Weitere ähnliche Inhalte Ähnlich wie Cyber Attack Survival: Are You Ready? (20) Kürzlich hochgeladen (20) Cyber Attack Survival: Are You Ready?2. 2
Who Is At Risk?
2013
Shift from 2013
© Radware, Inc. 2014
3. Sophistication
• Duration: 3 Days
• 5 Attack Vectors
• Attack target: HKEX
• Duration: 3 Days
• 4 Attack Vectors
• Attack target: Visa, MasterCard
• Duration: 20 Days
• More than 7 Attack vectors
• Attack target: Vatican
Attack Landscape Evolution
• Duration: 10+ Months
• Multiple attack vectors
• Attack target: US Banks
2010 2011 2012 2013
3
4. Multi-Vector Attacks Take Aim
• Attackers would rather keep the
target busy by launching one
attack at a time, rather than
firing the entire arsenal at once.
• You may be successful at
blocking four or five attack
vectors, but it only takes one for
the damage to be done.
4
More than 50% of attack campaigns deployed
five or more attack vectors during 2013.
© Radware, Inc. 2014
6. New Vectors, Dangerous Trends
• 50% of all Web attacks were
encrypted application based attacks
during 2013.
• 15% of organizations reported
attacks targeting web application
login pages on a daily basis.
• And DNS based volumetric floods
increased from 10% to 21% in 2013,
becoming the second most common
attack vector.
6 © Radware, Inc. 2014
7. Public attention 1 sec page delay
7
The Results
3.5% decrease in
conversions
2.1% decrease in
shopping cart size
9.4% decrease in
page views
8.4% increase in
bounce rates
© Radware, Inc. 2014
8. Multi-Vulnerability Attack Campaigns
8
Internet
Internet
Pipe
Firewall IPS/IDS Load Balancer
(ADC)
Server SQL
Server
2011
2012
2013
5%
10%
15%
20%
25%
30%
• Volumetric
Floods
• Network Scans
• SYN Floods
• Low & Slow
• HTTP Floods
• SSL Floods
• Application Misuse
• Brute Force
• SQL Injection
• Cross Site Scripting
© Radware, Inc. 2014
9. Problem: Single Source, Multiple IPs
Enterprise Datacenter
• Single Attack source
• Attacker dynamically changes IP
• DHCP reset, Anonymous proxies
9 © Radware, Inc. 2014
10. Problem: Multiple Sources, Single IP
Enterprise Datacenter
Sources are behind NAT
• CDN
• Enterprise Internal Network
• Carrier Grade NAT
10 © Radware, Inc. 2014
11. Seconds Minutes Hours Days Weeks Months
29%
Initial Compromise to
Discovery
0% 0% 2% 13% 56%
11
Minutes to Compromise. Months to Discover.
Initial Compromise to
Data Exfiltration
8% 38% 14% 25% 8% 8%
Initial Attack to Initial
Compromise
1100%% 7755%% 12% 2% 0% 1%
29% 56%
© Radware, Inc. 2014
12. Enterprise
Data Center
Outsourced Infrastructure
Hosted
Facilities
Public /
Private Cloud
12 © Radware, Inc. 2014
13. • The demise of the perimeter
• Third party security dependencies
• Limited or no situational awareness
• Limited threat visibility
• Loss of control
Outsourcing Ramifications
13 © Radware, Inc. 2014
14. Detection: Encrypted / Non-Volumetric Attacks
• Envelope Attacks – Device Overload
• Directed Attacks - Exploits
• Intrusions – Mis-Configurations
• Localized Volume Attacks
• Low & Slow Attacks
• SSL Floods
14
15. Detection: Application Attacks
• Web Attacks
• Application Misuse
• Connection Floods
• Brute Force
• Directory Traversals
• Injections
• Scraping & API Misuse
15
17. B o t n e t
E n t e r p r i s e
C l o u d S c r u b b i n g
H o s t e d D a t a
C e n t e r
17
Mitigation: Encrypted, Low & Slow Attacks
18. B o t n e t
E n t e r p r i s e
C l o u d S c r u b b i n g
H o s t e d D a t a
C e n t e r
Attack
signatures
18
Mitigation: Application Attacks
19. B o t n e t
E n t e r p r i s e
C l o u d S c r u b b i n g
H o s t e d D a t a
C e n t e r
19
Mitigation: Volumetric Attacks
20. B o t n e t
C l o u d S c r u b b i n g
H o s t e d D a t a
C e n t e r
E n t e r p r i s e
Attack
signatures
20
Mitigation: Volumetric Attacks
21. B o t n e t
C l o u d S c r u b b i n g
H o s t e d D a t a
C e n t e r
E n t e r p r i s e
21
Mitigation: Volumetric Attacks
22. 22
Attack Mitigation Optimization
AppWall
WAF
DefensePro
E n t e r p r i s e D a t a C e n t e r
23. Cyber Attack
Defense
Attack
Detection
Quality of
Detection (QD)
Technical
Coverage
Detection
Algorithms
Time to
Detection (TD)
Reporting &
Correlation
Triaged
Response
Options
Attack
Mitigation
Quality of
Mitigation (QM)
Over / Under
Mitigating
Proper Mitigation
Location
Time to
Mitigation (TM)
Local / Premise
Cloud
Business Partner
23
Cyber Attack
Defense
Attack Detection
Attack Mitigation
Quality Of
Mitigation
Time To
Mitigation
Quality Of
Detection
Time To
Detection
Technical Coverage
Detection Algorithms
Reporting & Correlation
Triaged Response Options
Over/Under Mitigation
Mitigation Location
Local / Premise
Cloud
Business Partner
© Radware, Inc. 2014
24. Cyber Control
Sync, Automation & Visibility
Distributed
Detection
Synchronize traffic
baselines and
attack information
amongst all
mitigation tools.
3rd Party Detection/
Mitigation Elements
SDN-enabled Network
Elements
Distributed
Mitigation
Radware AMS
Components
Current Network
Elements
The Attack Mitigation Network
Selects the most
effective tools
and location for
attack
mitigation. Collect security
events and network
statistics from a
multitude of
resources.
24 © Radware, Inc. 2014
25. 1. Don’t assume that you’re not a target.
Draw up battle plans. Learn from the mistakes of others.
Survival Checklist
25
2. Protecting your data is not the same as protecting your business.
Comprehensive information security requires data protection, system
integrity and operational availability.
3. You don’t control all of your critical business systems
Understand your vulnerabilities in the distributed, outsourced world.
Work with cloud and internet service providers that provide you with visibility
and control over your connectivity and hosted assets.
26. 4. You can’t defend against attacks you can’t detect.
Survival Checklist
The battle prepared business harnesses an intelligence network.
26
5. Don’t believe the DDoS protection propaganda.
Understand the limitations of cloud-based scrubbing solutions.
Not all networking and security appliance solutions were created equal.
6. Know your limitations.
Enlist forces that have expertise to help you fight.
27. Cyber Security Toolkit
DefensePro: Anti-DoS, Network Behavioral Analysis, IPS
AppWall: Web Application Firewall
Alteon: Application Delivery Controller, SSL Attack Decryption
Vision: SIEM, Centralized Management & Reporting
DefensePipe: Cloud-based, volumetric cyber attack scrubbing
service
Emergency Response Team: Free 365x7x24 support for
customers that are under cyber-attack
27 © Radware, Inc. 2014