preparing for the imminent terabit ddos attack
DESCRIPTION
With the rapid growth of volumetric DDoS threats, even the largest networks, equipped with carrier grade hardware and with huge amounts of bandwidth at their disposal, are at risk of being taken down by a large DDoS attack. Volumetric DDoS threats are leading many financial institutions, service providers, and other large organizations on a search for solutions that can scale DDoS protection beyond their existing network capabilities, and into the Terabit level. Learn: - Expected trends in the evolving DDoS landscape over the next 12-36 months - Important considerations when selecting your DDoS protection technology - How to prepare your organization to detect and respond to a DDoS attackTRANSCRIPT
© 2014 Imperva, Inc. All rights reserved.
Preparing for the Imminent Terabit DDoS Attack
Confidential 1
Orion Cassetto, Sr. Product Marketing Manager, Incapsula
© 2014 Imperva, Inc. All rights reserved.
Agenda
Confidential 2
§ Network DDoS trends § Is a Terabit DDoS attack imminent? § Attributes of a DDoS-resilient network § Infrastructure and DNS protection
© 2014 Imperva, Inc. All rights reserved.
Incapsula, An Imperva Company
Confidential 3
§ Founded in 2009 by a group of security industry veterans with strong expertise in web application security, online safety, and identity theft
§ Spun out of, and subsequently, acquired by Imperva § Cloud-based solution includes
• Enterprise-grade Website Security § PCI-certified Web Application Firewall
• DDoS Protection • Load Balancing & Failover
§ All fully integrated on top of our global CDN
© 2014 Imperva, Inc. All rights reserved. 4
§ Product Marketing Manager for Incapsula
§ Previously held product marketing positions at Imperva and Armorize Technologies
§ Experienced in Web app security and SaaS security solutions
§ Holds degrees in Asian Studies and Chinese Language from Washington State University
Orion Cassetto Sr. Product Marketing Manager, Incapsula
Confidential
© 2014 Imperva, Inc. All rights reserved.
DDoS Landscape – Attacks Getting Bigger
Confidential 5
© 2014 Imperva, Inc. All rights reserved.
Average DDoS Attack Sizes Are Growing
Not only are big attacks getting bigger, average attack sizes are also growing – in 2013 the mean attack size was 10Gbps.
Source: 2014 Verizon Data Breach Investigation Report
6 Confidential
© 2014 Imperva, Inc. All rights reserved.
Where Do We Stand Today?
34%
66%
<10Gbps
>=10Gbps
Two thirds of a1acks exceed 10Gbps More than 13% exceed 40Gbps
7 Confidential
© 2014 Imperva, Inc. All rights reserved.
It’s Not All Bandwidth
More than 25% of a1acks exceed 10Mpps Most IPS/IDS will crash at 5Mpps
8 Confidential
© 2014 Imperva, Inc. All rights reserved.
Recent Campaigns / SaaS Applications
9 Confidential
© 2014 Imperva, Inc. All rights reserved.
Recent Campaigns / DNS Providers
10 Confidential
© 2014 Imperva, Inc. All rights reserved.
How Are Attackers Reaching These Numbers?
§ Are botnets becoming bigger? • No, according to www.shadowserver.org
§ Are there more open DNS resolvers? • No, the number is actually declining according to
www.openresolverproject.org
§ Are there more open NTP servers? • Probably not, www.openntpproject.org
§ So what is it then?
11 Confidential
© 2014 Imperva, Inc. All rights reserved.
§ They are using bigger guns
Example of a 4Mpps a1ack Less than 30 IPs are generaIng more than 99% of the traffic
12 Confidential
How Are Attackers Reaching These Numbers?
© 2014 Imperva, Inc. All rights reserved.
What Can We Learn From All This?
§ The stronger the Internet becomes, the stronger the attacks
§ The largest attacks use a small set of super resources rather than a large set of weak resources
§ Attacks will far exceed a single network’s capacity § Can we expect a 1Tbps+ attack within the next 12-36
months?
13 Confidential
© 2014 Imperva, Inc. All rights reserved.
A DDoS Resilient Network
Scalable architecture Scalable business model
= Cloud
Different assets need different protecIon (FTP != HTTP != DNS)
You can’t defend yourself from what you don’t see
React quickly to preserve the false posiIve to false negaIve
balance
In depth protection
Visibility Rapid response
Capacity scale
14 Confidential
© 2014 Imperva, Inc. All rights reserved.
Threats Facing Various Online Services
TCP / UDP SSH FTP
DNS
Application data
HTTP
Advanced persistent threats (APT) SQL injecIon
DNS query a1ack POST flood
SYN flood DNS amplificaIon NTP amplificaIon Direct IP a1acks
15 Confidential
© 2014 Imperva, Inc. All rights reserved.
Incapsula DDoS Protection
TCP / UDP SSH FTP
DNS
Application data
HTTP
Incapsula Web ApplicaIon Firewall
Incapsula ApplicaIon protecIon Incapsula DNS protecIon
Incapsula Infrastructure protecIon
16 Confidential
© 2014 Imperva, Inc. All rights reserved.
Incapsula Application Protection
Always On / On Demand
Protect HTTP/S Applications
Layer 3&4 and also Layer 7
17 Confidential
© 2014 Imperva, Inc. All rights reserved.
Incapsula DNS Protection - NEW
Always On Service
• Protect DNS servers
• Prevent Blacklisting
18 Confidential
© 2014 Imperva, Inc. All rights reserved.
Incapsula Infrastructure Protection - NEW
On Demand Service Protect all services and protocols
Protect entire IP ranges
Layer 3&4 (Network)
19 Confidential
© 2014 Imperva, Inc. All rights reserved.
Scaling BGP
IP ranges are announced in Anycast
20 Confidential
© 2014 Imperva, Inc. All rights reserved.
Imperva Positioned as a Magic Quadrant Leader
Confidential
Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Joseph Feiman, 17 June 2014. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
21
© 2014 Imperva, Inc. All rights reserved.
Webinar Materials
22
Join Imperva LinkedIn Group, Imperva Data Security Direct, for…
Confidential
Post-Webinar Discussions
Answers to Attendee
Questions
Webinar Recording Link Join Group
© 2014 Imperva, Inc. All rights reserved. Confidential 23
Questions?
www.imperva.com
© 2014 Imperva, Inc. All rights reserved. Confidential 24
Thank You