Seguridad en Capas: Smart & Actionable Data

©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
Seguridad en Capas:
Smart & Actionable Data
Daniel Villanueva
Netscout Arbor VP & GM – LATAM
dvillanueva@arbor.net

2©2016 ARBOR® CONFIDENTIAL & PROPRIETARY
THE INTERNET
TRANSFORMS
THE HUMANITY

©2016 ARBOR® CONFIDENTIAL & PROPRIETARY 3
IOT Revolution
(Internet Of Things)
27 Billion Connected
Devices in 2017

Scan / Listen
Service
2
Report:
- Discovered IP
- Successful Credentials
TCP/48101
CnC
TCP/23
Telnet Scan
(TCP/23)
Brute Force
1
Already Compromised?
3
Install Bot Code
4
Loader
Check-In to
Command & Control
5
Bot
(compromised)
New IOT
Device
IOT: Mirai Botnet Propagation
And the beat goes on ...
1’
Telnet Scan
(TCP/23)
Brute Force
Telnet Scan
(TCP/23)
Brute Force
New Bot
(compromised)
~500,000 Infected
Devices

Bruce Schneier - renowned security technologist
https://www.schneier.com/blog/archives/2017/02/security_and_th.html
“The market can't fix this because neither the buyer nor the seller
cares.
The owners of the webcams and DVRs used in the denial-of-service attacks
don't care. Their devices were cheap to buy, they still work, and they
don't know any of the victims of the attacks.
The sellers of those devices don't care: They're now selling newer and
better models, and the original buyers only cared about price and
features.
There is no market solution, because the insecurity is what economists
call an externality: It's an effect of the purchasing decision that
affects other people. Think of it kind of like invisible pollution.”
How will this get any better ?...

1.7K
KNOWN DATA BREACHES
7.5M
DDoS ATTACKS
Just last year…
1 Attack
Every 4.2
Seconds
57% of
Enterprises
saw their
Bandwidth
Saturated
due to
DDoS
DDoS is the
Top Threat
for Service
Providers,
and 87% had
Reported
Attacks
44% of
Advanced
Attacks did
not use
Malwares
15%
Increase
vs 2016

Source: Worldwide Infrastructure Security Report. Arbor Networks, Inc.
In 2016 sizes, frequency and complexity of
attacks have increased dramatically
IoT Botnets becomes a reality
DDoS: Year-over-Year Growth
2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
24
Gbps
40
Gbps
49
Gbps
100
Gbps
60
Gbps
62
Gbps
309
Gbps
395
Gbps
490
Gbps
800
Gbps

2016
600G
500G
400G
300G
200G
100G
DDoS Revolution: IoT Botnet Impact
Inbound DDoS Traffic in a Brazilian ISP
Sept AugOct Nov Feb Mar Apr May June JulyDec
SustainedattackIoTBotnetobserved

October 2016: Massive Attack to Internet

DYN down and disrupts the Internet

2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
24
Gbps
40
Gbps
49
Gbps
100
Gbps
60
Gbps
62
Gbps
309
Gbps
395
Gbps
490
Gbps
800
Gbps
641
Gbps
The attacker economy is cyclical in nature.
In 2017, multiple Mirai clones appears.
New attack tools like “Windows Mirai Trojan”
and “IoT Reaper”
24
Gbps
40
Gbps
49
Gbps
100
Gbps
60
Gbps
62
Gbps
309
Gbps
395
Gbps
490
Gbps
800
Gbps

DDoS Botnet Monetization Growth

DDoS Botnet Monetization

2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
24
Gbps
40
Gbps
49
Gbps
100
Gbps
60
Gbps
62
Gbps
309
Gbps
395
Gbps
490
Gbps
800
Gbps
641
Gbps
24
Gbps
40
Gbps
49
Gbps
100
Gbps 60
Gbps
62
Gbps
309
Gbps
395
Gbps
490
Gbps
800
Gbps
641
Gbps
1.7
Tbps
In 2018 new Reflection/Amplification attacks
techniques abuse Memcached service and
generate 1.7 Tbps of attack traffic
Also new ways to detect, and compromise
IoT devices, even those thought to be secure
behind firewalls.
24
Gbps
40
Gbps
49
Gbps
100
Gbps
60
Gbps
62
Gbps
309
Gbps
395
Gbps
490
Gbps
800
Gbps
641
Gbps

Memcached DDoS Reflection Attack
Memcached is an in-memory database caching
system to improve the performance of database-
driven of Internet-facing services.
The default implementation has no authentication
Deployed as listening on port UPD/TCP 11211
Combine this with IP spoofing and the results is a
1.3 Tbps DDoS Reflection attack!
Amplification factor
1:500.000

February 2018 - Memcached DDoS
Extortion note demanded payment of 50 XMR
(Monero cryptocurrency). Approx. U$S 15,000

March 2018 - Memcached DDoS
Arbor confirmed a 1.7 Tbps attack
targeted at a customer of a U.S. based
Service Provider
It has been recorded by our ATLAS global
traffic system
That Service Provider had capabilities to
defend against an attack of this nature.
No outages were reported

Y ?????....Como me afecta a MI ?

19
Ataques a Peru (Max) – Ultimo año

20
Ataques a Peru (Max) – Ultimos 3 meses

WHO
WE ARE
> 100 Countries
Protecting
World’s Largest
Networks
The Leading
Authority

History of ARBOR NETWORKS
TIER 1 & 2
SERVICE PROVIDERS
TIER 1, 2 & 3
SERVICE & CLOUD
PROVIDERS
CLOUD PROVIDERS &
ENTERPRISE DDoS
APT
ENTERPRISE
VISIBILITY
TRAFFIC & DDoS
VISIBILITY
DDoS
PROTECTION
Full Layered DDoS
PROTECTION SOLUTION
ADVANCED
THREAT
FOCUS
EXECUTION
PARTNERS
PEOPLE
INTELLIGENCE
2001 2007 2014 2016

SERVICE
PROVIDERS
80%
of Tier 2
100%
of Tier 1 ENTERPRISES
90% of Main Cloud
& Web Hoster
Providers
9/10 of Top
Online Brands

HOW
WE
DO IT
We See What
Others Can’t
Service
Excellence
Continuous
Innovation

NETWORK TRAFFIC
VISIBILITY IS THE
ULTIMATE TRUTH

Ingest of traffic at +140Tbps
Visibility of
of Internet Traffic
Malware
Samples per Day
30%
200K

INTELLIGENCE IS
THE FOUNDATION

ASNs: 44,570
Unique IPv4
Addresses:
2.63B
“Dark” IPv4
Addresses:
1.76M

CONTINUOUS
INNOVATION WITH
LAYERED SOLUTION

NETSCOUT Security
Vision

CyberSec y sus Analogias

????

Small Data, Big Problem
BIG DATA
Net
DATA
Sec
DATA
App
DATA
xxx
DATA

Como se oculta un elefante ?

In Today’s Enterprise…
…Managing ‘change’ is key to
success
…SaaS, Cloud, Virtualization….
…Regulatory frameworks, customer
expectation, velocity…
THE CONNECTED
WORLD IS BUSINESS

…. Cyber Risk is Top of Mind
• Many organizations do not maximize their success:
– Lack of control slows down change adoption
– Increasing costs from digital transformation
• Limited actionable threat awareness, impacts risk management
• Increased Threat Surface
• Increased Data Variability
• Increased Number of Tools

There is NO Peacetime
3.4M records lost YTD (Feb)
in 2018, up 48.8% on 2017
Multi-vector cyber attacks
are much more common
Threats
everywhere

Advanced Threat: Slices of Threat Visibility
• Different data sources, granularity & detection methodology
• Enterprises need a COMPLETE picture to identify and contain threats quickly
Internet Threats Enterprise Network Threats Private/Public Cloud,Virtualization, etc..
Smart Data Core

Small Data, Big Problem
BIG DATA
Net
DATA
Sec
DATA
App
DATA
xxx
DATA

NETSCOUT Smart Data, For Security
SMART
DATA
CORE
Packet telemetry - Anywhere
Consistent visibility – Everywhere

A Security Portfolio for the Future
Arbor SP
NETSCOUT
SMART DATA
Arbor Threat Mitigation System
Arbor CLOUD
Internet
Enterprise
Arbor APS

WE ARE GUARDIANS
OF THE CONNECTED
WORLD

Thank You !

Seguridad en Capas: Smart & Actionable Data

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Seguridad en Capas: Smart & Actionable Data

Ähnlich wie Seguridad en Capas: Smart & Actionable Data (20)

Mehr von Cristian Garcia G.

Mehr von Cristian Garcia G. (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Seguridad en Capas: Smart & Actionable Data