SlideShare une entreprise Scribd logo

Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by Paul Mazzucco

North Texas Chapter of the ISSA
North Texas Chapter of the ISSA

2014 saw an average of 28 DDoS attacks every hour, and 40% of those business who suffered a DDoS attack saw their Internet connectivity completely “saturated” (in other words, the attack didn’t just degrade performance, it took the organization completely offline). As network providers improve their ability to protect against these attacks, criminals are stepping up, too. Today 81% of DDoS attacks are multi-vector, combining volumetric, application-layer and state exhaustion techniques. This session will dive into the seven network layers in the Open System Interconnection (OSI) model, describe how DDoS attacks are perpetrated against each layer, and offer advice for how to mitigate against these complex intrusions.

Présentations et discours publics
1  sur  20
Télécharger pour lire hors ligne
Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015
Key Reasons for Cyber Attacks Criminal •  Money … and more money •  Large number of groups •  From unskilled to advanced •  Present in virtually every country •  Protest •  Revenge •  Large number of groups •  Basic skills; a few standouts with advanced skills who motivate a potential larger set of followers Espionage •  Acquiring secrets for -  National security -  Economic benefit •  Growing number of countries with capabilities •  Larger array of supported or tolerated groups War •  Motivation is to destroy, degrade, or deny •  Politics by another name •  Growing number of countries with capability •  Non-state actors could be included Hacktivists
DoS/DDoS Attacks New Cyber Weapon of Choice Cyber Attack Sophistication Is Increasing •  Lower bandwidth attacks occur more frequently, last longer, evade detection -  Overwhelm servers' ability to respond; ultimately take down the site •  Multi-vector campaigns -  Booter services, low-cost DDoS campaigns can take down typical business -  DDoS-for-hire market is expanding -  China, Germany, the U.S. accounted for more than 50% of all DDoS attacks origins in Q1 2015 The number of DDoS attacks in Q1 2015 more than doubled the number of DDoS attacks in Q1 2014 Source: Akamai
The Industry Hit List Expands Drivers: the rise of the Internet of Things, web vulnerabilities and botnet building Choice Targets •  SaaS platforms, e.g. healthcare data •  Competitive industries, e.g. gaming •  Multi-tenant platforms because attacks on one tenant impact all other tenants Q1 2015 infrastructure attacks were 91% of total DDoS attacks Source: Akamai
Where Are the Attacks Taking Place? Network attacks were 90% of attacks in 2005 Session attacks typically defeat conventional firewalls Application attacks are 90% of attacks in 2015 The 7 Layers of the OSI Model Q1 2015 vs. Q1 2014: 124.69% increase in infrastructure layer (Layer 3 & 4) attacks Q1 2015 vs. Q1 2014: 59.83% increase in application layer (Layer 7) attacks
Significant attack vectors emerged in 2014 •  50% of all Web attacks were encrypted application-based attacks •  15% of organizations reported attacks targeting Web application log in pages on a daily basis •  DNS-based volumetric floods increased from 10% to 21%, becoming the 2nd most common attack vector Source: Radware New Attack Vectors, One Dangerous Commonality
The Simple Service Discovery Protocol (SSDP) - Top Infrastructure-based Attack Vector SSDP comes pre-enabled on millions of devices – routers, media servers, web cams, smart TVs, printers Allows devices to discover each other on a network, establish communication, coordinate activities Attackers are armed with a list of vulnerable devices; use them as reflectors to amplify a DDoS attackSSDP accounted for more than 20% of Q1 2015 attack vectors
Not Just a Party of One Anymore – Multi-Vector Attacks Take Aim More than 50% of attack campaigns deployed 5 or more attack vectors in 2014 Keeps the target busy by releasing one attack vector at a time vs. launching the entire arsenal all at once Sources: Radware, Arbor Networks
Attackers (Quickly) Strike Back Attackers are continually developing new attack vectors that defeat newly deployed mitigation tools They are responding in days – sometimes even hours – after mitigation tools are deployed Meaning businesses face two chief challenges: •  The increasing complexity of security, i.e. multi-pronged nature of the attacks •  Speed at which attackers adapt to new mitigation tools
Minutes to Compromise, Months to Discover Source: Radware DDoS attack costs •  SMB: $52,000 per incident •  32% of companies would loose over $100K revenue per hour of attack •  11% of US companies would loose $1 Million+ revenue per hour of attack Source: Neustar 88% of companies are hit multiple times, with 39% attacked over 10 times annually
Recap the Challenges •  Cyber attacks are mainstream •  Network perimeter disappears; –  Application data is final frontier •  Availability-based attacks are main weapon –  Multi-vector attack campaigns •  Targeting end-to-end weakness points –  Pipe, network, servers, applications •  Targeting multi-tenant environments –  Amplifies overall impact and management complexity •  Disguising techniques –  Multiple attackers, one IP address –  Attack using dynamic IP addresses •  Data (confidentiality) and integrity attacks
•  Envelope Attacks – Device Overload •  Directed Attacks - Exploits •  Intrusions – Mis-Configurations •  Localized Volume Attacks •  Low & Slow Attacks •  SSL Floods Sources: TierPoint, Radware Required Detection: Encrypted/Non-Volumetric Attacks
•  Web Attacks •  Application Misuse •  Connection Floods •  Brute Force •  Directory Traversals •  Injections •  Scraping & API Misuse Sources: TierPoint, Radware Required Detection: Application Attacks
•  Network DDoS •  SYN Floods •  HTTP Floods Sources: TierPoint, Radware Required Detection: Volumetric Attacks
Fight Back – Advice #1 Don’t assume that you’re not a target Draw up battle plans; learn from the mistakes of others Ensure buy-in from ALL C-suite executives, not just the CTO or CIO
Fight Back – Advice #2 Protecting your data is not the same as protecting your business True security necessitates data protection, system integrity, operational availability Review your current investments, then gauge the increase required to ensure appropriate protection
Fight Back – Advice #3 You can’t defend against attacks you can’t detect The battle-prepared business harnesses an intelligence network
Fight Back – Advice #4 Evaluate DDoS protection solutions Consider a hybrid approach of layered DDoS defenses: always on, on-premise hardware blocking plus cloud-based traffic scrubbing
Fight Back – Advice #5 Know your limitations Enlist specialists that have the expertise to help you fight and win
Thank you

Recommandé

The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
Radware
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
Radware
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
Radware
 
Radware Solutions for MSSPs
Radware Solutions for MSSPsRadware Solutions for MSSPs
Radware Solutions for MSSPs
Radware
 
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival GuideDSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
Andris Soroka
 
Defeat Ransomware and Ward off Extortionists with LightCyber+Ayehu
Defeat Ransomware and Ward off Extortionists with LightCyber+AyehuDefeat Ransomware and Ward off Extortionists with LightCyber+Ayehu
Defeat Ransomware and Ward off Extortionists with LightCyber+Ayehu
Ayehu Software Technologies Ltd.
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 

Recommandé

The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
Radware
 
InfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber WarInfoSecurity Europe 2014: The Art Of Cyber War
InfoSecurity Europe 2014: The Art Of Cyber War
Radware
 
Radware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF ServiceRadware Hybrid Cloud WAF Service
Radware Hybrid Cloud WAF Service
Radware
 
Radware Solutions for MSSPs
Radware Solutions for MSSPsRadware Solutions for MSSPs
Radware Solutions for MSSPs
Radware
 
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival GuideDSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
DSS ITSEC 2013 Conference 07.11.2013 - Radware - Cyber Attacks Survival Guide
Andris Soroka
 
Defeat Ransomware and Ward off Extortionists with LightCyber+Ayehu
Defeat Ransomware and Ward off Extortionists with LightCyber+AyehuDefeat Ransomware and Ward off Extortionists with LightCyber+Ayehu
Defeat Ransomware and Ward off Extortionists with LightCyber+Ayehu
Ayehu Software Technologies Ltd.
 
Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?Cyber Attack Survival: Are You Ready?
Cyber Attack Survival: Are You Ready?
Radware
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
David Sweigert
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
Deivid Toledo
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
Fidelis Cybersecurity
 
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportKey Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
APNIC
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
Alert Logic
 
Rio olympics ddos attack
Rio olympics ddos attackRio olympics ddos attack
Rio olympics ddos attack
AnukaJinadasa
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
Art Ocain
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
Dragos, Inc.
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
Fidelis Cybersecurity
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Rahul Neel Mani
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
Netpluz Asia Pte Ltd
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
segughana
 
9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time 9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time
Haltdos
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
Fidelis Cybersecurity
 
An analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORTAn analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORT
ijsrd.com
 
Machine learning SVM
Machine learning SVMMachine learning SVM
Machine learning SVM
Raj Kamal
 

Contenu connexe

Tendances

TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
SaraPia5
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
Jim Kaplan CIA CFE
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
AlienVault
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
segughana
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
OK2OK
 

Tendances (20)

Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWAREDDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
 
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
TIC-TOC: Ransomware: Help your Customers be Prepared with Dominique Singer an...
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and Research
 
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security ReportKey Findings from Arbor's Tenth World-Wide Infrastructure Security Report
Key Findings from Arbor's Tenth World-Wide Infrastructure Security Report
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal BallPlanning your 2015 Threat Detection Strategy with a Broken Crystal Ball
Planning your 2015 Threat Detection Strategy with a Broken Crystal Ball
 
Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense Emerging Threats and Strategies of Defense
Emerging Threats and Strategies of Defense
 
Rio olympics ddos attack
Rio olympics ddos attackRio olympics ddos attack
Rio olympics ddos attack
 
Anatomy of a Ransomware Event
Anatomy of a Ransomware EventAnatomy of a Ransomware Event
Anatomy of a Ransomware Event
 
Behavior-Based Defense in ICS
Behavior-Based Defense in ICSBehavior-Based Defense in ICS
Behavior-Based Defense in ICS
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
Putting Cyber Attackers on the Defensive
Putting Cyber Attackers on the DefensivePutting Cyber Attackers on the Defensive
Putting Cyber Attackers on the Defensive
 
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
Outpost24 webinar: The state of ransomware in 2021 and how to limit your expo...
 
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate ResponseDetect Unknown Threats, Reduce Dwell Time, Accelerate Response
Detect Unknown Threats, Reduce Dwell Time, Accelerate Response
 
Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service Managed Security Operations Centre Alternative - Managed Security Service
Managed Security Operations Centre Alternative - Managed Security Service
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
 
9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time 9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time
 
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
Optimize your AWS FEST - N2WS session - Addressing the Relentless Threat of R...
 
Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019Game Changing Cyber Defensive Strategies for 2019
Game Changing Cyber Defensive Strategies for 2019
 

En vedette

Machine learning SVM
Machine learning SVMMachine learning SVM
Machine learning SVM
Raj Kamal
 

En vedette (6)

An analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORTAn analysis of Network Intrusion Detection System using SNORT
An analysis of Network Intrusion Detection System using SNORT
 
Machine learning SVM
Machine learning SVMMachine learning SVM
Machine learning SVM
 
IDS Survey on Entropy
IDS Survey on Entropy IDS Survey on Entropy
IDS Survey on Entropy
 
Intrusion Detection System
Intrusion Detection SystemIntrusion Detection System
Intrusion Detection System
 
Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attacks
 
Introduction To Intrusion Detection Systems
Introduction To Intrusion Detection SystemsIntroduction To Intrusion Detection Systems
Introduction To Intrusion Detection Systems
 

Similaire à Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by Paul Mazzucco

comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
Renny Shen
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
Cloudflare
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
Neil Hinton
 

Similaire à Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by Paul Mazzucco (20)

Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
Tierpoint webinar: Multi-vector DDoS attacks: detection and mitigation_Jan2016
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-papercomparing-approaches-for-web-dns-infrastructure-security-white-paper
comparing-approaches-for-web-dns-infrastructure-security-white-paper
 
DDoS threat landscape report
DDoS threat landscape reportDDoS threat landscape report
DDoS threat landscape report
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
M1_Introduction_IPS.pptx
M1_Introduction_IPS.pptxM1_Introduction_IPS.pptx
M1_Introduction_IPS.pptx
 
Endpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategyEndpoint and Server: The belt and braces anti-malware strategy
Endpoint and Server: The belt and braces anti-malware strategy
 
types of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptxtypes of cyber attack by taufiqurrahman.pptx
types of cyber attack by taufiqurrahman.pptx
 
Malware attack Social engineering attack
Malware attack Social engineering attackMalware attack Social engineering attack
Malware attack Social engineering attack
 
Web Attack Survival Guide
Web Attack Survival GuideWeb Attack Survival Guide
Web Attack Survival Guide
 
Protecting your business from ddos attacks
Protecting your business from ddos attacksProtecting your business from ddos attacks
Protecting your business from ddos attacks
 
Talos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the NoiseTalos Insight: Threat Innovation Emerging from the Noise
Talos Insight: Threat Innovation Emerging from the Noise
 
2012 Global Application and Network Security Report
2012 Global Application and Network Security Report2012 Global Application and Network Security Report
2012 Global Application and Network Security Report
 
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
Utilizing cyber intelligence to combat cyber adversaries (OA Cyber Summit)
 
The role of DDoS Providers
The role of DDoS ProvidersThe role of DDoS Providers
The role of DDoS Providers
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015Russian and Worldwide Internet Security Trends 2015
Russian and Worldwide Internet Security Trends 2015
 
Spo1 r31 spo1-r31
Spo1 r31 spo1-r31Spo1 r31 spo1-r31
Spo1 r31 spo1-r31
 
PLNOG 8: Darren Anstee - ARBOR - Infrastructure Security Report
PLNOG 8: Darren Anstee - ARBOR - Infrastructure Security Report PLNOG 8: Darren Anstee - ARBOR - Infrastructure Security Report
PLNOG 8: Darren Anstee - ARBOR - Infrastructure Security Report
 

Plus de North Texas Chapter of the ISSA

Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
North Texas Chapter of the ISSA
 

Plus de North Texas Chapter of the ISSA (20)

Purple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcuttPurple seven-ntxissacsc5 walcutt
Purple seven-ntxissacsc5 walcutt
 
Ntxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cepNtxissacsc5 yellow 7 protecting the cloud with cep
Ntxissacsc5 yellow 7 protecting the cloud with cep
 
Ntxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediationNtxissacsc5 gold 4 beyond detection and prevension remediation
Ntxissacsc5 gold 4 beyond detection and prevension remediation
 
Ntxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliencyNtxissacsc5 gold 1 mimecast e mail resiliency
Ntxissacsc5 gold 1 mimecast e mail resiliency
 
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
Ntxissacsc5 yellow 6-abusing protocols for dynamic addressing in space-jacenr...
 
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
Ntxissacsc5 yellow 2-evidence driven infosec compliance strategy-garrettp1
 
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersenNtxissacsc5 yellow 1-beginnerslinux bill-petersen
Ntxissacsc5 yellow 1-beginnerslinux bill-petersen
 
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykesNtxissacsc5 red 6-diy-pentest-lab dustin-dykes
Ntxissacsc5 red 6-diy-pentest-lab dustin-dykes
 
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc groupNtxissacsc5 red 1 & 2 basic hacking tools ncc group
Ntxissacsc5 red 1 & 2 basic hacking tools ncc group
 
Ntxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompsonNtxissacsc5 purple 5-insider threat-_andy_thompson
Ntxissacsc5 purple 5-insider threat-_andy_thompson
 
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczulNtxissacsc5 purple 4-threat detection using machine learning-markszewczul
Ntxissacsc5 purple 4-threat detection using machine learning-markszewczul
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptxNtxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowiczNtxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
Ntxissacsc5 gold 1--mimecast email resiliency- erez-haimowicz
 
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNtxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
 
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghanNtxissacsc5 blue 6-securityawareness-laurianna_callaghan
Ntxissacsc5 blue 6-securityawareness-laurianna_callaghan
 
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeqNtxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
 
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill whiteNtxissacsc5 blue 3-shifting from incident to continuous response bill white
Ntxissacsc5 blue 3-shifting from incident to continuous response bill white
 
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_muellerNtxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
Ntxissacsc5 blue 4-the-attack_life_cycle_erich_mueller
 
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomeyNtxissacsc5 blue 2-herding cats and security tools-harold_toomey
Ntxissacsc5 blue 2-herding cats and security tools-harold_toomey
 

Dernier

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
ZurliaSoop
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
Kayode Fayemi
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
David Celestin
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
amilabibi1
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Hung Le
 

Dernier (17)

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...
 
Dreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio IIIDreaming Music Video Treatment _ Project & Portfolio III
Dreaming Music Video Treatment _ Project & Portfolio III
 
lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.lONG QUESTION ANSWER PAKISTAN STUDIES10.
lONG QUESTION ANSWER PAKISTAN STUDIES10.
 
Uncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac FolorunsoUncommon Grace The Autobiography of Isaac Folorunso
Uncommon Grace The Autobiography of Isaac Folorunso
 
Introduction to Artificial intelligence.
Introduction to Artificial intelligence.Introduction to Artificial intelligence.
Introduction to Artificial intelligence.
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...
 
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdfAWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf
 
Dreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video TreatmentDreaming Marissa Sánchez Music Video Treatment
Dreaming Marissa Sánchez Music Video Treatment
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
My Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle BaileyMy Presentation "In Your Hands" by Halle Bailey
My Presentation "In Your Hands" by Halle Bailey
 
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
Zone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptxZone Chairperson Role and Responsibilities New updated.pptx
Zone Chairperson Role and Responsibilities New updated.pptx
 
ICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdfICT role in 21st century education and it's challenges.pdf
ICT role in 21st century education and it's challenges.pdf
 

Luncheon 2015-08-20 - Multi-vector DDOS Attacks Detection and Mitigation by Paul Mazzucco

  • 1. Multi-vector DDOS Attacks Detection and Mitigation Paul Mazzucco Chief Security Officer August 2015
  • 2. Key Reasons for Cyber Attacks Criminal •  Money … and more money •  Large number of groups •  From unskilled to advanced •  Present in virtually every country •  Protest •  Revenge •  Large number of groups •  Basic skills; a few standouts with advanced skills who motivate a potential larger set of followers Espionage •  Acquiring secrets for -  National security -  Economic benefit •  Growing number of countries with capabilities •  Larger array of supported or tolerated groups War •  Motivation is to destroy, degrade, or deny •  Politics by another name •  Growing number of countries with capability •  Non-state actors could be included Hacktivists
  • 3. DoS/DDoS Attacks New Cyber Weapon of Choice Cyber Attack Sophistication Is Increasing •  Lower bandwidth attacks occur more frequently, last longer, evade detection -  Overwhelm servers' ability to respond; ultimately take down the site •  Multi-vector campaigns -  Booter services, low-cost DDoS campaigns can take down typical business -  DDoS-for-hire market is expanding -  China, Germany, the U.S. accounted for more than 50% of all DDoS attacks origins in Q1 2015 The number of DDoS attacks in Q1 2015 more than doubled the number of DDoS attacks in Q1 2014 Source: Akamai
  • 4. The Industry Hit List Expands Drivers: the rise of the Internet of Things, web vulnerabilities and botnet building Choice Targets •  SaaS platforms, e.g. healthcare data •  Competitive industries, e.g. gaming •  Multi-tenant platforms because attacks on one tenant impact all other tenants Q1 2015 infrastructure attacks were 91% of total DDoS attacks Source: Akamai
  • 5. Where Are the Attacks Taking Place? Network attacks were 90% of attacks in 2005 Session attacks typically defeat conventional firewalls Application attacks are 90% of attacks in 2015 The 7 Layers of the OSI Model Q1 2015 vs. Q1 2014: 124.69% increase in infrastructure layer (Layer 3 & 4) attacks Q1 2015 vs. Q1 2014: 59.83% increase in application layer (Layer 7) attacks
  • 6. Significant attack vectors emerged in 2014 •  50% of all Web attacks were encrypted application-based attacks •  15% of organizations reported attacks targeting Web application log in pages on a daily basis •  DNS-based volumetric floods increased from 10% to 21%, becoming the 2nd most common attack vector Source: Radware New Attack Vectors, One Dangerous Commonality
  • 7. The Simple Service Discovery Protocol (SSDP) - Top Infrastructure-based Attack Vector SSDP comes pre-enabled on millions of devices – routers, media servers, web cams, smart TVs, printers Allows devices to discover each other on a network, establish communication, coordinate activities Attackers are armed with a list of vulnerable devices; use them as reflectors to amplify a DDoS attackSSDP accounted for more than 20% of Q1 2015 attack vectors
  • 8. Not Just a Party of One Anymore – Multi-Vector Attacks Take Aim More than 50% of attack campaigns deployed 5 or more attack vectors in 2014 Keeps the target busy by releasing one attack vector at a time vs. launching the entire arsenal all at once Sources: Radware, Arbor Networks
  • 9. Attackers (Quickly) Strike Back Attackers are continually developing new attack vectors that defeat newly deployed mitigation tools They are responding in days – sometimes even hours – after mitigation tools are deployed Meaning businesses face two chief challenges: •  The increasing complexity of security, i.e. multi-pronged nature of the attacks •  Speed at which attackers adapt to new mitigation tools
  • 10. Minutes to Compromise, Months to Discover Source: Radware DDoS attack costs •  SMB: $52,000 per incident •  32% of companies would loose over $100K revenue per hour of attack •  11% of US companies would loose $1 Million+ revenue per hour of attack Source: Neustar 88% of companies are hit multiple times, with 39% attacked over 10 times annually
  • 11. Recap the Challenges •  Cyber attacks are mainstream •  Network perimeter disappears; –  Application data is final frontier •  Availability-based attacks are main weapon –  Multi-vector attack campaigns •  Targeting end-to-end weakness points –  Pipe, network, servers, applications •  Targeting multi-tenant environments –  Amplifies overall impact and management complexity •  Disguising techniques –  Multiple attackers, one IP address –  Attack using dynamic IP addresses •  Data (confidentiality) and integrity attacks
  • 12. •  Envelope Attacks – Device Overload •  Directed Attacks - Exploits •  Intrusions – Mis-Configurations •  Localized Volume Attacks •  Low & Slow Attacks •  SSL Floods Sources: TierPoint, Radware Required Detection: Encrypted/Non-Volumetric Attacks
  • 13. •  Web Attacks •  Application Misuse •  Connection Floods •  Brute Force •  Directory Traversals •  Injections •  Scraping & API Misuse Sources: TierPoint, Radware Required Detection: Application Attacks
  • 14. •  Network DDoS •  SYN Floods •  HTTP Floods Sources: TierPoint, Radware Required Detection: Volumetric Attacks
  • 15. Fight Back – Advice #1 Don’t assume that you’re not a target Draw up battle plans; learn from the mistakes of others Ensure buy-in from ALL C-suite executives, not just the CTO or CIO
  • 16. Fight Back – Advice #2 Protecting your data is not the same as protecting your business True security necessitates data protection, system integrity, operational availability Review your current investments, then gauge the increase required to ensure appropriate protection
  • 17. Fight Back – Advice #3 You can’t defend against attacks you can’t detect The battle-prepared business harnesses an intelligence network
  • 18. Fight Back – Advice #4 Evaluate DDoS protection solutions Consider a hybrid approach of layered DDoS defenses: always on, on-premise hardware blocking plus cloud-based traffic scrubbing
  • 19. Fight Back – Advice #5 Know your limitations Enlist specialists that have the expertise to help you fight and win