4. DDoS Threat is growing Slide 4 Attack size Operation Sony DDoS Operation Payback II on Codero; Netbot DDoS on Wordpress.com Operation payback – Wikileaks revenge DDoS attacks July 2009 cyber attacks (US and south korea) IMDDOS – Commercial Botnet Slowloris - Low & Slow Attacks Twitter DDOS attack on Cyxymu Time 2009 2011 2010 Source: Radware ERT report
5. When you have no Anti-DoS solution in place… Slide 5 Wikileaks site outage Westboro Baptist Outage 4 sites held down for 6 days
6. Poll question How many DDoS attacks did you (or your customer) face in the past year? None Only once Few times Many times I don’t have the tools to detect DDOS attacks Slide 6
7.
8. Even if one attack vector is successful – the business is severely impactedLarge volume SYN flood Low & Slow connection DoS attacks Business Slow Application flood attack (Slowloris) Application flood attack (HTTP data flood) BUSINESS IMPACT
15. Accurate mitigation – maintain very low false positives
16.
17. What drives the MSSP success? (1 of 2) Business True DDoS Protection Can you detect and protect emerging DDoS attacks including multi-vulnerability campaign attacks and slow DDoS attacks? How fast can you detect and protect against attacks? In seconds? In minutes? Financial Solution scalability Can your infrastructure grow without painful forklift upgrades? How do you price your service? Monthly fee On demand / per incident SLA penalties / rewards Slide 10
18. What drives the MSSP success? (1 of 2) Technical Flexible deployment Fit any customer architecture Operational Customer centric reporting Easy integration into provider environment (OSS, SEM, SOC) Marketing What is unique in your offering? SLA: can you guarantee Time to protect? Coverage – what type of attacks do you protect, and what you don’t? Multi locations vs. single location Customers portfolio and testimonials Slide 11
43. Advanced Alerts based on event correlation rulesBuilt-in reports and alerts engine Slide 17 DoS protection Service Provider Infrastructure Management & SEM
44. Poll question What is the main reason customer select your security services: Attack coverage Reporting Price One stop shop – we are their hosting service provider We do not provide yet security services Slide 18
45. Advanced alerts: SOC/NOC alarms Slide 19 Attack volume is higher than 1Gbps in past 5 minutes Customer critical application is under high risk attack SOC Provider SOC must be aware of high risk and high importance cases DoS protection Service Provider Infrastructure Management & SEM
46. Advanced alerts: Show customer SLA Slide 20 Dear customer, Your site is under high volume attack for more than 1 hours. You are fully protected. Regards. Dear customer, Your booking application has been attacked more than 4 times throughout the day. Regards. DoS protection Service Provider Infrastructure Demonstrate SLA and ROI Automatic customer notification via email Management & SEM
51. Direct access API to events log databaseReports & Alerts: easy service integration Slide 21 Portal monitoring view Historical reports DoS protection Service Provider Infrastructure Management & SEM Customer Portal
52.
53.
54. Product and security experts supportSOC DoS protection Service Provider Infrastructure Management & SEM Attack Mitigation System Scrubbing center
75. What drives the MSSP success? (1 of 2) Business: best DDoS attacks coverage Packet and bandwidth flood attacks protection Application DDoS flood attacks protection Directed (low & slow, SSL) attacks protection Short time to protect – in seconds! Financial Solution scalability: OnDemand platform Unique pay as you grow approach No forklift upgrades Best performing 10G attack mitigation platforms Lowest CapEx & OpEx Multitude of security tools and SEM in a single solution Out-of-the-box protections Slide 28
76. What drives the MSSP success? (1 of 2) Technical Flexible deployment of attack mitigation devices in any environment Symmetric, Asymmetric, no learning. Operational Emergency Response Team (ERT) to support your SOC Our commitment to your success Customer centric reporting Integrated SEM with per-customer reports and dashboards Marketing The only NSS Recommended Attack Mitigation solution SLA: Short time to protect! SLA: Coverage: protect against emerging DDoS attacks Slide 29