Download
1 / 24

How Effective CSOs Prepare for DDoS Attacks - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

How Effective CSOs Prepare for DDoS Attacks. Rob Kraus & Jeremy Scott Solutionary SERT. Speakers. Rob Kraus. Jeremy Scott. Senior Research Analyst Twitter: @jeremyscott_org. Director of Research Twitter: @robkraus. Solutionary, Inc. (Twitter: @solutionary)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'How Effective CSOs Prepare for DDoS Attacks' - darin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
How effective csos prepare for ddos attacks

How Effective CSOs Prepare for DDoS Attacks

Rob Kraus & Jeremy Scott

Solutionary SERT


Speakers
Speakers

Rob Kraus

Jeremy Scott

Senior Research Analyst

Twitter: @jeremyscott_org

  • Director of Research

  • Twitter: @robkraus

Solutionary, Inc. (Twitter: @solutionary)

Security Engineering Research Team (SERT)


Countering Attacks Hiding In Denial-Of-Service Smokescreens

-Dark Reading, September 2013

What’s better than creating your own DDoS? Renting one

-TechRepublic, September 2013

Cybercrooks use DDoS attacks to mask theft of banks' millions

-CNET.com, August 2013

DDoS Botnet Now Can Detect Denial-Of-Service Defenses

-Dark Reading, August 2013

DDoS Attacks Strike Three Banks

-Bank Info Security, August 2013


Ddos varieties
DDoS Varieties

  • Every DDoS is different

    • Attack types/target infrastructure/services

    • Tools (booters, stressers, DDoS for rent)

  • Examples:

    • Volumetric

    • SYN Flood (TCP protocol)

    • DNS Amplification (reflection)

    • HTTP Application Attacks



Application layer ddos
Application Layer DDoS

  • Targets applications

    • Effective due to underlying components serving content

      • Logon pages

      • “Heavy” content pages

      • Complex database queries

      • Max connections exceeded


Case study 1
Case Study #1

  • Mid-sized financial institution

  • Targeted application DDoS

  • Over 30,000 attack sources

  • Attack duration 30 minutes

Attacked 8 times in 2012



Case study 2
Case Study #2

  • Large financial institution

  • Over 91,000 attack sources (150 countries)

  • Attack duration: 10.5 hours

  • Bandwidth Consumption DDoS

    • Masked 3 unauthorized ACH transfers totaling 4.2 million dollars


Other ddos considerations
Other DDoS Considerations

  • Is your organization the target…or the source?

    • Monitor internal and external bandwidth

  • Visibility is key

    • Monitor appropriate parts of infrastructure

    • Consider SSL termination points




Ir roles responsibilities
IR Roles & Responsibilities face.”

  • Planning

  • Preparation

  • Testing plan effectiveness

  • Monitor intelligence feeds

  • Communication

  • Manage incidents


Ddos response goals
DDoS Response Goals face.”

  • “Stop” vs. Mitigate

    • Goal #1 Detect the attack in a timely manner

    • Goal #2 Enable reactive controls

    • Goal #3 Achieve “Sustained Availability”

    • Goal #4 Recovery and review


Defense maturity
Defense Maturity face.”

Basic Controls

Advanced Controls



Poor cso approach
Poor CSO Approach face.”

  • Rely on others to understand the risk

  • Unaware of the organizations capabilities to thwart attacks

  • Expect results even after no prior planning

  • Scramble for budget during the attack

  • Don’t consider attacks a part of delivering business


Effective cso approach
Effective CSO Approach face.”

  • Think in terms of “tactical” and “strategic” solutions

  • Understand:

    • threat, risk, vulnerabilities, loss potential

    • it isa matter of “when”, not “if”

    • the goal is not to stop, but mitigate

    • not all DDoS can be mitigated, but still try

    • “rolling your own” solution is not always the best choice

  • Sponsor and participate in IR plan development


Effective cso approach1
Effective CSO Approach face.”

  • Embrace and leverage relationships

    • ISP

    • Vendors - subject Matter expert support contracts

  • Conduct test exercises to determine plan effectiveness

  • Leverage existing technologies

  • Plan and allocate budgets

    • Training

    • External IR support

    • Mitigation services


Benefits of being effective
Benefits of Being Effective face.”

  • Compress the mitigation timeline

    • Reduce overall impact

      • Loss of productivity

      • Loss of availability (loss of revenue)

      • SLA penalties

      • Legal costs

    • Protecting your brand


References
References face.”

  • RFC 4987 - Syn Flood Attack and Mitigation

  • Solutionary – 7 Steps to DDoS Protection

  • Solutionary – 2013 Global Threat Intelligence Report (GTIR)


Questions

Questions? face.”


ad