level 3 ddos mitigation
TRANSCRIPT
© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
Level 3® DDoS Mitigation
Marva BennettEnterprise Account Manager
(512) 431-6390
Anthony S BombaSecurity Specialist
2016
© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.2
Level 3sm Network Protection – How it worksUpstream Mitigation: ACL Filtering, Firewall, Command & Control Take Downs
Level 3 Network Protection Features: Basic Network Protection• BGP router filtering, null routing, transit interface protection and SOC triggered Blackholing.
Rate Limiting • Maximum rates may be specified based on a number of criteria.
Custom Filter Creation • Level 3’s Security Operations personnel will work with customers to identify attack actors
and develop/apply appropriate filters.
Permanent Access Control Lists • Filters applied will be placed into service permanently, providing on-going protection. • ACL is 50 lines or less.• Up to two changes per month, per service.
SLA: 30-Minute Time to Respond• A high percentage of attacks are volumetric in nature with identifiable signature patterns.
Level 3 delivers a 30-minute SLA for time respond for these attacks.
Reporting upon Request • Upon request, Level 3 will provide a limited amount of logging information and reporting.
© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.
• Network-based, unlimited mitigation• Always-On or On-Demand options• Route determined by BGP configuration• For customers with a maximum of 1 Gbps.
of peak inbound traffic• Volumetric and application layer attack mitigation
(Layers 3-7)• Optional proactive monitoring and alerting
Service Highlights
GRE Solution
Attack TrafficClean Traffic
Routing redirects traffic to global redundant scrubbing centers
GRE tunnels over public Internet
Clean Traffic
Customer Datacenter(s)
Uses GRE tunnels over public Internet as a forward from Level 3 scrubbing center to customer datacenter(s) for clean traffic
Level 3 scrubbing centersAttack traffic dropped.Clean traffic returned to customer.
3
SYNFlood
Clean
NTP
© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.4
Benefits of GRE SolutionQuick start, lower cost Internet connection option
• Reduces CostsProvides a cost-effective solution for smaller off-net locations
• Ease of DeploymentFaster to deploy as compared to private connection solution
• Full IP Address ProtectionProtects IP address space against DDoS attack vs. protection of website using the proxy based DDoS mitigation
Improved Time to Deploy
Reduced costs foroff-net locations
Full IP Address Space Protection
© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.5
Proactive monitoring and alerting
Flow-Based Monitoring Option
• Monitors customer edge routers and detects anomalies and changes in volumetric flows
• Detects Layer 3 & 4 DDoS attacks and provides alerts to Level 3 SOC and Customer- Netflow, Sflow, Jflow
• 24x7 monitoring and alerts backed by SLAs
• Additional forensic evidence for faster mitigation
• 24/7 Monitoring:Level 3 Security Operations Center
• Non-Intrusive: No hardware inserted into the network
• Improved Analytics: Into user activity and applications
Solution Benefits
© 2015 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential.6
Flow-based Monitoring Expansion
Collecting NetFlow from Level 3 infrastructure for attack detection
• Simplified provisioning by reducing dependency on collecting flow data from customer equipment
• NetFlow data delivery not impacted by congestion of the customer circuit due to the attack
• Competitive feature parity with facilities based providers and competitive advantage over cloud providers
• Eliminates concerns with customers whose security policies do not allow for sending the flow data from customer equipment to the provider (e.g. financial sector)