En 2019, NSFOCUS Security Labs detectó más de 400,000 ataques DDoS lanzados a través de botnets, un fuerte aumento en comparación con 2018 (8323 ataques DDoS). Según nuestra observación, Las botnets que se ejecutaban en dispositivos IoT eran principalmente de las familias Mirai y Gafgyt. Estas dos familias fueron explotadas para lanzar más del 60% de los ataques DDoS en la primera mitad de 2019. NSFocus posee una de las soluciones más potentes y robustas del mercado, con 20 años de Experiencia y 8 Centros de Limpieza (Scrubbing Center) Desplegados en todo el Globo. Con una capacidad de mitigación de 7 Tbps
Handwritten Text Recognition for manuscripts and early printed texts
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
1. SECURITY MADE
SMART AND SIMPLE
April, 2020
Santiago Chile
Renato Soares
Principal SE LATAM
Patricio Campos
TAM SOLA
2. Sao Paulo
Santa Clara, CA
London
TokyoBeijing
Singapore
ABOUT NSFOCUS
7 years
Offices worldwide
Protects over 20% of
Fortune Global 500
Protects 4 of the 5
largest banks
Protects 5 out of 10
largest telcos
Named ‘Challenger’ in
Gartner MQ
Active member of
global security
community
4. DDOS LANDSCAPE
4
• The total attack count increased 30.2%.
• The average attack peak size rose a little to 42.9 Gbps and the technical
maturity of large- and medium-scale attacks has grown year by year.
• UDP floods, SYN floods, and ACK floods still dominated DDoS attacks, and,
in super-sized attacks, those combining multiple vectors stole the limelight.
• IoT devices were more frequently seen in DDoS attacks.
6. WAF Web Vuln. Scanning
System
DDoS
ON PREMISE
HOLISTIC HYBRID SECURITY
Threat
Intelligence
WAF
SaaS/IaaS
Web Vuln. Scanning System
SaaS/IaaS
Cloud DPS
Smart Patch (IaaS)
Smart Patch
Smart
Patch
TASNGIPS
30 Second Diversion
30 Second
Diversion
30 Second
Diversion
30 Second
Diversion
(IaaS)
Smart
Patch
CLOUD IN A BOX
Intelligent Detection
File
IOCs
SaaS
Anti-DDoS Business
Operation System
(ADBOS)
8. W W W. N S F O C U S . C O M
Protects
Customers
Generates
Revenue
On-Premises Defenses
• 5 T mitigation capacity deployed in 2019
• Available in hardware and
virtualized platforms
• Widely used in ISP, BFSI, media,
government and gaming industry
• 24x7 MSS with experienced
security experts
Hybrid Defenses
• Integrated Solution
• Protects Customer Traffic & Infrastructure
• Fastest Time To Mitigation
Cloud Defenses
• Service Provider Ready
• Global Cloud Centers
• Experienced in handling large attacks – 430G in 2019
• Fully automatic diversion
• Low network latency
Protects
Infrastructure
COMPLETE DDOS DEFENSE
9. NSFOCUS CLOUD DATACENTERS
• 7Tbps of scrubbing capacity with 8+ POPs
• Flexible return traffic location choices
• Minimum latency with scrubbing centers worldwide
• ISO/IEC 27001:2013 compliance
Singapore
Frankfurt
Ashburn
London
Silicon Valley
8+
geographically
distributed cloud
centers hosted by
Tier1 Level data
centers
Coresite/LA
Hong Kong
Sao Paulo
DamDDoS
10. W W W. N S F O C U S . C O M
CLOUD DPS MIGRATION SOLUTION
1. NTA sends DDoS alert to
NSFOCUS Cloud DPS
2. Cloud will divert customer
traffic from Internet via pre-
defined BGP session
3. NSFOCUS Global Network
redirects traffic to the closest
Cloud Center
4. Malicious traffic will be
discarded
5. Legitimate traffic will be
returned to customer
Internet
BGP Diversion
GRE Tunnel /
Direct Connection /
Partner Connection
NTA
Signaling
11. Reliable & Accurate
Powered by NSFOCUS flagship
Anti-DDoS products, provide
responsive and reliable DDoS
mitigation against L3 to L7
attacks
24 x 7
Mitigation of DDoS attacks
through always-on or on-
demand cloud connectivity
options
Easy to Use
The NSFOCUS Cloud Portal
provides visibility, reporting,
and analytics to manage and
contain DDoS risks
Basic, Standard or Advanced package for
different levels of mitigation requirement
Smart Hybrid Architecture
Seamlessly integration of on-premises
ADS with Cloud DPS provides low
latency automatic mitigation and
protection against volumetric attacks
CLOUD DPS KEY BENEFITS
Rich & Flexible Service Package
12. ON-PREMISES DDOS PROTECTION SOLUTION
ADS, NTA, ADS-M
• Algorithmic, multi-filter, rule-based approach
• Highly accurate and surgical mitigation
• Integrated with built in threat intel module (NTI)
• Low false-positive rates
• Specific algorithm for APP traffic
• Full visibility during mitigation process
• Low latency with minimal packet loss
• Flexible Deployment Options
• Inline, out-of-path, cluster
• Automated or manual mitigation options
MSS For ADS Service
• 24x7 monitoring & response
Management
& Reporting
DDoS Protection
Solution
ADS-M
Traffic Flow
Monitoring &
Alert
NTA
Attack
Mitigation
ADS
NTI
14. W W W. N S F O C U S . C O M
ON-PREMISES INLINE DEPLOYMENT
• Quick and easy to install
• Up to 40 Gbps @ 30M pps
• Inspects all traffic
• Immediate, always on defenses
Attack Traffic
Good Traffic
Protected
Network
Border Router
Anti-DDoS System (ADS)
Firewalls
ADS can be
deployed on
either side of
Border Router
Internet
Legend
15. W W W. N S F O C U S . C O M
ON-PREMISES OUT-OF-PATH DEPLOYMENT
• Quick and easy to install
• Preferred method for larger customers
• Unlimited scalability via clustering
• Manual or automated BGP redirection
• GRE, VLAN, MPLS, PBR reinjection
Attack Traffic
Good Traffic
Legend
Control Traffic
ADS
Notification to ADS
Protected
Network
Internet
NTA
ADS-M
BGP Advertisement
FlowData
Attack Detection
Attack Filtering Logs
AttackLogs
16. W W W. N S F O C U S . C O M
NTI-EMPOWERED DDOS PROTECTION
Download Bad IP Feeds
Threat Intel Query on Attackers
Botnets &
Known Attackers
Legitimate Traffic
• Up to 20% scrubbed via NTI
• Auto filtering with high accuracy
• Daily update
• Threat intel traceback
o IP reputation
o ASN & geographic location
o Open ports
o Associated domains
ADS
NTA
Internet
Protected
Network
Flow Data
Attack Detection
NTI
(ANALYSIS, FORENSICS, SHARING)
20. WHO MAY NEED ADBOS?
— ADBOS is tailored to:
• ISP, IDC, MSSP and other service providers who are operating or plan to operate Anti-DDOS
services and generate revenue from reselling/upselling the Anti-DDoS services
• Mixed vendor scrubbing centers
• Local and cloud scrubbing owners who need collaborative SOC platform
— ADBOS has been deployed by
• Top 10 Telcos in the world
• Top 3 online gaming in the world
21. ADBOS: BRAIN OF THE ANTI-DDOS SERVICES
LEGITIMATE TRAFFIC
MALICIOUS TRAFFIC
NSFOCUS
CLOUD DPS
VOLUMETRIC ATTACK
MITIGATION
END USERINTERNET
SECURITY
BORDER
MANAGEMENT & REPORTING
ADS
ATTACK
MITIGATION
NTA
TRAFFIC FLOW &
MONITORING
IDC / ISP
BUSINESS AVAILABILITY
DIAL-UP
MOBILE APP WEB
CUSTOMER
OPERATION & UNIFIED
MANAGEMENT
CLEAN
TRAFFIC
ADBOS
PROTECTED
INFRASTRUCTURE
INTERNET
MANAGEMENT & REPORTING
AUTOMATED
CLOUD DEFENSE
SIGNALING
22. VALUE ADDED SERVICE SOLUTION WITH ADBOS
Cost Saving
• Scalable, flexible, cost effective
• Smart orchestration of scrubbing resources
• Virtualized products requiring thin
provisioning
• Optimized operational procedures with less
domain knowledge requirements
Mitigation Resource Integration
• Automated scheduling and provisioning of
protection nodes
• Collaboration with 3rd party mitigation
service (Upstream ISP)
• Supports Mixed Vendor scrubbing
deployment
Easy O&M
• Agile response to attacks through mobile app
• Intuitive centralized device management
• Closed-loop Anti-DDoS operation
• Visualized mitigation
Value Added Service Enablement
• Enhanced portal & mobile app
• Report customization & branding
• Mass device, customer, order management
• Differentiated service offering (Detection,
Protection, Customer Self-Service, Threat Intel)
• Cloud based security service ready
23. W W W. N S F O C U S . C O M
NSFOCUS MANAGED SECURITY SERVICES (MSS)
Before Attack During Attack After Attack
Configuration
Apply Security Best Practice
Constantly Monitoring
Customized Countermeasures
Customized Report
With Rich Insight
NSFOCUS MSS
experts
CUSTOMER
PARTNER
Real Time Response TAM
Governance
MeetingTimely Attack
Mitigation
Smooth business operations with minimum impact from
DDOS attacks. Obtain professional security insight of
your network. Maximize your security investment returns.
Rich Insights
25. W W W. N S F O C U S . C O M
GLOBAL THREAT INTELLIGENCE
• Actionable Threat Intelligence
• Real-Time Information Sharing
• Custom Threat Information
90+threat researchers, malware
experts
• Unique Intel
from China
• Intel from
Rest of World
8143Active Customers
12,000 Network Sensors
400 Million Endpoints
26. GLOBAL THREAT INTELLIGENCE
STRATEGIC AND TACTICAL TI DELIVERABLES
+
NSFOCUS THREAT
INTELLIGENCE
(NTI) PORTAL
— Threat Information
& Knowledge
— Drill Down to Details on
Threats
— Incident Response
THREAT ANALYSIS
REPORTS
— Threat Trends,
Campaigns, Actors
— Critical Vulnerabilities
— Weekly, Monthly
Quarterly Reports
S T R AT E G I C
+
ACTIONABLE
DATA FEEDS
— IP Reputation
— Malicious Web/URL
— Malware Hashes
— Command & Control
TA C T I C A L
27. NTI DATA –UNIQUE, ACCURATE, FRESH
• 4.2 billion global IP addresses
(port/application/banner)
• 50 billion passive DNS records crossing 8
years
• IoT intelligence
• Geographic location /Whois /ASN info
• IP tagging with industry and network info
Basic Intelligence
• 300,000+ high-quality vulnerabilities
• Vulnerability description, ID, risk level,
topicality, solution, and whether PoC is
available
Vulnerability
• 50,000,000+ malicious IPs (DDoS, intrusion,
scanning, spam, etc.)
• 30,000,000+ botnets (main control servers and
controlled endpoints)
• Hundreds of millions of malicious domain
names/URLs
• Tens of millions of malicious files
• 50,000+ mining pools and miners
Indicators of Compromise
• Weekly/Monthly/Annual threat trend report
• Threat alert and containing report
• Topical threat campaigns and IOCs
• Attack group and attack tool intelligence
• DDoS/botnet research report
Security Campaigns
Used for Internet exposure audit
and attacker profiling
Used for detection of compromised hosts
Used for vulnerability alerting
and vulnerability lifecycle management
Used for campaign alerting and security
trend analysis
IOC (Threat
Indicators)
Basic Intelligence
Advanced
Intelligence
Vulnerability
NTI supports STIX/TAXII V2.0
28. 3RD PARTY INTEGRATION
No se puede mostrar la imagen.
FIREWALLS, IDPS, TIPS, SIEM/SOC SYSTEMS
No se puede mostrar la imagen.
29. NSFOCUS REPORTS
For more NSFOCUS reports, visit:
https://nsfocusglobal.com/company-overview/resources#reports