cyber attack survival: are you ready?

Cyber Attack Survival.Are You Ready?

2

Who Is At Risk?

© Radware, Inc. 2014

2013

Shift from 2013

Soph

isti

cati

on

20132010 2011 2012

• Duration: 3 Days• 4 Attack Vectors• Attack target: Visa, MasterCard

• Duration: 3 Days• 5 Attack Vectors• Attack target: HKEX

• Duration: 20 Days• More than 7 Attack vectors• Attack target: Vatican

• Duration: 10+ Months• Multiple attack vectors• Attack target: US Banks

Attack Landscape Evolution

3

• Attackers would rather keep the target busy by launching one attack at a time, rather than firing the entire arsenal at once.

• You may be successful at blocking four or five attack vectors, but it only takes one for the damage to be done.

Multi-Vector Attacks Take Aim

4

More than 50% of attack campaigns deployed five or more attack vectors during 2013.


5

Application: 62% Network: 38%

Attack Vectors


New Vectors, Dangerous Trends

• 50% of all Web attacks were encrypted application based attacks during 2013.

• 15% of organizations reported attacks targeting web application login pages on a daily basis.

• And DNS based volumetric floods increased from 10% to 21% in 2013, becoming the second most common attack vector. 6 © Radware, Inc. 2014

7

The Results


Public attention 1 sec page delay

3.5% decrease in conversions

2.1% decrease in shopping cart size

9.4% decrease in page views

8.4% increase in bounce rates

Multi-Vulnerability Attack Campaigns

8

InternetPipe

Firewall IPS/IDS Load Balancer(ADC)

Server SQLServer

Internet

2011

2012

2013

5%

10%

15%

20%

25%

30%

•Volumetric

Floods

•Network Scans

•SYN Floods

•Low & Slow

•HTTP Floods

•SSL Floods

•Application Misuse

•Brute Force

•SQL Injection

•Cross Site Scripting


Enterprise Datacenter

Problem: Single Source, Multiple IPs

• Single Attack source• Attacker dynamically changes IP• DHCP reset, Anonymous proxies

9 © Radware, Inc. 2014

Enterprise Datacenter

Problem: Multiple Sources, Single IP

Sources are behind NAT• CDN• Enterprise Internal Network• Carrier Grade NAT


29%

Initial Compromise toDiscovery

0% 0% 2% 13% 56%

Seconds Minutes Hours Days Weeks Months

11

Minutes to Compromise. Months to Discover.

Initial Compromise toData Exfiltration

8% 38% 14% 25% 8% 8%

Initial Attack to InitialCompromise

10% 75% 12% 2% 0% 1%10% 75%

29% 56%


Enterprise Data Center

Hosted Facilities

Public / Private Cloud

Outsourced Infrastructure


• The demise of the perimeter• Third party security dependencies• Limited or no situational awareness• Limited threat visibility • Loss of control

Outsourcing Ramifications


Application

Server

Front End

Data Center

Perimeter

• Envelope Attacks – Device Overload• Directed Attacks - Exploits• Intrusions – Mis-Configurations• Localized Volume Attacks• Low & Slow Attacks• SSL Floods

Detection: Encrypted / Non-Volumetric Attacks

14

Application

Server

Front End

Data Center

Perimeter

• Web Attacks• Application Misuse• Connection Floods• Brute Force• Directory Traversals• Injections• Scraping & API Misuse

Detection: Application Attacks

15

Application

Server

Front End

Data Center

Perimeter

Cloud

Scrubbing

• Network DDoS• SYN Floods• HTTP Floods

Detection: Volumetric Attacks

16

Bo

tn

et

E n t e r p r i s e

C l o u d S c r u b b i n g

H o s t e d D a t aC e n t e r

17

Mitigation: Encrypted, Low & Slow Attacks

Bo

tn

et

E n t e r p r i s e



Attacksignatures

18

Mitigation: Application Attacks

Bo

tn

et

E n t e r p r i s e



19

Mitigation: Volumetric Attacks

Bo

tn

et



E n t e r p r i s e

Attacksignatures

20


Bo

tn

et



E n t e r p r i s e

21


22

E n t e r p r i s e D a t a C e n t e r

Attack Mitigation Optimization

AppWallWAF

DefensePro

Cyber Attack Defense

Attack Detection

Quality of Detection (QD)

Technical Coverage

Detection Algorithms

Time to Detection (TD)

Reporting & Correlation

Triaged Response Options

Attack Mitigation

Quality of Mitigation (QM)

Over / Under Mitigating

Proper Mitigation Location

Time to Mitigation (TM)

Local / Premise

Cloud

Business Partner23

Cyber Attack Defense

Attack Detection

Attack Mitigation

Quality Of Mitigation

Time To Mitigation

Quality Of Detection

Time To Detection

Technical Coverage

Detection Algorithms

Reporting & Correlation

Triaged Response Options

Over/Under Mitigation

Mitigation Location

Local / Premise

Cloud

Business Partner


Cyber ControlSync, Automation & Visibility

DistributedDetection

3rd Party Detection/ Mitigation Elements

SDN-enabled Network Elements

DistributedMitigation

Radware AMS Components

Current Network Elements

The Attack Mitigation Network

Selects the most effective tools and location for attack mitigation. Collect security

events and network statistics from a multitude of resources.

Synchronize traffic baselines and attack information amongst all mitigation tools.


1. Don’t assume that you’re not a target.

Draw up battle plans. Learn from the mistakes of others.

Survival Checklist

25

2. Protecting your data is not the same as protecting your business.

Comprehensive information security requires data protection, system integrity and operational availability.

3. You don’t control all of your critical business systems

Understand your vulnerabilities in the distributed, outsourced world.

Work with cloud and internet service providers that provide you with visibility and control over your connectivity and hosted assets.

4. You can’t defend against attacks you can’t detect.

The battle prepared business harnesses an intelligence network.

Survival Checklist

26

5. Don’t believe the DDoS protection propaganda.

Understand the limitations of cloud-based scrubbing solutions.

Not all networking and security appliance solutions were created equal.

6. Know your limitations.

Enlist forces that have expertise to help you fight.

Cyber Security Toolkit


DefensePro: Anti-DoS, Network Behavioral Analysis, IPS

AppWall: Web Application Firewall

Alteon: Application Delivery Controller, SSL Attack Decryption

Vision: SIEM, Centralized Management & Reporting

DefensePipe: Cloud-based, volumetric cyber attack scrubbing service

Emergency Response Team: Free 365x7x24 support for customers that are under cyber-attack


Thank [email protected] Security Solutions

cyber attack survival: are you ready?

Technology

t ac e n t e r17mitigation

t ac e n t e r19mitigation

b o t n e tc

n t e r p r i s e21mitigation

attack vectors radware

initial attack

cyber attack survival

multivector attacks