dns dns sps threatavert‚»キュリティは... · 2018. 9. 11. · dns dns " " sps...
TRANSCRIPT
DNS�������DNS�"�"��SPS ThreatAvertDNS �"�� DDoS ��� ��(�$30�5+2018*6-27,���!��� �"�% ���'.4 6)/2
©Akamai Technologies, 2018
2
Nominum, now part of Akamai
� ������
©Akamai Technologies, 2018
3
Akamai Technologies
� �����
©Akamai Technologies, 2018
4 Nominum | About Us
�$�&���%&� �+'
()
�$!�$%�� �"�$ ���#&�,+ �&�,+
���#&�-.*
! DNSi CacheServe! DNSi AuthServe! DNSi Big Data Connector
! SPS Content Compliance! SPS ThreatAvert
! SPS Secure Business! SPS Secure Consumer! SPS Secure Public Wi-Fi
! SPS Reach
���#&�%���"��
�$�&���%���"��
� �!��%
����&� $
&� %
�&��!��&� $
©Akamai Technologies, 2018
DNSi CacheServe –�KHmyV��:+&; DNS
•d .>+4� �XS��tU{ '"F>3?,�
– BIND njY5�10 L �Os{R(QPS)���$F1Fi�Y^Qq
– >�)D'E�F���24�F8D'us
����b}�c'"F@��[M
•�D/<F%�� '6?�D'VG
– DNS A�,D&�Y^ q\
•)�;?,��U~e
– px��N] �?�@#?(9
– �:+&;E7�(0D!ze
– Wr �����|`e����h
– 24�F8D'�a�� � �?EB�D
!�lw
– BF/1>D$�4�����F@�f�
•Zk��5?"F&=D
– �v_7?&F
– �?E-F*�T��A7F,�D!
•�KHmy�}o�c��$7F.gJ
– CF@/C�/�$7F.IP
©Akamai Technologies, 2018
DNS ������
©Akamai Technologies, 2018
�� �������: ������������
7SPS Secure Consumer
50��" ThreatAvert "���2.5���".<0,B(9&*9K
:/80#����847GK,"��
�� �C2D9";47=CH7:130��"�����40 I ���".K:01� 1.7 �,)C
1+AC5'!��%=E(@K:� 2�"1+AC5'JE?K76K3J.()H0J<F-Webinar��"(>H7$�
©Akamai Technologies, 2018
8
DNS�������� �������������..
SPS ThreatAvert
��*0'����"PRSD���$#��"��(+)-&.
�"%.,�� �����������
2016���!2017�� �� 3 /����" PRSD ����
20% 55% 68%
Source: NominumSource: Nominum Source: Nominum
©Akamai Technologies, 2018
9
�����+* ��� PRSD &%"(
SPS ThreatAvert
•# : 3 '&%,�!� 50����������
����&%��)$�����
Source: Nominum Research, 2017
1��� ���������� ��������������
Ratio
©Akamai Technologies, 2018
10
�$ 0/�31��,�./�(���
•-*: )2' ��& $%!&"%�&������&�����#&�%�$�&�����4+����
�� IP ����� 1 ��� 250 � ����
Source: Nominum Research, 2016 – Amplification attack traffic from 4 IPs SPS ThreatAvert ©Akamai Technologies, 2018
11
�� �������
•��: ����� QPS �������������
Source: Nominum Data Science
0 QPS to 180k QPS in 10 minutes
SPS ThreatAvert ©Akamai Technologies, 2018
���������
12
��� DDoS ������
©Akamai Technologies, 2018
ThreatAvert ��������
©Akamai Technologies, 2018
14
SPS ThreatAvert
Internet
Dashboard
AttackQueries
LegitimateQueries
streaming data
StreamingThreat
Intelligence
• Akamai �&@+R>�(�K6=�CacheServe �?;=OR1Q70IK<+QDK5R)��
– C;=?;= C&C S3EP>Q*P>Q3P=NRL)"AN;1– DNS*PB�!��'AN;1$MR=KF;=!%'�– JP:GQ4A>H,P� ( PRSD / ��# )"AN;1��
– DNS=P?KP2"AN;1
• MDR=– �QAN;1��
– >KL:-P!%'��S����EL-.*Q9,B�1J,*P=� �T
– ��� MDR=��
– /281<+AQMDR=
SPS ThreatAvert ©Akamai Technologies, 2018
15
DDoS�(�!�)/��� AH
Internet
Dashboard
AttackQueries
LegitimateQueries
streaming data
StreamingThreat
Intelligence
�* 7YH]L8<?�A!
SVQW\KFXYND]\YH]L :�'9��6���%8<> 1 �04> 1000 ���9GEYB)�351?/��8�=@4IJNW:
• PWIM@ (anomaly) �F:• RSN�"*�230%+�4�,2�VQ��D��:K��U<�I>
• GE=T�L��$4J�B;• 9Z@ (false positive) �CY���� OXX8����
�-�
& ��9CMUO]P:#$ 8+�2@�8TZMG
• DDoS ��8<?RMP[]G;9(�B"�8,�.��• (�!�#�!14�� $���?[�6��������&��-�$ ���'.�2� 75�AH
SPS ThreatAvert ©Akamai Technologies, 2018
*.�342+/'5"034"#'- (DRS)
•=T�109�O��*.�3?��NS�CNAME�IP�*2#�WHOISE@�>L1#)����M� ��(5%,5#<
•$ /1'�4,3&5�G8��*.�3?�1#)�BS�7���*.�3?�6P�����
•��,3&5�N ���K�:�,3&5�N �IR�UC�Q�
•↓
•DNS!�14(5%���HA�1#)�FD�J;
©Akamai Technologies, 2018
Domain2Vec
•���$+G� ��!$�� �7.!�����%���������$+�DGA;C
• 5-(��%$ITLD�F��5->…J
• D:�� IP��"�
• � ��$� IP��"�I4�H1����#%�…J
• 9, DNS
• <EA
• )2��!��������$+
•:
•90'&03��� ��D8�B*=�?@=/6
©Akamai Technologies, 2018
18
OE:). 3P
@;�#-&�"��7H=I�#-&�"��'0"�
���� �����
PRSD �4M�)%,-3�$+�1�A�
CacheServe �). 3��@;��'$+�1�F9
���6��'$+�1�'0"�
�������
•�1(?>�5��ANY��.�B�������
��
CacheServe �). 3� ANY��.�/3#2.*"#�LB
truncate•/3#2.*"#��� N8�J����.��truncate <D�K
•@;��-��1#��� TCP �.#-�
•!(3&(GC)����$/!�� truncate <D�.#-�����
<randomstring>
popularsite.com>
!
$*? $*?
SPS ThreatAvert
X<www3>
popularsite.com>
©Akamai Technologies, 2018
ThreatAvert ��������
©Akamai Technologies, 2018
20
+=&<�=�* (4
•K\��%"=6/7*��CV]E
– >X?�I_Q.),:= �K`���
�=0;�#;1=.;,
•TBR�FWM
– HU��=�* (4��� '�;&�2�ND���)0!9=-�^����
•LZG�S��7�8&�2� DNS +=&�*93,7<+=&
– /)!+=&<$%*2 (Splunk�HadoopY)�@��07"=$5;��cAb�O[M
• �07"=$5;<1=&8• PJ�/)!+=&<$%*2• �@�aW$%*2
%�&��#� DNS �*����� ������"*�:
CacheServe
ThreatAvert
Kafka �$���*�)�� $�(
��&� ��
'"*��(������*����
�*�!*�
©Akamai Technologies, 2018
21 SPS ThreatAvert
• *3#��� DNS ��0 –J;��H\�R=�X�
• UV��)7� DNS FC –UV���!&
• 0!&6�#+%7& –0!&ONSQ�AZ>
• IP *!�/�(M –'#&47���LK�T@����G^�?���_E����
• '#&47�:�.1��� –WD�8[
2-7$�5�� ThreatAvert �,7! B����]<�/�"5!9Y
�������� ������������
©Akamai Technologies, 2018
22
@6�B>�A=�
��(*� /���(#0�
• ���*����) • DNS �."�).�&/�!�'�.98 (PRSD) - QPS ���" 10 �'�.
• %+������*:�7<�� IP ��,�:
• -./�*���B>�,$0�
• DDoS �?;,$0� (5351)
• 24� DDoS %+���/�'�.��)��.��B>
©Akamai Technologies, 2018
23
•��*-�'+,���&�-� - DNS � )��72
• QPS�� ),����*� +�,�-�
• )�-�'+,�+��
��
• )� ���*� +��3/
•���",* -� -<9����-��40;:
• �(��+�=51)� �� / *� +�
• �%��&,��� / !�
• UPD/TCP )� ��• �*��6�CPU.98�#$)�.98
������ �� ������������
©Akamai Technologies, 2018
24
������ �� ��
������ �
•")�� ����
'-�(������,�,
+
•�����#*��%.��$&!-�
©Akamai Technologies, 2018
25 SPS ThreatAvert
���!$�#��
�$���&�6
1%�50.� ��$�
���"�/���$�
- ),3�2('� 7-�
*+�IPv4�IPv6�.- �$��,4���$�#��$��������
�$�
©Akamai Technologies, 2018
26
4=9&+����V� DDoS ML�KR
� TNW��(1�;�%=�&'�� DNS ��6�*&':=�<'5-�&�� 70% �Hc
� �� CacheServe �@�� �����ab� ThreatAvert �OCD
� ML�\P -�7%�]E������0)2�7<�.8="3;�>[�
� I`���6�_A���!=,#�SF�J��
� 1G��� €200,000 �YZ #'BU� 1?��� €50,000 ����!/='< #'BU
^d
$62="3;
XQ
SPS ThreatAvert ©Akamai Technologies, 2018
��
©Akamai Technologies, 2018
������
28
1
�:)<.+,
ISP �7(8/
6:*4�%0-5�:
�$ 7
2
3
��.<4
%</
�������
2',
7"<&0;$ 7
!<1: DNS19#&<�3+,
4
ISP
�:1�
�:)<.+,
�������
� �����$ 7
3
���������2',
�����
2<4;8<)�!<1: DNS19#&<
ISP
6:*4;%0-5�:�
2
��
ISP �7(8/
1
SPS ThreatAvert ©Akamai Technologies, 2018
29
�������������
DNS 8I5)=60H8I5H347@!�2>4/B,<!��(8I5)��
��";I:-.*#��
3I@E4 �Hadoop & Splunk $"�'�%�������!��!��(�����
41IB=C7+
3G?D 8?F,AG9���� 80 %"8I5��
©Akamai Technologies, 2018
The world’s largest and most trusted Cloud Delivery Platform
©Akamai Technologies, 2018