Regardless of the size or complexity of the attack, the downtime associated with a DDoS event can result in significant revenue losses with some estimates reaching hundreds of thousands of dollars per incident. This doesn’t include aftermath; backpedaling to determine what breaches may have occurred during the event, and how to manage damage control with customers. This session discusses on-premises DDoS defense solutions to compliment your cloud based anti-ddos investment.
11. On-premise and in-line:
• Improved response time and mitigation for the vast majority
of attacks
• Allows highly-trained staff to focus on more nefarious
threats
• Broad protection at all layers protects critical infrastructure
and optimizes its performance
• Service availability protects business integrity, and increases
productivity
Operational benefits
11
12. On-premises and in-line:
• Fraction of the cost compared to scrubbing or out of
band solutions
• Protects downstream security investments
• Allows skilled (and highly-paid) staff to focus on higher-
layer threats, not mundane operational tasks
Cost benefits
12
13. Cloud/Hosted Scenario
If scrubbing is an option that your business is committed
to, consider the following:
• Always on, or on demand
• Cost implications
• Total event traffic captured and analyzed
• Manual/human intervention
• Duration of large scale attacks
• Application layer attacks
1
15. Conclusions: There is no one-size-fits-all solution
15
r
Plan for day-to-day
protection against
baseline attacks
Consider
solutions that
you can turn
around and
monetize
Think about the
cost of mitigation in
a 24/7 attack
environment:
human and capital
Prepare for
larger sustained
attacks and
massive spikes
What is Your DDoS Protection Plan?
DDoS attacks have been increasing in frequency, capacity and overall effectiveness in recent months.
This is just a sampling.
You will notice a variety of spikes on this chart that indicate single attacks that that neared or exceeded 300Gbps per second.
100Gbps attacks are no longer uncommon, and there are very few environments that can withstand that class of attack.
20% of datacenter downtime is attributed to DDoS attacks
Average downtime of 86 min, translating to an average of 86k in costs. With Total outage damage averaging 700k
This is a sophisticated problem that requires a First Line of Defense.
In an era where more bandwidth is required, and more bandwidth is being purchased, organizations are increasing their attack surface from a volumetric DDoS attack perspective.
Corero provides a FLoD that prevents network and service outages by blocking attacks in real time. We do this unlike most competitive offerings that provide strictly scrubbing center solutions.
Our solution ensures that customers’ online services are maintained even while under attack. We block all attack traffic while allowing the good traffic to transit into your environment.
We provide robust analytics/reporting to gain insight into the attacks and threats against your network.
The FLoD extends the effective life of your security investments—your firewalls, IPS’s etc, by protecting those security solutions from attacks allowing them to operate as intended without forcing you into costly upgrades to support the expanded bandwidth requirements associated with the peak of attacks.
The Corero FLoD employs a Next Generation architecture that delivers advanced DDoS and cyber threat protection, as well as comprehensive visibility into the attack landscape associated with your network.
We will dig into each of these key areas in the following slides.
Present the product line in context of the bandwidth requirements. Dave L to mark up
Evolutionary deployment for existing customers
Existing DDS deployments can be scaled up without a fork lift upgrade with a SmartWall as an added component
From a visibility perspective the Corero FLOD correlates security event info along with threat intelligence – like information about clients perpetrating an attack, their geo-location, the targeted victim server, and a host of other correlated event information provided by the Corero security analytics . We incorporate system health data on our appliances in your network as well as network statistics and forensics data about all of the flows moving within your environment. We present this in a virtual security operations center portal, which allows you to utilize our package analytics tool without having to invest in your own. This incorporates a powerful analytics engine that can determine real actionable security recommendations and even visualization in real time. Our dashboards show attacks as they occur, top attacks against an environment over any period of time. We offer historical reporting, behavioral analysis, full drill down for forensics capabilities to investigate any attack against your environment.
All of this is packaged within the Corero SecureWatch analytics portal. For customers that don’t want to invest in their own SOC or don’t have the IT Staff of expertise to build this type of tool, we have provide a tool that allows you to optionally connect to the Corero SOC where our security analysts can remotely assist our partners and customers.
Our customers can have a view of their own data, while our partners that are servicing their customers can also have a view and provide managed services on behalf of their customers using eth Corero environment.
SecureWatch analytics is built on Splunk. So, for customers that are already invested in Splunk, we offer an application that seamlessly integrates with the Splunk environment that can be integrated into any analysis tools on that platform. All of our data is provided in sys log and can be optimized to work with any log management tool.
There are couple of applications for the FLoD highlighted here.
The first is in the cloud. Our hosting, service providers customers utilize FLoD to protect against attack s on their internet peering points, shown in the top boxes connected to the cloud. Additionally these customers can provide managed services to their customers. Whether they be tenants in a multi-tenant environment or service provider subscribers by aggregating our system at their edge.
We also provide on premises capabilities to enterprise sand data center environments where we support the ability to mitigates from 1GB to 10GB and even beyond. In all cases we can scale independently up to 40Gbps , 100GB and beyond.
The right hand description shows the FLoD provides DDoS protection in front of traditional security infrastructure, like firewalls, IDCs, WAF, IPS’s etc…by deploying the product there, we are protecting everything to the right of our devices from DDoS attacks. in many cases if the enterprise owns the router we can even deploy to the left of the router and protect it as well.
Connect with your local sales personnel to discuss a POC.
Why? Because if you take and deploy the Corero our First Line of Defense in your environment, you will be amazed at the amount attacks that are already occurring in your environment whether that be initial probes looking for vulnerable surfaces, or already significant attacks that are already occurring that you are not aware of.
Our systems can be deployed in under an hour, up and running and providing benefit.