More Related Content
Similar to Dns security overview (20)
Dns security overview
- 2. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
+40% Cyber Attacks
+132% DDoS Attacks
2015 Security Context
Symantec: Internet security threat report 2015
Source: Prolexic Quarterly Global DDoS Attack Report Q2 2015
Internet Security Team Report - Symantec & Verizon – 2014
+50 Million New Malwares
IN
OUT
41% of Internal Attacks
Symantec: Internet security threat report 2013
IBM 2015 Cyber Security Intelligence report
An Evolving Threat Environment
- 3. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Security Threat Landscape
Page 3
DNS DDoS Amplification
DNS Malware
DNS Phishing
Zero Day
DNS Tunneling
Man in the Middle
DNS-based Exploits
DNS Cache Poisoning
DNS Flooding
DNS Reflection
Protocol Anomaly
Water Torture Attacks
Pulsar Attacks
Phantom Attacks
NX Domain Attacks
Random Subdomain attacks
Lock-up Domain Attacks
Sloth Domain Attacks
False Positive Triggering
...
Greater Variety
Greater Sophistication
- 4. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
The Hidden Threats In DNS Traffic
Page 4
DNS Services Play
A Dual Role In the
“Kill-Chain”
THREAT
VECTOR
FAVORITE
TARGET
- 5. Confidential-Property of EfficientIP - All rights reserved-Copyright © 20155Page 5
DNS Attacks Classification
Direct DoS, Amplification, Reflection
attacks
3 Main Types of DNS Attacks
EXPLOITS
VOLUMETRIC
Random QName, Phantom and Sloth
attacks...
DNS Tunnelling, poisoning, 0-day
!!
STEALTH
- 6. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
Attack Objectives
Page 6
Multiple DNS Targets
For Many Objectives
PUBLIC
PRIVATE
Business Downtime
Embezzlement of Money
Intellectual Property Theft
Customer Data Theft
Damaged Reputation
Password Stealing
Volumetric
Stealth
Exploits
- 7. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Attacks: Myth or Reality?
A Threat for Every Industry
*IDC 2014 DNS Security Survey
72% of Companies have Experienced DNS Attacks*
Page 7
- 8. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Attacks: What Is At Stake?
Page 8
Concrete Damages Experienced
IDC 2014 DNS Security Survey
31%
LOST PROFIT
44%
APPLICATION
DOWNTIME
41%
INTELLECTUAL
PROPERTY
STOLEN
44%
WEB SITE
COMPROMISED
- 9. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
Why Are DNS Attacks So Impacting?
Page 9
Traditional Security Solutions Are Not
Adapted to Mitigating DNS Attacks
Firewall & Next Generation Firewall
Anti-DDoS Appliances
IPS
Secure Web Gateway
...
A Specialized Layer of Defense Is Required To
Protect Users & DNS Services From Hidden Threats
in DNS Traffic
- 10. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
EfficientIP DNS Security Vision
Page 10
Protect All DNS Services
From All Attack Types
EXPLOITS
PRIVATE PUBLIC
VOLUMETRIC
!!
STEALTH
- 11. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015Page 11
EfficientIP Security Solution
Strengthen Security
Foundation
Block 0-Day Vulnerabilities
Enforce Best Practices
Ensure DNS Continuity
with Adaptive Security
Advanced Attack Detection
Graduated Countermeasures
Secure Public DNS
Availability
Resiliency & Robustness
Absorb Extreme DoS
Attacks on Cache Servers
Cache Security & Performance
Protect Users & Block DNS-
Based Malware Activity
Prevent, Detect & Mitigate
- 13. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
Hardened Appliance
Enforce DNS Security Best Practices
SmartArchitecture Templates: Stealth DNS, Master-Slave, Multi-master
Block Zero-Day Vulnerabilities: Hybrid DNS Engines
Three DNS Engines transparently Managed as a single entity
Mitigate Amplification & Reflection Threat
Response Rate Limiting (RRL)
Ensure Data Integrity & Authenticity
DNSSEC Automation: “One Click” Deployment
Page 13
SOLIDserver DNS
IT Night WINNER
Best Security Product 2014
Most Innovative Security Solution
SOLIDserver Security Foundation
PUBLIC & PRIVATE
- 15. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
Amazon Route53 Integration
Advanced Protection For DDoS & 0-Day
52 DNS Spots – Hybrid DNS engine
High-Availability & Performance
Anycast resiliency – Ultra Low Latency
Simple & Flexible
Deployment –Management – Reversibility
Cost-Effective
Page 15
DNS Services In the Cloud
PUBLIC
UNIFIED MANAGEMENT OF
IN-HOUSE & AMAZON CLOUD DNS
- 17. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Firewall
Page 17
PROTECT AGAINST MALWARE AND
PHISHING WITH RESPONSE POLICY ZONE
PRIVATE DNS SERVICES
Prevent Initial Infection
Block malicious sites
Detect and Block Malware Activity
Users & Applications, CnC Communications
Mitigate Data Exfiltration
Locate Infected Devices to Remediate
- 19. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Guardian
Page 19
Inside DNS Transaction Analysis For Accurate Attack
Detection
Global & Per IP Statistics (cache & recursive)
Volumetric, Stealth & Exploit Attacks Detection
Tunnelling, RQName attacks, phantom attacks, anomalies
Graduated Protection With Smart Countermeasures
Block source IPs of the attacks
Quarantine suspected source IPs of attacks
Patented Rescue Mode: Ensure service continuity even if the attack
source is unidentifiable.
ADAPTIVE DNS SECURITY
PRIVATE DNS SERVICES
- 21. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Blast: Cache Security & Performance
Page 21
Absorbs DoS Attacks on DNS Cache & Eliminates Risks of Blocking
Legitimate Clients
World’s Fastest DNS Caching Server with 17 million qps
High Performance of ACL, RPZ & DNSSEC
Ensures Unparalleled High-Availability with Anycast Resilience
Decreases Costs & Network Complexity
No need to pile up DNS servers and expensive load-balancers
Improved User Experience with Ultra Low Latency
Unequalled Cache Hit Rate (CHR) with Multicast Cache Sharing
Persistent Cache (Restart & Restore)
- 22. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015
DNS Security Performance & Intelligence
Page 22
Complete Coverage of DNS Services
Public & Private
Comprehensive Attack Type Detection
Volumetric, Stealth & Exploit Attacks
Smart & Adaptive Threat Protection
Block, Quarantine & Rescue Modes
Simple to Deploy & Maintain
Cost Effective