SlideShare ist ein Scribd-Unternehmen logo

Under DDoS: Instant Access to Live Information

Imperva Incapsula
Imperva Incapsula

The following presentation uses data from an actual DDoS attack to demonstrate some of the more typical uses and benefits of Incapsula’s Real-Time Event Monitoring capabilities.

TechnologieBusiness
1 von 11
Real-Time Event Monitoring Under DDoS: Instant Access to Live Information Disclaimer: The following is a description of an actual DDoS attack against one of Incapsula’s clients. To demonstrate Incapsula’s new Real-Time reporting capabilities, this presentation makes use of an actual screenshots and data from that event. Some facts, like IP and URL addresses, were altered to preserve anonymity.
Incapsula Maximum Security, Performance & Availability Through an application-aware Global CDN platform, Incapsula provides any website and web application with best-of-breed Security, DDoS Protection, Load Balancing & Failover solutions. Incapsula’s Real-Time Event Monitoring feature support all of these services by providing Accurate Visibility of Layer 7 Traffic Flow. --------------------------------------------------------------------------------------------------------------------------------------- The following presentation uses data from an actual DDoS attack to demonstrate some of the more typical uses and benefits of Incapsula’s Real-Time Event Monitoring capabilities.
It Starts with an Email Alert… 12:25:36 PM The event starts with an email alert, reporting on a suspicious activity on our client’s site. Incapsula’s Automated DDoS Protection was activated. Right now, the site is under attack.
Real-Time: First Evaluation 12:26:02 PM Incapsula’s Real-Time Monitoring is the next “go-to” spot. • Immediately you can see that Incapsula is blocking 515 malicious HTTP requests per second, which amount to 86% of all incoming traffic. • You can also see that response times of your servers are slightly higher than usual.
Real-Time: Servers’ Health & Activity 12:26:07 PM Using one of the available view options, you can now drill down to get a better picture of server health and load distribution. Both servers are active and the load distribution is even, which is good. The next step is to get more information about the DDoS offenders…
Real-Time: DDoS Offenders’ Identity 12:26:13 PM The Session Report shown here provides you with the information you need. You notice a suspiciously large chunk of traffic from outside the US. There is also an abnormally high percentage of “Firefox” visitors. Although they use browser user-agents, it looks like not all of them support JS or Cookies.
Real-Time: Tracking of Attackers’ Movement 12:26:27 PM The adjusted More button provides you with additional information about the offenders’ activity. When you use it to review the latest blocked sessions, you notice that they all share the same Entry Point; “/blog/” - an inactive, auto-generated, URL.
Real-Time: List of Attacking IPs 12:26:33 PM By filtering the data stream to show only the Blocked traffic, you also get instant views of the Top 5 attacking IPs. The full list is accessible as well, with a click on the More button.
Real-Time: Instant Access to Live Actionable Data Incapsula’s Real-Time Monitoring efficiently provides access to the most recent information about security events, incoming traffic and servers’ activity. In this case, literally in a matter of seconds, the website’s operator was able to collect all of the information he needed to understand and react to the attack, including: • Information about malicious traffic volumes • Information about the attack’s impact on availability • Status report of origin server health • Overview of server load distribution • Updated list of the spoofed user-agents • Latest information about the attacker’s point-of-entry • Updated list of attacking IPs
Real-Time: Enabling Data-Driven Decision Making Incapsula’s Real-Time view provides accurate visibility into Layer 7 traffic. Access to this live data enables data-driven decision making, as each piece of data can be leveraged into tactical action that enriches and supplements Incapsula’s automated DDoS Protection and Load Balancing solutions. Explore this new screen to uncover more view options, which will support you through a diverse array of security and server management scenarios…
Stay Safe

Empfohlen

Op Manager7
Op Manager7Op Manager7
Op Manager7lfair
 
Apache kafka- Onkar Kadam
Apache kafka- Onkar KadamApache kafka- Onkar Kadam
Apache kafka- Onkar KadamOnkar Kadam
 
Server Monitoring 101
Server Monitoring 101Server Monitoring 101
Server Monitoring 101Shovon Paulinus Rozario
 
Realtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLibRealtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLibRyan Bosshart
 
Starbucks Digital Strategy NMDL
Starbucks Digital Strategy NMDLStarbucks Digital Strategy NMDL
Starbucks Digital Strategy NMDLEmily Bratcher
 
Apache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsApache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsANKIT GUPTA
 
Clickstream Analysis
Clickstream AnalysisClickstream Analysis
Clickstream Analysisintuitiv.de
 
"up.time" New Release from uptime software - May, 2010
"up.time" New Release from uptime software - May, 2010"up.time" New Release from uptime software - May, 2010
"up.time" New Release from uptime software - May, 2010guesta93734
 

Empfohlen

Op Manager7
Op Manager7Op Manager7
Op Manager7lfair
 
Apache kafka- Onkar Kadam
Apache kafka- Onkar KadamApache kafka- Onkar Kadam
Apache kafka- Onkar KadamOnkar Kadam
 
Server Monitoring 101
Server Monitoring 101Server Monitoring 101
Server Monitoring 101Shovon Paulinus Rozario
 
Realtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLibRealtime Detection of DDOS attacks using Apache Spark and MLLib
Realtime Detection of DDOS attacks using Apache Spark and MLLibRyan Bosshart
 
Starbucks Digital Strategy NMDL
Starbucks Digital Strategy NMDLStarbucks Digital Strategy NMDL
Starbucks Digital Strategy NMDLEmily Bratcher
 
Apache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsApache Spark Streaming -Real time web server log analytics
Apache Spark Streaming -Real time web server log analyticsANKIT GUPTA
 
Clickstream Analysis
Clickstream AnalysisClickstream Analysis
Clickstream Analysisintuitiv.de
 
"up.time" New Release from uptime software - May, 2010
"up.time" New Release from uptime software - May, 2010"up.time" New Release from uptime software - May, 2010
"up.time" New Release from uptime software - May, 2010guesta93734
 
Lecture notes -001
Lecture notes -001Lecture notes -001
Lecture notes -001Eric Rotich
 
Netcool Impact docs
Netcool Impact docsNetcool Impact docs
Netcool Impact docsHIMANSHU GOYAL
 
20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7University of Twente
 
New Relic_Heroku_Presentation_Dreamforce11
New Relic_Heroku_Presentation_Dreamforce11New Relic_Heroku_Presentation_Dreamforce11
New Relic_Heroku_Presentation_Dreamforce11New Relic
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleExtraHop Networks
 
SampleChapter Operations Guide - J Currul
SampleChapter Operations Guide - J CurrulSampleChapter Operations Guide - J Currul
SampleChapter Operations Guide - J CurrulJim Currul
 
An Evaluators Guide To Net Flow Tracker
An Evaluators Guide To Net Flow TrackerAn Evaluators Guide To Net Flow Tracker
An Evaluators Guide To Net Flow Trackereegger
 
q4 w3 ICT 10.pptx
q4 w3 ICT 10.pptxq4 w3 ICT 10.pptx
q4 w3 ICT 10.pptxCrispinaRamirez
 
4
44
4aniketnimaje
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...KajolPatel17
 
The present and future of serverless observability (QCon London)
The present and future of serverless observability (QCon London)The present and future of serverless observability (QCon London)
The present and future of serverless observability (QCon London)Yan Cui
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observabilityYan Cui
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observabilityYan Cui
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Infradata
 
Running Head System Proposal .docx
Running Head System Proposal .docxRunning Head System Proposal .docx
Running Head System Proposal .docxagnesdcarey33086
 
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...JAYAPRAKASH JPINFOTECH
 
Continuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityContinuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityCenzic
 
InfraStitch Software Presentation
InfraStitch Software PresentationInfraStitch Software Presentation
InfraStitch Software PresentationSwapan Deb
 
Big Data: Querying complex JSON data with BigInsights and Hadoop
Big Data: Querying complex JSON data with BigInsights and HadoopBig Data: Querying complex JSON data with BigInsights and Hadoop
Big Data: Querying complex JSON data with BigInsights and HadoopCynthia Saracco
 
Couchbase Chennai Meetup 2 - Big Data & Analytics
Couchbase Chennai Meetup 2 - Big Data & AnalyticsCouchbase Chennai Meetup 2 - Big Data & Analytics
Couchbase Chennai Meetup 2 - Big Data & AnalyticsRedBlackTree
 
D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?Imperva Incapsula
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeImperva Incapsula
 

Weitere ähnliche Inhalte

Ähnlich wie Under DDoS: Instant Access to Live Information

Lecture notes -001
Lecture notes -001Lecture notes -001
Lecture notes -001Eric Rotich
 
New Relic_Heroku_Presentation_Dreamforce11
New Relic_Heroku_Presentation_Dreamforce11New Relic_Heroku_Presentation_Dreamforce11
New Relic_Heroku_Presentation_Dreamforce11New Relic
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleExtraHop Networks
 
SampleChapter Operations Guide - J Currul
SampleChapter Operations Guide - J CurrulSampleChapter Operations Guide - J Currul
SampleChapter Operations Guide - J CurrulJim Currul
 
An Evaluators Guide To Net Flow Tracker
An Evaluators Guide To Net Flow TrackerAn Evaluators Guide To Net Flow Tracker
An Evaluators Guide To Net Flow Trackereegger
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...KajolPatel17
 
The present and future of serverless observability (QCon London)
The present and future of serverless observability (QCon London)The present and future of serverless observability (QCon London)
The present and future of serverless observability (QCon London)Yan Cui
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observabilityYan Cui
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observabilityYan Cui
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Infradata
 
Running Head System Proposal .docx
Running Head System Proposal .docxRunning Head System Proposal .docx
Running Head System Proposal .docxagnesdcarey33086
 
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...JAYAPRAKASH JPINFOTECH
 
Continuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityContinuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityCenzic
 
InfraStitch Software Presentation
InfraStitch Software PresentationInfraStitch Software Presentation
InfraStitch Software PresentationSwapan Deb
 
Big Data: Querying complex JSON data with BigInsights and Hadoop
Big Data: Querying complex JSON data with BigInsights and HadoopBig Data: Querying complex JSON data with BigInsights and Hadoop
Big Data: Querying complex JSON data with BigInsights and HadoopCynthia Saracco
 
Couchbase Chennai Meetup 2 - Big Data & Analytics
Couchbase Chennai Meetup 2 - Big Data & AnalyticsCouchbase Chennai Meetup 2 - Big Data & Analytics
Couchbase Chennai Meetup 2 - Big Data & AnalyticsRedBlackTree
 

Ähnlich wie Under DDoS: Instant Access to Live Information (20)

Lecture notes -001
Lecture notes -001Lecture notes -001
Lecture notes -001
 
Netcool Impact docs
Netcool Impact docsNetcool Impact docs
Netcool Impact docs
 
20160316_tbk_bit_module7
20160316_tbk_bit_module720160316_tbk_bit_module7
20160316_tbk_bit_module7
 
New Relic_Heroku_Presentation_Dreamforce11
New Relic_Heroku_Presentation_Dreamforce11New Relic_Heroku_Presentation_Dreamforce11
New Relic_Heroku_Presentation_Dreamforce11
 
Atlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report SampleAtlas Services Remote Analysis Report Sample
Atlas Services Remote Analysis Report Sample
 
SampleChapter Operations Guide - J Currul
SampleChapter Operations Guide - J CurrulSampleChapter Operations Guide - J Currul
SampleChapter Operations Guide - J Currul
 
An Evaluators Guide To Net Flow Tracker
An Evaluators Guide To Net Flow TrackerAn Evaluators Guide To Net Flow Tracker
An Evaluators Guide To Net Flow Tracker
 
q4 w3 ICT 10.pptx
q4 w3 ICT 10.pptxq4 w3 ICT 10.pptx
q4 w3 ICT 10.pptx
 
4
44
4
 
Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...Implementing Active Directory and Information Security Audit also VAPT in Fin...
Implementing Active Directory and Information Security Audit also VAPT in Fin...
 
The present and future of serverless observability (QCon London)
The present and future of serverless observability (QCon London)The present and future of serverless observability (QCon London)
The present and future of serverless observability (QCon London)
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
 
The present and future of Serverless observability
The present and future of Serverless observabilityThe present and future of Serverless observability
The present and future of Serverless observability
 
Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)Cybersecurity breakfast tour 2013 (1)
Cybersecurity breakfast tour 2013 (1)
 
Running Head System Proposal .docx
Running Head System Proposal .docxRunning Head System Proposal .docx
Running Head System Proposal .docx
 
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
Privacy-preserving Crowd-sourced Statistical Data Publishing with An Untruste...
 
Continuous Monitoring for Web Application Security
Continuous Monitoring for Web Application SecurityContinuous Monitoring for Web Application Security
Continuous Monitoring for Web Application Security
 
InfraStitch Software Presentation
InfraStitch Software PresentationInfraStitch Software Presentation
InfraStitch Software Presentation
 
Big Data: Querying complex JSON data with BigInsights and Hadoop
Big Data: Querying complex JSON data with BigInsights and HadoopBig Data: Querying complex JSON data with BigInsights and Hadoop
Big Data: Querying complex JSON data with BigInsights and Hadoop
 
Couchbase Chennai Meetup 2 - Big Data & Analytics
Couchbase Chennai Meetup 2 - Big Data & AnalyticsCouchbase Chennai Meetup 2 - Big Data & Analytics
Couchbase Chennai Meetup 2 - Big Data & Analytics
 

Mehr von Imperva Incapsula

D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?Imperva Incapsula
 
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...Imperva Incapsula
 
D3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation TechniquesD3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation TechniquesImperva Incapsula
 
D3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the BrowserD3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the BrowserImperva Incapsula
 
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationImperva Incapsula
 
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-OnD3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-OnImperva Incapsula
 
D3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudD3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudImperva Incapsula
 
D3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize SecurityD3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize SecurityImperva Incapsula
 
D3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlD3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlImperva Incapsula
 
D3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery RulesD3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery RulesImperva Incapsula
 
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...Imperva Incapsula
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceImperva Incapsula
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedD3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedImperva Incapsula
 
D3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the CurveD3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the CurveImperva Incapsula
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...Imperva Incapsula
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionImperva Incapsula
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...Imperva Incapsula
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackImperva Incapsula
 

Mehr von Imperva Incapsula (20)

D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?D3TLV17- You have Incapsula...now what?
D3TLV17- You have Incapsula...now what?
 
D3TLV17- Keeping it Safe
D3TLV17- Keeping it SafeD3TLV17- Keeping it Safe
D3TLV17- Keeping it Safe
 
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
D3TLV17- The Incapsula WAF: Your Best Line of Denfense Against Application La...
 
D3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation TechniquesD3TLV17- Advanced DDoS Mitigation Techniques
D3TLV17- Advanced DDoS Mitigation Techniques
 
D3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the BrowserD3LDN17 - Recruiting the Browser
D3LDN17 - Recruiting the Browser
 
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS MitigationD3LDN17 - A Pragmatists Guide to DDoS Mitigation
D3LDN17 - A Pragmatists Guide to DDoS Mitigation
 
D3LDN17 - Keynote
D3LDN17 - KeynoteD3LDN17 - Keynote
D3LDN17 - Keynote
 
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-OnD3NY17- Customizing Incapsula to Accommodate Single Sign-On
D3NY17- Customizing Incapsula to Accommodate Single Sign-On
 
D3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the CloudD3NY17 - Migrating to the Cloud
D3NY17 - Migrating to the Cloud
 
D3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize SecurityD3NY17- Using IncapRules to Customize Security
D3NY17- Using IncapRules to Customize Security
 
D3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access ControlD3SF17- Using Incap Rules to Customize Your Security and Access Control
D3SF17- Using Incap Rules to Customize Your Security and Access Control
 
D3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery RulesD3SF17- Boost Your Website Performance with Application Delivery Rules
D3SF17- Boost Your Website Performance with Application Delivery Rules
 
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
D3SF17- A Single Source of Truth for Security Issues- Pushing Siem Logs to Cl...
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
 
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons LearnedD3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
D3SF17- Migrating to the Cloud 5- Years' Worth of Lessons Learned
 
D3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the CurveD3SF17 -Keynote - Staying Ahead of the Curve
D3SF17 -Keynote - Staying Ahead of the Curve
 
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
E-commerce Optimization: Using Load Balancing and CDN to Improve Website Perf...
 
Protect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS ProtectionProtect Your Assets with Single IP DDoS Protection
Protect Your Assets with Single IP DDoS Protection
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
 

Kürzlich hochgeladen

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 

Kürzlich hochgeladen (20)

DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 

Under DDoS: Instant Access to Live Information

  • 1. Real-Time Event Monitoring Under DDoS: Instant Access to Live Information Disclaimer: The following is a description of an actual DDoS attack against one of Incapsula’s clients. To demonstrate Incapsula’s new Real-Time reporting capabilities, this presentation makes use of an actual screenshots and data from that event. Some facts, like IP and URL addresses, were altered to preserve anonymity.
  • 2. Incapsula Maximum Security, Performance & Availability Through an application-aware Global CDN platform, Incapsula provides any website and web application with best-of-breed Security, DDoS Protection, Load Balancing & Failover solutions. Incapsula’s Real-Time Event Monitoring feature support all of these services by providing Accurate Visibility of Layer 7 Traffic Flow. --------------------------------------------------------------------------------------------------------------------------------------- The following presentation uses data from an actual DDoS attack to demonstrate some of the more typical uses and benefits of Incapsula’s Real-Time Event Monitoring capabilities.
  • 3. It Starts with an Email Alert… 12:25:36 PM The event starts with an email alert, reporting on a suspicious activity on our client’s site. Incapsula’s Automated DDoS Protection was activated. Right now, the site is under attack.
  • 4. Real-Time: First Evaluation 12:26:02 PM Incapsula’s Real-Time Monitoring is the next “go-to” spot. • Immediately you can see that Incapsula is blocking 515 malicious HTTP requests per second, which amount to 86% of all incoming traffic. • You can also see that response times of your servers are slightly higher than usual.
  • 5. Real-Time: Servers’ Health & Activity 12:26:07 PM Using one of the available view options, you can now drill down to get a better picture of server health and load distribution. Both servers are active and the load distribution is even, which is good. The next step is to get more information about the DDoS offenders…
  • 6. Real-Time: DDoS Offenders’ Identity 12:26:13 PM The Session Report shown here provides you with the information you need. You notice a suspiciously large chunk of traffic from outside the US. There is also an abnormally high percentage of “Firefox” visitors. Although they use browser user-agents, it looks like not all of them support JS or Cookies.
  • 7. Real-Time: Tracking of Attackers’ Movement 12:26:27 PM The adjusted More button provides you with additional information about the offenders’ activity. When you use it to review the latest blocked sessions, you notice that they all share the same Entry Point; “/blog/” - an inactive, auto-generated, URL.
  • 8. Real-Time: List of Attacking IPs 12:26:33 PM By filtering the data stream to show only the Blocked traffic, you also get instant views of the Top 5 attacking IPs. The full list is accessible as well, with a click on the More button.
  • 9. Real-Time: Instant Access to Live Actionable Data Incapsula’s Real-Time Monitoring efficiently provides access to the most recent information about security events, incoming traffic and servers’ activity. In this case, literally in a matter of seconds, the website’s operator was able to collect all of the information he needed to understand and react to the attack, including: • Information about malicious traffic volumes • Information about the attack’s impact on availability • Status report of origin server health • Overview of server load distribution • Updated list of the spoofed user-agents • Latest information about the attacker’s point-of-entry • Updated list of attacking IPs
  • 10. Real-Time: Enabling Data-Driven Decision Making Incapsula’s Real-Time view provides accurate visibility into Layer 7 traffic. Access to this live data enables data-driven decision making, as each piece of data can be leveraged into tactical action that enriches and supplements Incapsula’s automated DDoS Protection and Load Balancing solutions. Explore this new screen to uncover more view options, which will support you through a diverse array of security and server management scenarios…