Radware Solutions for MSSPs
-
Upload
radware -
Category
Technology
-
view
1.445 -
download
2
description
Transcript of Radware Solutions for MSSPs
Advanced DDoS Protection for Service Providers & MSSPs
Ron Meyran – Director Product Marketing Security
July 2011
Agenda
• DDoS Is Growing & Evolving
• Key Success Criteria for Service Providers & MSSPs
• Radware’s Advanced Solution
• Customer Cases
• Summary
Slide 2
DDoS is growing and evolving
DDoS Threat is growing
Slide 4
2009 20112010
Source: Radware ERT report
Attack size
Time
Slowloris - Low &
Slow Attacks
July 2009 cyber
attacks (US and south korea)
Twitter DDOS
attack on Cyxymu
IMDDOS – Commercia
l Botnet
Operation payback – Wikileaks revenge
DDoS attacks
Operation Payback II on
Codero; Netbot DDoS on Wordpress.com
Operation Sony DDoS
When you have no Anti-DoS solution in place…
Slide 5
Wikileaks site outage
Westboro Baptist Outage
4 sites held down for 6 days
Poll question
• How many DDoS attacks did you (or your customer) face in the past year?– None– Only once– Few times– Many times– I don’t have the tools to detect DDOS attacks
Slide 6
Multi-Vulnerability Attack Campaigns
Slide 7
Business
Network
Server
Application
Business
Large volume network flood attacks
Slow Application flood attack (Slowloris)
Large volume SYN flood
Low & Slow connection DoS attacks
BUSINESS
IMPACT
Application flood attack (HTTP data flood)
Conclusions
• Attackers use multi-vulnerability attack campaigns making mitigation nearly impossible
• Even if one attack vector is successful – the business is severely impacted
High Med Low
DDoS Protection: layers of defense
Slide 8
Type of DoS attacks:
Challenges:
PPS & Bandwidth flood attacks
Connection & application flood attacks
Directed application DoS attacks
Attack volume:
• Accurate mitigation – maintain very low false positives• Time to protect
•PPS Processing capacity•Bandwidth capacity
•Identify malicious sources •Accurate mitigation – all sessions are legitimate
•Deep packet inspection•Ad-hoc filters creation
Key criteria to become a successful MSSP
What drives the MSSP success? (1 of 2)
• Business– True DDoS Protection
• Can you detect and protect emerging DDoS attacks including multi-vulnerability campaign attacks and slow DDoS attacks?
• How fast can you detect and protect against attacks? In seconds? In minutes?
• Financial– Solution scalability
• Can your infrastructure grow without painful forklift upgrades?
– How do you price your service?• Monthly fee• On demand / per incident• SLA penalties / rewards
Slide 10
What drives the MSSP success? (1 of 2)
• Technical – Flexible deployment
• Fit any customer architecture
• Operational– Customer centric reporting– Easy integration into provider environment (OSS, SEM, SOC)
• Marketing– What is unique in your offering?– SLA: can you guarantee Time to protect?– Coverage – what type of attacks do you protect, and what you don’t?– Multi locations vs. single location– Customers portfolio and testimonials
Slide 11
Radware solution for DDoS service providers
DDoS Protection: Radware coverage
Slide 13
Radware DDoS Protections:
Up to 12MPPS of attack prevention
Up to 800K new TPS of HTTP Challenge-Response
PPS & Bandwidth flood attacks
Connection & application flood attacks
Directed application DoS attacks
ASIC-Based DoS Mitigator Engine (DME)
Real-time signatures technology
Multi-core CPUsReal-time signatures
& challenge -response
technologies
StringMatch Engine (SME) RegEx Engine
Static & user filters
Full 10Gbps DPI (RegEx) processing
DDoS Protection: Radware technologies
Slide 14
PPS & Bandwidth flood attacks
Connection & application flood attacks
Directed application DoS attacks
• Behavioral based real-time signatures blocking• SYN Protection (SYN cookies; Web cookies)• Rate based protections
• HTTP & DNS advanced Challenge –Response techniques• Behavioral based real-time signatures• Rate based protections
• Auto-updated RegEx filters• Counter attack techniques• Ad-hoc filters
• Widest DDoS attacks coverage out-of-the-box• Best time to protect: in seconds
Deployment: Scrubbing center
Slide 15
Internet
Customer C
Scrubbing center
Attack Mitigation System
Customer B
Customer A
ISP Core IP Network
SOC
Customer Portal
DoS protection Service Provider In
frastru
cture
Management & SEM
Out-of-path attack mitigation
Slide 16
Scrubbing center
Attack Mitigation System
DoS protection Service Provider In
frastru
cture
•Operate in asymmetric & symmetric environment•Full coverage:
• Packet & BW attacks• Application DDoS attacks• Directed attacks
•No learning required•Time to protect : immediate (seconds)
APSolute Vision Reports & Alerts•Most extensive monitoring and reporting engine•Per customer dashboards•Per customer reports•Compliance reports•Advanced Alerts based on event correlation rules
Built-in reports and alerts engine
Slide 17
DoS protection Service Provider In
frastru
cture
Management & SEM
Poll question
• What is the main reason customer select your security services:– Attack coverage– Reporting– Price– One stop shop – we are their hosting service provider– We do not provide yet security services
Slide 18
Advanced alerts: SOC/NOC alarms
Slide 19
SOC
DoS protection Service Provider In
frastru
cture
Management & SEM
Customer critical
application is
under high risk
attack
Attack volume is
higher than
1Gbps in past 5
minutes
Provider SOC must be aware of high risk and high importance cases
Advanced alerts: Show customer SLA
Slide 20
DoS protection Service Provider In
frastru
cture
Management & SEMDemonstrate SLA and ROIAutomatic customer notification via email
Dear customer,
Your site is under high volume
attack for more than 1 hours. You
are fully protected.
Regards.
Dear customer,
Your booking application has been
attacked more than 4 times
throughout the day.
Regards.
APSolute Vision Reporter•Web interface•Scheduled Reports and Alerts by email•Northbound interface via SNMP, SMTP
• Export Alerts and event logs•Direct access API to events log database
Reports & Alerts: easy service integration
Slide 21
DoS protection Service Provider In
frastru
cture
Management & SEM
Customer Portal
Portal monitoring view
Historical reports
Deployment: SOC & ERT support
Slide 22
Scrubbing centerDoS protection Service Provider In
frastru
cture
Attack Mitigation System
Management & SEM
SOC
Security Operations Center (SOC)•Provides weekly and emergency signature updates•Develop counter attack tools – fighting back!
Emergency Response Team (ERT)•Provide 24x7 service for backup when customers under attack•Product and security experts support
Radware security expertise : ERT cases (1 of 2)
Slide 23
Radware ERT helped High Council for Telecommunications (TIB) to achieve full protection against Anonymous attacks• Anonymous group published a poster calling its fans to
attack Turkish government agency – Target: High Council for Telecommunications (TIB)– When: June 9th (Thursday) 2011 at 6PM– Attack tool: Low Orbit Ion Canon (LOIC)
• Type of attack - Multi-vulnerability campaign:– HTTP Get flood attack– TCP connection flood on port 80– SYN flood attack– UDP flood attack
Radware security expertise : ERT cases (2 of 2)
Slide 24
Radware ERT helped Istanbul police to achieve full protection against Anonymous attacks
• Anonymous group attacks Istanbul police as revenge of the arrest– Target: Istanbul police site– When: June 13th 2011– Attack tool: Low Orbit Ion Canon (LOIC)
• Type of attack - Multi-vulnerability campaign
“We just watched the attacks and DefensePro easily eliminated the attacks. We didn’t even see any latency during the attacks. Istanbul Police is thankful to us and to you. While most of the state websites gets unresponsive during the attacks, they didn’t feel anything.”Istanbul Police integrator
Customer success
Hosting service provider: in-the-cloud DoS protection
Slide 26
Challenges and Objective• Protect the SP infrastructure against bandwidth
consuming attacks• Offer their customers value-added DoS protection service
Solution Overview• DefensePro devices deployed in scrubbing center with
the following protection sets:
• DoS Protection: Prevent high volume and high PPS flood attacks
• NBA: Prevent Application DDoS attacks
Solution Business Benefits• Maintain customer business continuity and satisfaction
when the network is under attack
• Return on investment within 6 months
• Service profit over 3 years: $1.2M
Customer• One of the top three IT
infrastructure providers in North America delivering Managed, Self-Managed, and Co-location hosting services
• Hosts over 10,000 customers worldwide
Summary
What drives the MSSP success? (1 of 2)
• Business: best DDoS attacks coverage– Packet and bandwidth flood attacks protection– Application DDoS flood attacks protection– Directed (low & slow, SSL) attacks protection– Short time to protect – in seconds!
• Financial– Solution scalability: OnDemand platform
• Unique pay as you grow approach• No forklift upgrades• Best performing 10G attack mitigation platforms
– Lowest CapEx & OpEx• Multitude of security tools and SEM in a single solution• Out-of-the-box protections
Slide 28
What drives the MSSP success? (1 of 2)
• Technical – Flexible deployment of attack mitigation devices in any environment
• Symmetric, Asymmetric, no learning.
• Operational– Emergency Response Team (ERT) to support your SOC
• Our commitment to your success
– Customer centric reporting• Integrated SEM with per-customer reports and dashboards
• Marketing– The only NSS Recommended Attack Mitigation solution– SLA: Short time to protect!– SLA: Coverage: protect against emerging DDoS attacks
Slide 29
Thank Youwww.radware.com