Más contenido relacionado La actualidad más candente (20) Similar a Preparing for the Imminent Terabit DDoS Attack (20) Preparing for the Imminent Terabit DDoS Attack1. © 2014 Imperva, Inc. All rights reserved.
Preparing for the Imminent Terabit
DDoS Attack
Confidential1
Orion Cassetto, Sr. Product Marketing Manager, Incapsula
2. © 2014 Imperva, Inc. All rights reserved.
Agenda
Confidential2
§ Network DDoS trends
§ Is a Terabit DDoS attack imminent?
§ Attributes of a DDoS-resilient network
§ Infrastructure and DNS protection
3. © 2014 Imperva, Inc. All rights reserved.
Incapsula, An Imperva Company
Confidential3
§ Founded in 2009 by a group of security industry veterans
with strong expertise in web application security, online
safety, and identity theft
§ Spun out of, and subsequently, acquired by Imperva
§ Cloud-based solution includes
• Enterprise-grade Website Security
§ PCI-certified Web Application Firewall
• DDoS Protection
• Load Balancing & Failover
§ All fully integrated on top of our global CDN
4. © 2014 Imperva, Inc. All rights reserved.4
§ Product Marketing Manager for
Incapsula
§ Previously held product marketing
positions at Imperva and Armorize
Technologies
§ Experienced in Web app security and
SaaS security solutions
§ Holds degrees in Asian Studies and
Chinese Language from Washington
State University
Orion Cassetto
Sr. Product Marketing Manager, Incapsula
Confidential
5. © 2014 Imperva, Inc. All rights reserved.
DDoS Landscape – Attacks Getting Bigger
Confidential5
6. © 2014 Imperva, Inc. All rights reserved.
Average DDoS Attack Sizes Are Growing
Not only are big attacks getting bigger, average attack sizes
are also growing – in 2013 the mean attack size was
10Gbps.
Source: 2014 Verizon Data Breach Investigation Report
6 Confidential
7. © 2014 Imperva, Inc. All rights reserved.
Where Do We Stand Today?
34%
66%
<10Gbps
>=10Gbps
Two
thirds
of
a1acks
exceed
10Gbps
More
than
13%
exceed
40Gbps
7 Confidential
8. © 2014 Imperva, Inc. All rights reserved.
It’s Not All Bandwidth
More
than
25%
of
a1acks
exceed
10Mpps
Most
IPS/IDS
will
crash
at
5Mpps
8 Confidential
9. © 2014 Imperva, Inc. All rights reserved.
Recent Campaigns / SaaS Applications
9 Confidential
10. © 2014 Imperva, Inc. All rights reserved.
Recent Campaigns / DNS Providers
10 Confidential
11. © 2014 Imperva, Inc. All rights reserved.
How Are Attackers Reaching These Numbers?
§ Are botnets becoming bigger?
• No, according to www.shadowserver.org
§ Are there more open DNS resolvers?
• No, the number is actually declining according to
www.openresolverproject.org
§ Are there more open NTP servers?
• Probably not, www.openntpproject.org
§ So what is it then?
11 Confidential
12. © 2014 Imperva, Inc. All rights reserved.
§ They are using bigger guns
Example
of
a
4Mpps
a1ack
Less
than
30
IPs
are
generaIng
more
than
99%
of
the
traffic
12 Confidential
How Are Attackers Reaching These Numbers?
13. © 2014 Imperva, Inc. All rights reserved.
What Can We Learn From All This?
§ The stronger the Internet becomes, the stronger
the attacks
§ The largest attacks use a small set of super resources
rather than a large set of weak resources
§ Attacks will far exceed a single network’s capacity
§ Can we expect a 1Tbps+ attack within the next 12-36
months?
13 Confidential
14. © 2014 Imperva, Inc. All rights reserved.
A DDoS Resilient Network
Scalable
architecture
Scalable
business
model
=
Cloud
Different
assets
need
different
protecIon
(FTP
!=
HTTP
!=
DNS)
You
can’t
defend
yourself
from
what
you
don’t
see
React
quickly
to
preserve
the
false
posiIve
to
false
negaIve
balance
In depth
protection
Visibility
Rapid
response
Capacity
scale
14 Confidential
15. © 2014 Imperva, Inc. All rights reserved.
Threats Facing Various Online Services
TCP / UDP SSH FTP
DNS
Application
data
HTTP
Advanced
persistent
threats
(APT)
SQL
injecIon
DNS
query
a1ack
POST
flood
SYN
flood
DNS
amplificaIon
NTP
amplificaIon
Direct
IP
a1acks
15 Confidential
16. © 2014 Imperva, Inc. All rights reserved.
Incapsula DDoS Protection
TCP / UDP SSH FTP
DNS
Application
data
HTTP
Incapsula
Web
ApplicaIon
Firewall
Incapsula
ApplicaIon
protecIon
Incapsula
DNS
protecIon
Incapsula
Infrastructure
protecIon
16 Confidential
17. © 2014 Imperva, Inc. All rights reserved.
Incapsula Application Protection
Always On / On Demand
Protect HTTP/S Applications
Layer 3&4 and also Layer 7
17 Confidential
18. © 2014 Imperva, Inc. All rights reserved.
Incapsula DNS Protection - NEW
Always On Service
• Protect DNS servers
• Prevent Blacklisting
18 Confidential
19. © 2014 Imperva, Inc. All rights reserved.
Incapsula Infrastructure Protection - NEW
On Demand Service
Protect all services and protocols
Protect entire IP ranges
Layer 3&4 (Network)
19 Confidential
20. © 2014 Imperva, Inc. All rights reserved.
Scaling BGP
IP ranges are announced in Anycast
20 Confidential
21. © 2014 Imperva, Inc. All rights reserved.
Imperva Positioned as a Magic Quadrant Leader
Confidential
Gartner “Magic Quadrant for Web Application Firewalls” by Jeremy D'Hoinne, Adam Hils, Greg Young, Joseph Feiman, 17 June 2014.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon
request from Imperva. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors
with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all
warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
21
22. © 2014 Imperva, Inc. All rights reserved.
Webinar Materials
22
Join Imperva LinkedIn Group,
Imperva Data Security Direct, for…
Confidential
Post-Webinar
Discussions
Answers to
Attendee
Questions
Webinar
Recording Link
Join Group
23. © 2014 Imperva, Inc. All rights reserved. Confidential23
Questions?
www.imperva.com