Download
1 / 24

How Effective CSOs Prepare for DDoS Attacks - PowerPoint PPT Presentation


  • 87 Views
  • Uploaded on

How Effective CSOs Prepare for DDoS Attacks. Rob Kraus & Jeremy Scott Solutionary SERT. Speakers. Rob Kraus. Jeremy Scott. Senior Research Analyst Twitter: @jeremyscott_org. Director of Research Twitter: @robkraus. Solutionary, Inc. (Twitter: @solutionary)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' How Effective CSOs Prepare for DDoS Attacks' - darin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
How effective csos prepare for ddos attacks

How Effective CSOs Prepare for DDoS Attacks

Rob Kraus & Jeremy Scott

Solutionary SERT


Speakers
Speakers

Rob Kraus

Jeremy Scott

Senior Research Analyst

Twitter: @jeremyscott_org

  • Director of Research

  • Twitter: @robkraus

Solutionary, Inc. (Twitter: @solutionary)

Security Engineering Research Team (SERT)


Countering Attacks Hiding In Denial-Of-Service Smokescreens

-Dark Reading, September 2013

What’s better than creating your own DDoS? Renting one

-TechRepublic, September 2013

Cybercrooks use DDoS attacks to mask theft of banks' millions

-CNET.com, August 2013

DDoS Botnet Now Can Detect Denial-Of-Service Defenses

-Dark Reading, August 2013

DDoS Attacks Strike Three Banks

-Bank Info Security, August 2013


Ddos varieties
DDoS Varieties

  • Every DDoS is different

    • Attack types/target infrastructure/services

    • Tools (booters, stressers, DDoS for rent)

  • Examples:

    • Volumetric

    • SYN Flood (TCP protocol)

    • DNS Amplification (reflection)

    • HTTP Application Attacks



Application layer ddos
Application Layer DDoS

  • Targets applications

    • Effective due to underlying components serving content

      • Logon pages

      • “Heavy” content pages

      • Complex database queries

      • Max connections exceeded


Case study 1
Case Study #1

  • Mid-sized financial institution

  • Targeted application DDoS

  • Over 30,000 attack sources

  • Attack duration 30 minutes

Attacked 8 times in 2012



Case study 2
Case Study #2

  • Large financial institution

  • Over 91,000 attack sources (150 countries)

  • Attack duration: 10.5 hours

  • Bandwidth Consumption DDoS

    • Masked 3 unauthorized ACH transfers totaling 4.2 million dollars


Other ddos considerations
Other DDoS Considerations

  • Is your organization the target…or the source?

    • Monitor internal and external bandwidth

  • Visibility is key

    • Monitor appropriate parts of infrastructure

    • Consider SSL termination points




Ir roles responsibilities
IR Roles & Responsibilities face.”

  • Planning

  • Preparation

  • Testing plan effectiveness

  • Monitor intelligence feeds

  • Communication

  • Manage incidents


Ddos response goals
DDoS Response Goals face.”

  • “Stop” vs. Mitigate

    • Goal #1 Detect the attack in a timely manner

    • Goal #2 Enable reactive controls

    • Goal #3 Achieve “Sustained Availability”

    • Goal #4 Recovery and review


Defense maturity
Defense Maturity face.”

Basic Controls

Advanced Controls



Poor cso approach
Poor CSO Approach face.”

  • Rely on others to understand the risk

  • Unaware of the organizations capabilities to thwart attacks

  • Expect results even after no prior planning

  • Scramble for budget during the attack

  • Don’t consider attacks a part of delivering business


Effective cso approach
Effective CSO Approach face.”

  • Think in terms of “tactical” and “strategic” solutions

  • Understand:

    • threat, risk, vulnerabilities, loss potential

    • it isa matter of “when”, not “if”

    • the goal is not to stop, but mitigate

    • not all DDoS can be mitigated, but still try

    • “rolling your own” solution is not always the best choice

  • Sponsor and participate in IR plan development


Effective cso approach1
Effective CSO Approach face.”

  • Embrace and leverage relationships

    • ISP

    • Vendors - subject Matter expert support contracts

  • Conduct test exercises to determine plan effectiveness

  • Leverage existing technologies

  • Plan and allocate budgets

    • Training

    • External IR support

    • Mitigation services


Benefits of being effective
Benefits of Being Effective face.”

  • Compress the mitigation timeline

    • Reduce overall impact

      • Loss of productivity

      • Loss of availability (loss of revenue)

      • SLA penalties

      • Legal costs

    • Protecting your brand


References
References face.”

  • RFC 4987 - Syn Flood Attack and Mitigation

  • Solutionary – 7 Steps to DDoS Protection

  • Solutionary – 2013 Global Threat Intelligence Report (GTIR)


Questions

Questions? face.”


ad