks infiltratecorporate networks
- DDoS-as-a-Service business model- Botnets for hire, $6/month
Cyber Attack Sophistication Is Increasing
• Lower bandwidth attacks occur morefrequently, last longer, evade detection
- Overwhelm servers, take down site• Multi-vector campaigns
- Booter services- Dark DDoS attacks (smokescreens)
- Distract victims, other attacks infiltratecorporate networks
- DDoS-as-a-Service business model- Botnets for hire, $6/month
Source: AkamaiSource: AkamaiSource: Imperva
The Industry Hit List
Drivers: the rise of the Internet of Things,web vulnerabilities and botnet building
Choice Targets
• Competitive industries, e.g. gaming• SaaS platforms, e.g. healthcare data• Multi-tenant platforms: attacks on one
tenant impact all other tenants
Drivers: the rise of the Internet of Things,web vulnerabilities and botnet building
Choice Targets
• Competitive industries, e.g. gaming• SaaS platforms, e.g. healthcare data• Multi-tenant platforms: attacks on one
tenant impact all other tenants Source: Akamai
20% of DDoS attacks last over 5 daysThe longest attack in 2015 lasted 64 days
Lightening Often Strikes More Than Twice
50% of North American and Europeancompanies have been attacked
• 83% of companies attacked repeatedly• Star Trek Online (STO) – 3 times, Sept ‘15• Neverwinter Online – 3 times, Sept ‘15
• 54% attacked 6+ times annually• Rutgers Univ – 6 times in 2015
• 25% experienced theft of data or funds• U.S. FTC has reached settlements with 50+
companies over poor data security practices
50% of North American and Europeancompanies have been attacked
• 83% of companies attacked repeatedly• Star Trek Online (STO) – 3 times, Sept ‘15• Neverwinter Online – 3 times, Sept ‘15
• 54% attacked 6+ times annually• Rutgers Univ – 6 times in 2015
• 25% experienced theft of data or funds• U.S. FTC has reached settlements with 50+
companies over poor data security practices
Source: Akamai
Losses greater than 30,000 records
Source: Neustar and The Ponemon Institute
Where Are the Attacks Taking Place?
The 7 Layers of the OSI Model
Session attacks typically defeatconventional firewalls
Source: Akamai
Infrastructure-layer DDoS attacksoutnumber application-layer attacks 9-to-1
Source: Akamai
• 88% of application-based attacks cameover HTTP
• 15% of organizations reported attackstargeting Web application log in pageson a daily basis
• UDP fragments becoming the largestportion of network layer attack traffic
Source: Akamai
• 88% of application-based attacks cameover HTTP
• 15% of organizations reported attackstargeting Web application log in pageson a daily basis
• UDP fragments becoming the largestportion of network layer attack traffic
Source: Akamai
Significant Attack Vectors Have Emerged
The Simple Service Discovery Protocol (SSDP)- Top Infrastructure-based Attack Vector
SSDP comes pre-enabled on millions ofdevices – routers, media servers, web cams,smart TVs, printers, automobiles
Allows devices to discover each other on anetwork, establish communication, coordinateactivities
Attackers are armed with a list of vulnerabledevices; use them as reflectors to amplify aDDoS attack
SSDP comes pre-enabled on millions ofdevices – routers, media servers, web cams,smart TVs, printers, automobiles
Allows devices to discover each other on anetwork, establish communication, coordinateactivities
Attackers are armed with a list of vulnerabledevices; use them as reflectors to amplify aDDoS attackSSDP accounted for more than
20% of attack vectors in 2015
Attackers Quickly Strike Back
Attackers are continually developing new attackvectors that defeat mitigation tools
They respond in days / hours after mitigation toolsare deployed
Meaning businesses face two chief challenges:• The increasing complexity of security, i.e.
multi-pronged nature of the attacks• Speed at which attackers adapt to new
mitigation tools
Compromise Takes Minutes, Discovery Takes Longer
Source: Radware
The cost of DDoS attacks
• Average $40K per hour
• 32% of companies wouldloose over $100K revenueper hour of attack
• 11% of US companies wouldloose $1 Million+ revenueper hour of attack
Source: Neustar
1 in 5 companies were told of attacks bycustomers, partners, other 3rd parties
• Envelope Attacks – Device Overload• Directed Attacks - Exploits• Intrusions – Mis-Configurations• Localized Volume Attacks• Low & Slow Attacks• SSL Floods
Required Detection:Encrypted/Non-Volumetric Attacks
• Web Attacks• Application Misuse• Connection Floods• Brute Force• Directory Traversals• Injections• Scraping & API Misuse
Required Detection:Application Attacks
Fight Back – Advice #1
Don’t assume your company is not a target
Bake DDoS mitigation into your businessresiliency planning
Understand that no two DDoS attacks areexactly alike
Ensure buy-in from ALL C-suite executives
Fight Back – Advice #2
Protecting your data is not the same asprotecting your business
Also review your current investments insystem integrity and operationalavailability
Then gauge the increase required toensure appropriate protection
Fight Back – Advice #3
You can’t defend against attacks you can’tdetect
Understand your vulnerabilities in today’sdistributed environments
Fight Back – Advice #4
Evaluate DDoS protection solutions
Consider a hybrid approach of layeredDDoS defenses: always on, on-premisehardware blocking plus cloud-based trafficscrubbing
Fight Back – Advice #5
Know your limitations
Enlist specialists that have the expertiseto help you fight and win
> Submit your question via webinarchat box
> Email the Event Moderator post-event
– If we can’t get to your question on thecall, we’ll respond promptly via email:[email protected]
Webinars On Demand…
> Visit our website to view any of our previous webinars on demand(Resources > Library > Webinars):
– Cloud Security Myths
– When Virtualization Meets Infrastructure: A Business Transformation Story
– BYOD: Is This Exploding Trend a Security Time-Bomb?
– How to Investigate Your Cloud Provider’s Security Capabilities
– How to Position Cloud ROI
– Mitigate Risk with Hybrid DR in the Cloud
– 7 Smart Metrics to Calculate Cloud ROI
– Cloud, Colo or Hybrid - Top 4 Considerations