SlideShare a Scribd company logo

Dns security overview

V
Vladimir2003

Efficient IP DNS Security Overview

Technology
1 of 23
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 360°DNS Security Solution To Protect Your Business
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 +40% Cyber Attacks +132% DDoS Attacks 2015 Security Context Symantec: Internet security threat report 2015 Source: Prolexic Quarterly Global DDoS Attack Report Q2 2015 Internet Security Team Report - Symantec & Verizon – 2014 +50 Million New Malwares IN OUT 41% of Internal Attacks Symantec: Internet security threat report 2013 IBM 2015 Cyber Security Intelligence report An Evolving Threat Environment
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Security Threat Landscape Page 3 DNS DDoS Amplification DNS Malware DNS Phishing Zero Day DNS Tunneling Man in the Middle DNS-based Exploits DNS Cache Poisoning DNS Flooding DNS Reflection Protocol Anomaly Water Torture Attacks Pulsar Attacks Phantom Attacks NX Domain Attacks Random Subdomain attacks Lock-up Domain Attacks Sloth Domain Attacks False Positive Triggering ... Greater Variety Greater Sophistication
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 The Hidden Threats In DNS Traffic Page 4 DNS Services Play A Dual Role In the “Kill-Chain” THREAT VECTOR FAVORITE TARGET
Confidential-Property of EfficientIP - All rights reserved-Copyright © 20155Page 5 DNS Attacks Classification Direct DoS, Amplification, Reflection attacks 3 Main Types of DNS Attacks EXPLOITS VOLUMETRIC Random QName, Phantom and Sloth attacks... DNS Tunnelling, poisoning, 0-day !! STEALTH
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Attack Objectives Page 6 Multiple DNS Targets For Many Objectives PUBLIC PRIVATE Business Downtime Embezzlement of Money Intellectual Property Theft Customer Data Theft Damaged Reputation Password Stealing Volumetric Stealth Exploits
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Attacks: Myth or Reality? A Threat for Every Industry *IDC 2014 DNS Security Survey 72% of Companies have Experienced DNS Attacks* Page 7
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Attacks: What Is At Stake? Page 8 Concrete Damages Experienced IDC 2014 DNS Security Survey 31% LOST PROFIT 44% APPLICATION DOWNTIME 41% INTELLECTUAL PROPERTY STOLEN 44% WEB SITE COMPROMISED
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Why Are DNS Attacks So Impacting? Page 9 Traditional Security Solutions Are Not Adapted to Mitigating DNS Attacks Firewall & Next Generation Firewall Anti-DDoS Appliances IPS Secure Web Gateway ... A Specialized Layer of Defense Is Required To Protect Users & DNS Services From Hidden Threats in DNS Traffic
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 EfficientIP DNS Security Vision Page 10 Protect All DNS Services From All Attack Types EXPLOITS PRIVATE PUBLIC VOLUMETRIC !! STEALTH
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015Page 11 EfficientIP Security Solution Strengthen Security Foundation Block 0-Day Vulnerabilities Enforce Best Practices Ensure DNS Continuity with Adaptive Security Advanced Attack Detection Graduated Countermeasures Secure Public DNS Availability Resiliency & Robustness Absorb Extreme DoS Attacks on Cache Servers Cache Security & Performance Protect Users & Block DNS- Based Malware Activity Prevent, Detect & Mitigate
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 SOLIDserver DNS Page 12
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Hardened Appliance Enforce DNS Security Best Practices SmartArchitecture Templates: Stealth DNS, Master-Slave, Multi-master Block Zero-Day Vulnerabilities: Hybrid DNS Engines Three DNS Engines transparently Managed as a single entity Mitigate Amplification & Reflection Threat Response Rate Limiting (RRL) Ensure Data Integrity & Authenticity DNSSEC Automation: “One Click” Deployment Page 13 SOLIDserver DNS IT Night WINNER Best Security Product 2014 Most Innovative Security Solution SOLIDserver Security Foundation PUBLIC & PRIVATE
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Cloud Page 14
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Amazon Route53 Integration Advanced Protection For DDoS & 0-Day 52 DNS Spots – Hybrid DNS engine High-Availability & Performance Anycast resiliency – Ultra Low Latency Simple & Flexible Deployment –Management – Reversibility Cost-Effective Page 15 DNS Services In the Cloud PUBLIC UNIFIED MANAGEMENT OF IN-HOUSE & AMAZON CLOUD DNS
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Firewall Page 16
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Firewall Page 17 PROTECT AGAINST MALWARE AND PHISHING WITH RESPONSE POLICY ZONE PRIVATE DNS SERVICES Prevent Initial Infection Block malicious sites Detect and Block Malware Activity Users & Applications, CnC Communications Mitigate Data Exfiltration Locate Infected Devices to Remediate
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Guardian Page 18
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Guardian Page 19 Inside DNS Transaction Analysis For Accurate Attack Detection Global & Per IP Statistics (cache & recursive) Volumetric, Stealth & Exploit Attacks Detection Tunnelling, RQName attacks, phantom attacks, anomalies Graduated Protection With Smart Countermeasures Block source IPs of the attacks Quarantine suspected source IPs of attacks Patented Rescue Mode: Ensure service continuity even if the attack source is unidentifiable. ADAPTIVE DNS SECURITY PRIVATE DNS SERVICES
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Comprehensive DNS Security Solution Page 20
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Blast: Cache Security & Performance Page 21 Absorbs DoS Attacks on DNS Cache & Eliminates Risks of Blocking Legitimate Clients World’s Fastest DNS Caching Server with 17 million qps High Performance of ACL, RPZ & DNSSEC Ensures Unparalleled High-Availability with Anycast Resilience Decreases Costs & Network Complexity No need to pile up DNS servers and expensive load-balancers Improved User Experience with Ultra Low Latency Unequalled Cache Hit Rate (CHR) with Multicast Cache Sharing Persistent Cache (Restart & Restore)
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Security Performance & Intelligence Page 22 Complete Coverage of DNS Services Public & Private Comprehensive Attack Type Detection Volumetric, Stealth & Exploit Attacks Smart & Adaptive Threat Protection Block, Quarantine & Rescue Modes Simple to Deploy & Maintain Cost Effective
Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Thanks for your attention! Page 23

Recommended

EfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerabilityEfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerability
EfficientIP
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
SWITCHPOINT NV/SA
 
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeNext generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
Netpluz Asia Pte Ltd
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
Corero Network Security
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
SWITCHPOINT NV/SA
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 

Recommended

EfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerabilityEfficientIP webinar mitigate dns zero day vulnerability
EfficientIP webinar mitigate dns zero day vulnerability
EfficientIP
 
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
EfficientIP presentation used during the SWITCHPOINT NV/SA Quarterly Experien...
SWITCHPOINT NV/SA
 
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgradeNext generation storage: eliminating the guesswork and avoiding forklift upgrade
Next generation storage: eliminating the guesswork and avoiding forklift upgrade
Jisc
 
Netpluz corp presentation 2020
Netpluz corp presentation 2020Netpluz corp presentation 2020
Netpluz corp presentation 2020
Netpluz Asia Pte Ltd
 
DDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service ProvidersDDoS - a Modern Day Opportunity for Service Providers
DDoS - a Modern Day Opportunity for Service Providers
Corero Network Security
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
PALO ALTO presentation used during the SWITCHPOINT NV/SA Quarterly Experience...
SWITCHPOINT NV/SA
 
Fidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception SolutionFidelis - Live Demonstration of Deception Solution
Fidelis - Live Demonstration of Deception Solution
Fidelis Cybersecurity
 
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
Deploy360 Programme (Internet Society)
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
African Cyber Security Summit
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
Cloudflare
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
Jisc
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
Imperva Incapsula
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
Mundo Contact
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
Sectricity
 
DDoS Protection System DPS
DDoS Protection System DPSDDoS Protection System DPS
DDoS Protection System DPS
Alexander Velikiy
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
MarketingArrowECS_CZ
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
Imperva Incapsula
 
What You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderWhat You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF Provider
Cloudflare
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
MarketingArrowECS_CZ
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
Belsoft
 
9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time 9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time
Haltdos
 
My Final Year Project PPT
My Final Year Project PPTMy Final Year Project PPT
My Final Year Project PPT
MOHAMMEDELALAM1
 
SonicWall
SonicWallSonicWall
SonicWall
NEOTD Tech Events .
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
ASBIS SK
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
Bangladesh Network Operators Group
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
Philippe Camacho, Ph.D.
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
Sam Bowne
 

More Related Content

What's hot

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
Cloudflare
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
BAKOTECH
 

What's hot (20)

ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
Palo Alto Networks - Magnifier
Palo Alto Networks - MagnifierPalo Alto Networks - Magnifier
Palo Alto Networks - Magnifier
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
[Webinar] DDoS Pentester Reveals: How Hackers Find Your Website’s Weak Points...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Palo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation FirewallPalo Alto Networks y la tecnología de Next Generation Firewall
Palo Alto Networks y la tecnología de Next Generation Firewall
 
SafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto ManagementSafeNet Enterprise Key and Crypto Management
SafeNet Enterprise Key and Crypto Management
 
DDoS Protection System DPS
DDoS Protection System DPSDDoS Protection System DPS
DDoS Protection System DPS
 
Forcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelůForcepoint - Analýza chování uživatelů
Forcepoint - Analýza chování uživatelů
 
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS AttackAn Inside Look at a Sophisticated Multi-Vector DDoS Attack
An Inside Look at a Sophisticated Multi-Vector DDoS Attack
 
What You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF ProviderWhat You're Missing With Your Current WAF Provider
What You're Missing With Your Current WAF Provider
 
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho ITJak využít cloudu pro zvýšení bezpečnosti vašeho IT
Jak využít cloudu pro zvýšení bezpečnosti vašeho IT
 
Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013Palo Alto Networks 28.5.2013
Palo Alto Networks 28.5.2013
 
9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time 9 Steps For Fighting Against a DDos Attack in real-time
9 Steps For Fighting Against a DDos Attack in real-time
 
My Final Year Project PPT
My Final Year Project PPTMy Final Year Project PPT
My Final Year Project PPT
 
SonicWall
SonicWallSonicWall
SonicWall
 
SafeNet - Data Protection Company
SafeNet - Data Protection CompanySafeNet - Data Protection Company
SafeNet - Data Protection Company
 
Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5Protection and Visibitlity of Encrypted Traffic by F5
Protection and Visibitlity of Encrypted Traffic by F5
 

Viewers also liked

DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
Peter R. Egli
 
Avoiding dns amplification attacks
Avoiding dns amplification attacksAvoiding dns amplification attacks
Avoiding dns amplification attacks
Lucas Kauffman
 
Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc.
Osaka University
 

Viewers also liked (20)

Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
CNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS SecurityCNIT 40: 1: The Importance of DNS Security
CNIT 40: 1: The Importance of DNS Security
 
MongoDB NoSQL database a deep dive -MyWhitePaper
MongoDB NoSQL database a deep dive -MyWhitePaperMongoDB NoSQL database a deep dive -MyWhitePaper
MongoDB NoSQL database a deep dive -MyWhitePaper
 
DNS - Domain Name System
DNS - Domain Name SystemDNS - Domain Name System
DNS - Domain Name System
 
Opera vpn
Opera vpnOpera vpn
Opera vpn
 
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic ManagerDNS Security (DNSSEC) With BIG-IP Global Traffic Manager
DNS Security (DNSSEC) With BIG-IP Global Traffic Manager
 
Avoiding dns amplification attacks
Avoiding dns amplification attacksAvoiding dns amplification attacks
Avoiding dns amplification attacks
 
Drilling Down Into DNS DDoS
Drilling Down Into DNS DDoSDrilling Down Into DNS DDoS
Drilling Down Into DNS DDoS
 
Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc. Introduction of Mirai Translate, Inc.
Introduction of Mirai Translate, Inc.
 
Dns reflection attacks webinar slides
Dns reflection attacks webinar slidesDns reflection attacks webinar slides
Dns reflection attacks webinar slides
 
Dns Amplification Zafiyeti
Dns Amplification ZafiyetiDns Amplification Zafiyeti
Dns Amplification Zafiyeti
 
IOT security
IOT securityIOT security
IOT security
 
The Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and CaretoThe Other Advanced Attacks: DNS/NTP Amplification and Careto
The Other Advanced Attacks: DNS/NTP Amplification and Careto
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
 
Finding Evil In DNS Traffic
Finding Evil In DNS TrafficFinding Evil In DNS Traffic
Finding Evil In DNS Traffic
 
Security Onion Conference - 2016
Security Onion Conference - 2016Security Onion Conference - 2016
Security Onion Conference - 2016
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Bretagne mobile know how at MWC 2017
Bretagne mobile know how at MWC 2017 Bretagne mobile know how at MWC 2017
Bretagne mobile know how at MWC 2017
 
Dns security
Dns securityDns security
Dns security
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?
 

Similar to Dns security overview

PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PROIDEA
 
Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5
Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5
Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5
Cristian Garcia G.
 
Cloudshield-DNS_Defender-Data-Sheet
Cloudshield-DNS_Defender-Data-SheetCloudshield-DNS_Defender-Data-Sheet
Cloudshield-DNS_Defender-Data-Sheet
Chad Krantz
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
F5 Networks
 

Similar to Dns security overview (20)

Exhibitor session: Efficient IP
Exhibitor session: Efficient IPExhibitor session: Efficient IP
Exhibitor session: Efficient IP
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
Attack Prevention Solution for RADWARE
Attack Prevention Solution for RADWAREAttack Prevention Solution for RADWARE
Attack Prevention Solution for RADWARE
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
 
ddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdf
 
Checkpoint Portfolio.pptx
Checkpoint Portfolio.pptxCheckpoint Portfolio.pptx
Checkpoint Portfolio.pptx
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5
Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5
Seguridad: Realidad o Ficción: Control y Seguridad en sus Aplicaciones F5
 
DNS Security Presentation ISSA
DNS Security Presentation ISSADNS Security Presentation ISSA
DNS Security Presentation ISSA
 
DNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS ProtectionDNS and Infrastracture DDoS Protection
DNS and Infrastracture DDoS Protection
 
WHOIS Database for Incident Response & Handling
WHOIS Database for Incident Response & HandlingWHOIS Database for Incident Response & Handling
WHOIS Database for Incident Response & Handling
 
F5 DDoS Protection
F5 DDoS ProtectionF5 DDoS Protection
F5 DDoS Protection
 
Cloudshield-DNS_Defender-Data-Sheet
Cloudshield-DNS_Defender-Data-SheetCloudshield-DNS_Defender-Data-Sheet
Cloudshield-DNS_Defender-Data-Sheet
 
Strengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure DesignStrengthen DNS Through Infrastructure Design
Strengthen DNS Through Infrastructure Design
 
Check Point Ddos protector
Check Point Ddos protectorCheck Point Ddos protector
Check Point Ddos protector
 
Preparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS AttackPreparing for the Imminent Terabit DDoS Attack
Preparing for the Imminent Terabit DDoS Attack
 
Radware Cloud Security Services
Radware Cloud Security ServicesRadware Cloud Security Services
Radware Cloud Security Services
 
Cisco Live Cancun PR Session
Cisco Live Cancun PR SessionCisco Live Cancun PR Session
Cisco Live Cancun PR Session
 
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS AttackAn Inside Look at a Sophisticated, Multi-vector DDoS Attack
An Inside Look at a Sophisticated, Multi-vector DDoS Attack
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

Dns security overview

  • 1. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 360°DNS Security Solution To Protect Your Business
  • 2. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 +40% Cyber Attacks +132% DDoS Attacks 2015 Security Context Symantec: Internet security threat report 2015 Source: Prolexic Quarterly Global DDoS Attack Report Q2 2015 Internet Security Team Report - Symantec & Verizon – 2014 +50 Million New Malwares IN OUT 41% of Internal Attacks Symantec: Internet security threat report 2013 IBM 2015 Cyber Security Intelligence report An Evolving Threat Environment
  • 3. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Security Threat Landscape Page 3 DNS DDoS Amplification DNS Malware DNS Phishing Zero Day DNS Tunneling Man in the Middle DNS-based Exploits DNS Cache Poisoning DNS Flooding DNS Reflection Protocol Anomaly Water Torture Attacks Pulsar Attacks Phantom Attacks NX Domain Attacks Random Subdomain attacks Lock-up Domain Attacks Sloth Domain Attacks False Positive Triggering ... Greater Variety Greater Sophistication
  • 4. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 The Hidden Threats In DNS Traffic Page 4 DNS Services Play A Dual Role In the “Kill-Chain” THREAT VECTOR FAVORITE TARGET
  • 5. Confidential-Property of EfficientIP - All rights reserved-Copyright © 20155Page 5 DNS Attacks Classification Direct DoS, Amplification, Reflection attacks 3 Main Types of DNS Attacks EXPLOITS VOLUMETRIC Random QName, Phantom and Sloth attacks... DNS Tunnelling, poisoning, 0-day !! STEALTH
  • 6. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Attack Objectives Page 6 Multiple DNS Targets For Many Objectives PUBLIC PRIVATE Business Downtime Embezzlement of Money Intellectual Property Theft Customer Data Theft Damaged Reputation Password Stealing Volumetric Stealth Exploits
  • 7. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Attacks: Myth or Reality? A Threat for Every Industry *IDC 2014 DNS Security Survey 72% of Companies have Experienced DNS Attacks* Page 7
  • 8. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Attacks: What Is At Stake? Page 8 Concrete Damages Experienced IDC 2014 DNS Security Survey 31% LOST PROFIT 44% APPLICATION DOWNTIME 41% INTELLECTUAL PROPERTY STOLEN 44% WEB SITE COMPROMISED
  • 9. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Why Are DNS Attacks So Impacting? Page 9 Traditional Security Solutions Are Not Adapted to Mitigating DNS Attacks Firewall & Next Generation Firewall Anti-DDoS Appliances IPS Secure Web Gateway ... A Specialized Layer of Defense Is Required To Protect Users & DNS Services From Hidden Threats in DNS Traffic
  • 10. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 EfficientIP DNS Security Vision Page 10 Protect All DNS Services From All Attack Types EXPLOITS PRIVATE PUBLIC VOLUMETRIC !! STEALTH
  • 11. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015Page 11 EfficientIP Security Solution Strengthen Security Foundation Block 0-Day Vulnerabilities Enforce Best Practices Ensure DNS Continuity with Adaptive Security Advanced Attack Detection Graduated Countermeasures Secure Public DNS Availability Resiliency & Robustness Absorb Extreme DoS Attacks on Cache Servers Cache Security & Performance Protect Users & Block DNS- Based Malware Activity Prevent, Detect & Mitigate
  • 12. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 SOLIDserver DNS Page 12
  • 13. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Hardened Appliance Enforce DNS Security Best Practices SmartArchitecture Templates: Stealth DNS, Master-Slave, Multi-master Block Zero-Day Vulnerabilities: Hybrid DNS Engines Three DNS Engines transparently Managed as a single entity Mitigate Amplification & Reflection Threat Response Rate Limiting (RRL) Ensure Data Integrity & Authenticity DNSSEC Automation: “One Click” Deployment Page 13 SOLIDserver DNS IT Night WINNER Best Security Product 2014 Most Innovative Security Solution SOLIDserver Security Foundation PUBLIC & PRIVATE
  • 14. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Cloud Page 14
  • 15. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Amazon Route53 Integration Advanced Protection For DDoS & 0-Day 52 DNS Spots – Hybrid DNS engine High-Availability & Performance Anycast resiliency – Ultra Low Latency Simple & Flexible Deployment –Management – Reversibility Cost-Effective Page 15 DNS Services In the Cloud PUBLIC UNIFIED MANAGEMENT OF IN-HOUSE & AMAZON CLOUD DNS
  • 16. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Firewall Page 16
  • 17. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Firewall Page 17 PROTECT AGAINST MALWARE AND PHISHING WITH RESPONSE POLICY ZONE PRIVATE DNS SERVICES Prevent Initial Infection Block malicious sites Detect and Block Malware Activity Users & Applications, CnC Communications Mitigate Data Exfiltration Locate Infected Devices to Remediate
  • 18. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Guardian Page 18
  • 19. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Guardian Page 19 Inside DNS Transaction Analysis For Accurate Attack Detection Global & Per IP Statistics (cache & recursive) Volumetric, Stealth & Exploit Attacks Detection Tunnelling, RQName attacks, phantom attacks, anomalies Graduated Protection With Smart Countermeasures Block source IPs of the attacks Quarantine suspected source IPs of attacks Patented Rescue Mode: Ensure service continuity even if the attack source is unidentifiable. ADAPTIVE DNS SECURITY PRIVATE DNS SERVICES
  • 20. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Comprehensive DNS Security Solution Page 20
  • 21. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Blast: Cache Security & Performance Page 21 Absorbs DoS Attacks on DNS Cache & Eliminates Risks of Blocking Legitimate Clients World’s Fastest DNS Caching Server with 17 million qps High Performance of ACL, RPZ & DNSSEC Ensures Unparalleled High-Availability with Anycast Resilience Decreases Costs & Network Complexity No need to pile up DNS servers and expensive load-balancers Improved User Experience with Ultra Low Latency Unequalled Cache Hit Rate (CHR) with Multicast Cache Sharing Persistent Cache (Restart & Restore)
  • 22. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 DNS Security Performance & Intelligence Page 22 Complete Coverage of DNS Services Public & Private Comprehensive Attack Type Detection Volumetric, Stealth & Exploit Attacks Smart & Adaptive Threat Protection Block, Quarantine & Rescue Modes Simple to Deploy & Maintain Cost Effective
  • 23. Confidential-Property of EfficientIP - All rights reserved-Copyright © 2015 Thanks for your attention! Page 23