arbor’s peakflow solution - eventos 2020
TRANSCRIPT
Arbor’s Peakflow Solution
Eduardo Maffessoni Consulting Engineer - Instructor
CURIOSIDADES DE POSSUIR
VISIBILIDADE
3
Tráfego na cidade do RJ durante as Olimpiadas, subiu ~50%
4
Tráfego total NETFLIX Brasil, durante os jogos:
5
Total do tráfego interno do Brasil, aumenta 40% durante as Olimpiadas
6
Tráfego de Internet no Brasil, cai ~20% durante a abertura dos jogos Olímpicos
7
Tráfego do Google sobe ~500% no RJ
8
Monitoramento da BotNet IoT – constante a 18 meses
9
Monitoramento global de TELNET
Padrão de comunicação da
Bot
Utilizado para manutenção, descoberta,
infecção
10
Aproximadamente, 500.000 devices na Internet
11
O que é ter visibilidade de seu tráfego? O que é poder mitigar qualquer formato de ataque de flood de pacotes?
Cópia do comando da Bot IoT para infecção
de novo device
O QUE A ARBOR PROVÊ 100% dos T1 de Internet 8 dos 10 maiores bancos do planeta 3 das 5 maiores redes sociais 5 das 5 maiores operadoras de cartões globais 5 últimos jogos Olímpicos Os maiores bancos do Brasil Governos federal, estaduais e municipais Mais de 600 CLIENTES protegidos no Brasil ~70% de todo o mercado Anti-DDoS do planeta, confia na Arbor
video
ARBOR SP/TMS
(FORMER PEAKFLOW)
15
Comprehensive Dashboards
Network: Top peers, ASNs,
Countries, Cities Applications,
Fingerprints, Growth
Application: Customers, Ports,
Peers, Markets
Customer: Applications, Peers,
Fingerprints, Markets, Alerts
Router: Per router stats, Top
Interfaces, Applications,
Customers
Per interface traffic alerts
16
Network Visibility: Report Examples
TCP Applications
BGP ASPath BGP ASN Origin
17
Global Geography Reporting
• Reports and tracking by
country, region, city
• Track threat sources
• Country baselines and
alerts
• Allow, drop, shape traffic
based on country
• Identify growth markets
• Measure service usage
by city
A New Dimension of Network Intelligence
Benefits Better threat response Better market analysis
Better planning
18
IPv6 Visibility
• First line of defense –
Visibility
– Peakflow SP (since 2009)
provides operators visibility
into IPv6 traffic.
• Why visibility is important
– Can’t troubleshoot what you
can’t see
– Can’t get alerted to what you
can’t measure
– Can’t gauge effectiveness of
remediation
– Can’t plan for growth
Which customers are using IPv6?
How does IPv6 compare to all other traffic?
Are customers using Tunnels (proto 41, Teredo)?
19
IPv6 Reports and Dashboard
Benefits
Understand IPv6 Usage
Better IPv6 planning
Identify potential misuse of tunnels
20
Peer Reports & Tools: Peering Evaluation
Find best candidates for new peering and visualize
savings against existing transit connections
21
Peer Reports & Tools: Transit Reports
• Gain a strong understanding of the traffic that transits your network
beyond your initial peers
– View where your customers traffic is truly destined
– Make intelligent decisions about peering expansions
– Assure that existing peering agreements are being used to their full potential
• Ensure that transit customers are abiding service agreements like no-
resell agreements
Ensure peering
and transit
arrangements
are as cost
effective as
possible
22
Route and VPN Analytics
• BGP Route Analytics – Route analytics
– Route instability reports
– Route hijack prevention
– 4 Byte ASN support
• VPN Analytics – MPLS in/out per router, per interface
– QoS in/out per router / interface
– MPLS egress PE per router / interface
Benefits Improved Operations Management
Enhance MPLS Service Revenue Manage Service Level Agreements
Optimize capital spend
Advanced Threat Protection Detect and mitigate threats (e.g. volumetric & application layer DDoS attacks, mobile signaling storms) before they impact service availability or performance.
Service Enablement Monetize network infrastructure and Arbor technologies for revenue generating services & competitive differentiation.
Arbor’s Peakflow Solution for Service Providers
Backed By the Industry Leading Global Threat Intelligence from ASERT and ATLAS
Pervasive Network Visibility • Backbone • Peering/Transit edge • Cloud/Datacenter • Mobile network • Customer Edge
You Can’t Protect What You Can’t See…We See Things Others Can’t.
MITIGAÇÃO
Challenges & Trends for Service Providers
Network
Traffic
M&A Multiple
Technologies
Rise in
DDoS
Tools &
Motivations
Mobile
Malware
Increased
Competition
Managed Security
Services
M2M SDN/NFV
Hacktivism Availability Commoditization ARPU
Value Added Services Advanced Threats
Network/Operational Complexity Cloud Adoption
Public
Hybrid
Private
Customer
Loyalty
PaaS/XaaS CDN
INTERNET
MOBILE
SUBSCRIBERS
& DEVICES
CUSTOMER
EDGE
BUSINESS
CUSTOMERS
BROADBAND
SUBSCRIBERS
DATA CENTER &
CLOUD SERVICES
MOBILE NETWORK
BACKBONE
Transit Peer Edge
Attack Traffic
Legit Traffic
A complex environment under constant threat
Today’s Service Provider Network…
“Detection in 1 sec, Mitigation in less than 1 min”
27
28
Service Protection with Peakflow SP HTTP / Web 2.0 Protection
– Block malformed HTTP
– Rate-limit HTTP requests
– Stop “low and slow” attacks
SSL Protection
– Neutralize SSL signaling protocol attacks
VoIP Protection
– Block malformed SIP packets
– SIP request limiting
DNS Protection
– DNS Regular Expressions (RegEx)
– DNS Authentication/Anti-Spoofing
– DNS Query Rate Limiting
– DNS Non-Existent Domain (NXDOMAIN)
– Rate Limiting
IP-based Protection
– Packet scrubbing (TCP / UDP/ ICMP)
– TCP Connection reset
– White list / black list
Benefits
Protect business critical applications
from targeted attacks
29
Threat Detection Methods
• Misuse Anomaly – Thresholds for potentially
malicious traffic (TCP SYN, IP Frag, DNS malformed, etc)
• Profiled Anomaly – Legitimate traffic that exceeds
normal patterns (e,g, http flood attacks, amplification attacks)
• Fingerprint Anomaly – Known attack signatures
– Auto updates – ATF, FSA
– Custom
• IP Location Anomaly – Alert on Traffic Spikes from
unexpected countries
• Cloud Signaling – Cloud signaling alerts from
registered Pravail APS devices
Network Wide: Detects Highly Distributed Attacks
30
View packet samples in real time
• View real time packet contents in wireshark
• Analyze malicious packets while under attack
Obrigado