attackers vs defenders restoring the equilibrium n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Attackers Vs. Defenders: Restoring the Equilibrium PowerPoint Presentation
Download Presentation
Attackers Vs. Defenders: Restoring the Equilibrium

Loading in 2 Seconds...

play fullscreen
1 / 32

Attackers Vs. Defenders: Restoring the Equilibrium - PowerPoint PPT Presentation


  • 57 Views
  • Uploaded on

Attackers Vs. Defenders: Restoring the Equilibrium. Ron Meyran Director of Security Marketing January 2013. AGENDA. Cyber security Statistics About 2012 Global Security Report Key Findings ERT Case Studies 2013 Recommendations. Cyber Security Study.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Attackers Vs. Defenders: Restoring the Equilibrium' - lionel


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
attackers vs defenders restoring the equilibrium
Attackers Vs. Defenders: Restoring the Equilibrium

Ron Meyran

Director of Security Marketing

January 2013

agenda

AGENDA

Cyber security Statistics

About 2012 Global Security Report

Key Findings

ERT Case Studies

2013 Recommendations

cyber security study
Cyber Security Study

A research study by Ponemon & Radware

Surveyed 700 IT & IT Security Practitioners

Non Radware customers

Release date: November 12th 2012

cyber security business priorities
Cyber Security Business Priorities

Ranking of cyber security objectives in terms of a business priority objective

5 = Highest Priority to 1 = Lowest Priority

ddos attacks frequency
DDoS Attacks Frequency

How many DDoS attacks experienced in the past 12 months?

65%

of organizations had an average of 3 DDoS attacks in the past 12 months

average downtime during one ddos attack
Average downtime during one DDoS attack

54

Minutes average downtime during one DDoS attack

cost of downtime
Cost of Downtime

Cost per minute of downtime

$22,000

Average cost per minute of downtime

$3,000,000

Average annual Cost of DDoS Attacks

agenda1

AGENDA

Cyber security Statistics

About 2012 Global Security Report

Key Findings

ERT Case Studies

2013 Recommendations

information resources
Information Resources
  • Radware Security Survey
    • External survey
    • 179 participant
    • 95.5% are not using Radware DoS mitigation solution
  • ERT Survey
    • Internal survey
    • Unique visibility into attacks behaviour
    • 95 selected cases
      • Customer identity remains undisclosed

ERT gets to see attacks in real-time on daily basis

agenda2

AGENDA

Cyber security Statistics

About 2012 Global Security Report

Key Findings

ERT Case Studies

2013 Recommendations

organizations bring a knife to a gunfight
Organizations Bring a Knife to a Gunfight
  • ”Someone who brings a knife to a gun fight”
    • Is someone who does prepare himself for the fight, but does not understand its true nature
  • Organizations today are like that
    • They do invest before the attack starts, and conduct excellent forensics after it is over,
    • however, they have one critical blind-spot – they don't have the capabilities or resources to sustain a long, complicated attack campaign.
  • Attackers target this blind spot!
attacked in 2012
Attacked in 2012

They had the budget

They made the investment

And yet they went offline

organizations deploy two phase security approach
Organizations Deploy Two-phase Security Approach

Industry Security SurveyHow much did your organization invest in each of the following security aspects in the last year?

Only 21% of company efforts are invested during the attack itself,

while 79% is spent during the pre-attack and post-attack phase.

attacks last longer
Attacks last longer

21%

23%

21%

12%

11%

12%

Attacks last longer: The number of DoS attacks lasting over a week had doubled in 2012

and become more complex
And become more complex

ERT Cases – Attack Vectors

Attacks are more complex: 2012 DoS/DDoS attacks have become more sophisticated, using morecomplex attack vectors. Note the number of attacks using a complexity level of 7-10.

content delivery network cdn
Content Delivery Network (CDN)

Do you consider Content Delivery Networks (CDNs)a solution for a DoS/DDoS attack?

70%

30%

70% of the companies who use CDN believe the CDN is a solution for DoS\DDoS attacks.

attacks evade cdn service

Legitimate requests are refused

Legitimate users

Internet

Attacks Evade CDN service

GET www.exmaple.com

Backend Webserver

GET

www.exmaple.com/?[Random]

Botnet

CDN service

  • In recent cyber attacks the CDN was easily bypassed
    • By changing the page request in every Web transaction
  • These random request techniques force CDNs to “raise the curtain”
    • All the attacks traffic is disembarked directly to the customer premise
    • More complex to mitigate attacks masked by CDN
attackers are well prepared
Attackers are well prepared

By definition the defenders loose the battle

Equilibrium has been disrupted

the good news 1
The good news (1)

Industry Security SurveyHow likely is it that your organization will be attacked by cyber warfare?

Organizations start understanding the risk of DDoS

Over half of the organizations believe their organization is likely

to be attacked by cyber warfare.

the good news 2
The good news (2)

Industry Security SurveyWhich solutions do you use against DoS attacks?

Organizations start understanding Firewall and IPS cannot fight DDoS attacks

conclusions
Conclusions
  • Today’s attacks are different
    • Carefully planned
    • Last days or weeks
    • Switching between attack vectors
  • Organizations are ready to fight yesterdays’ attacks
    • Deploy security solutions that can absorb the first strike
    • But when attacks prolong - they have very limited gunfire
    • By the time they succeed blocking the first two attack vectors, attackers switch to a third, more powerful one
a different approach is needed
A different approach is needed
  • A team of security experts
    • Acquire capabilities to sustain long attacks
    • Train a team that is ready to respond to persistent attacks
    • Deploy the most up-to-date methodologies and tools
    • 24 x 7 availability to respond to attacks
    • Deploy counterattack techniques to cripple an attack
agenda3

AGENDA

Cyber security Statistics

About 2012 Global Security Report

Key Findings

ERT Case Studies

2013 Recommendations

us banks under attack operation ababil
US Banks Under Attack: Operation Ababil

Publication of the ‘Innocence of Muslim’ film on YouTube invokes demonstrations throughout the Muslim world

September 18th- ‘Cyber Fighters of Izz ad-din Al Qassam’ announced an upcoming cyber attack campaign against ‘American and Zionist’ targets.

attack summary
Attack Summary
  • Attack targets
    • Bank of America
    • New York Stock Exchange (NYSE)
    • Chase
    • Wells Fargo
  • Attacks lasted Sep 18-21, 2012
  • Multiple attacks’ waves on each target, each wave lasted 4 to 9 hours
  • Victims suffered from temporary outages and network slowness
  • ERT was actively involved in protecting the attacked organizations
why it was so challenging
Why it was so challenging?

UDP Garbage flood on ports 80 and 443

  • Multi-vulnerability attack campaign
  • Mitigation nearly impossible
  • Attackers look for the blind spot

Large volume SYN flood

Business

SSL Client Hello flood

HTTP flood attack

SHUT

DOWN

recent updates
Recent updates
  • HTTP flood was carried from compromised hosting servers
    • Highly distributed attacks
agenda4

AGENDA

Cyber security Statistics

About 2012 Global Security Report

Key Findings

ERT Case Studies

2013 Recommendations

ert recommendations for 2013
ERT recommendations for 2013

Restore the equilibrium

  • Acquire capabilities to sustain a long sophisticated cyber attack
  • Attack tools are known. Test yourself
  • Carefully plan the position of DoS/DDoS mitigation within network architecture
    • On premise capabilities
    • In the cloud capabilities
thank you

Thank You

Ron Meyran

ronm@radware.com