1.
Arbor Networks
Poland. 3rd October 2013
Simon Cartwright
Director of Security Services!

2.
Agenda
• Who
is
Arbor
?
• What
is
DDoS
• Evolu3on
of
DDoS
• Trends
in
DDoS
• A9ack
Traffic
Details
Poland
• Protec3on
Op3ons
• The
Enterprise
Ques3on
• Visibility
&
Control
• Ne3a/Arbor/NCR
Partnership
• Ques3ons.
At
Booth

3.
4
Arbor - a Trusted & Proven Vendor Securing the World’s
Largest and Most Demanding Networks
90%
Percentage
of
world’s
Tier
1
service
providers
who
are
Arbor
customers
107
Number
of
countries
with
Arbor
products
deployed
47.1
Tbps
Amount
of
global
traffic
monitored
by
the
ATLAS
security
intelligence
ini3a3ve
right
now
–
25%
of
global
Internet
traffic!
#1
Arbor
market
posi3on
in
Carrier,
Enterprise
and
Mobile
DDoS
equipment
market
segments
–
61%
of
total
market
[Infone3cs
Research
Dec
2011]
Number
of
years
Arbor
has
been
delivering
innova3ve
security
and
network
visibility
technologies
&
products
13
$16B
2011
GAAP
revenues
[USD]
of
Danaher
–
Arbor’s
parent
company
providing
deep
financial
backing

4.
Arbor’s proud history of
productizing innovation
in distributed networks.#
Arbor is the most
trusted and widely
deployed solution for
DDoS & Botnets.#
Arbor sees more global
traffic and threats than
anyone else on the planet."
Only Arbor has a fully
integrated solution to
quickly detect & stop
advanced threats."
• Honored as a top 10 global innovations#
• Key patents in networking & security.#
• Analyzing over 48TB of data per second#
• Monitoring over 110K malware families#
• Integrated to detect & stop threats anywhere#
• See beyond the network through ATLAS#
• Over 90% of the world’s Tier 1 ISPs#
• 9 of the top 10 largest business networks#
Arbor Networks Overview

5.
Threat Landscape Era’s
Network
Protocol
Content
Advanced
Threats
1999-­‐2005
2006-­‐2010
2010-­‐Today
§ Synflood (Trinoo/TFN)
§ Code Red
§ Slammer
§ Zotob
§ Conficker (2008)
§ Web Browser
§ Web Applications
§ Doc/PDF/etc.
§ Flash/Shockwave
§ Java
§ Aurora
§ Operation Payback
§ Stuxnet/Flame/Duqu
§ APT
§ Cyber Warfare

6.
During a Distributed Denial of Service (DDoS) attack,
compromised hosts or bots coming from distributed sources
overwhelm the target with illegitimate traffic so that the servers
can not respond to legitimate clients.
What is a DDoS Attack?
7

7.
DDoS
The DDoS weapon of
choice for Anonymous
activists LOIC, was
downloaded from the
internet 1.167.305 times
during 2011/12(sourceforge.net)

8.
DDoS Motivations
9

9.
Everyone is a Target
10

10.
DDoS Devastating Costs
11
*Neustar
Insights
DDoS
Survey:
Q1
2012
The
impact
of
loss
of
service
availability
goes
beyond
financials:
Opera@ons
Help
Desk
Recovery
Employee
Output
Penal@es
Lost
Business
Brand
&
Reputa@on
Damage
35%
of
those
a9acked
said
it
lasted
More
than
a
day
67%
of
retailers
said
outages
cost
$100,000
per
hour
21%
overall
said
outages
cost
$50,000
per
hour

11.
Today’s Attacks are More Frequent
12

12.
Today’s Attacks
13
2012
2013
(so
far….)
Number
of
A9acks
713
986
Average
Dura3on
38mins
37secs
29mins
50secs
Longest
A9ack
1day
16hrs
07secs
1day
4hrs
45mins
58secs

13.
Volumetric DDoS"
Bots &
Botnets"
Mobile
Malware"
Availability# Confidentiality#IMPACT"
THREAT
SPECTRUM"
The Next Generation of Threats

14.
Netia’s Unique Threat Ecosystem
16
The
ecosystem
between
smart
providers
&
enterprises
to
offer
comprehensive
protec3on
from
ac3ve
threats
Enterprise NetworksNetia
D
Enterprise
data
center
services
are
now
fully
available
and
secure
from
advanced
threats!

15.
Diverse end-points are accessing
your network from anywhere."
Your assets are
distributed everywhere."
Corporate
Offices"
Broadband"Mobile"
Content" Corporate
Servers &
Applications"
SaaS"
A Global, Hybrid infrastructure"
Private
Network"
Public
Clouds"
Internet"
The Global Network is Your Business

16.
CDNs"
Mobile
Carriers"
Service
Providers"
SaaS"
Cloud
Providers"
Enterprise
Perimeter"
Mobile
WiFi"
Employees"
Corporate
Servers"
Remote
Offices"
Internal
Apps"
Never see
the external
threat traffic"
Can’t
withstand a
direct attack"
Never see the
threat already
inside enterprise
"
Existing Solutions Have Critical Gaps

17.
Cloud"
Pravail"
Availability Protection System"
Pravail"
Network Security Intelligence"
See and stop the
threat anywhere#
Stop
the threat#
See the threat lurking
inside the enterprise#
CDNs"
Mobile
Carriers"
Service
Providers"
SaaS"
Cloud
Providers"
Enterprise
Perimeter"
Mobile
WiFi"
Employees"
Corporate
Servers"
Remote
Offices"
Threat Dashboard"
Netia’s Solution Bridges the Gaps
Internal
Apps"

18.
Users
An@-­‐Virus
IDS/IPS
NAC
Firewall
Secure
Trust
Perimeter
Mobile
Users
Malware
BYOD
Internet
Mobile
Users
Secure
Trust
Perimeter
Insider
Misuse
Home
Office(s)
Cloud
Services
VPN
Malware
Advanced Threats: From Outside AND Inside
Network boundaries are harder to define
– Cloud based data and applications
– Employee mobility / BYOD
– Home Working
Threats are harder to keep out
– Targeted threats
– Walk-in threats (on portable devices)
– Malicious insider
Challenge: Control & Security of business data, applications and services
as businesses evolve.
Data
Center

19.
Attack Mitigation. In Poland
CP
TMS

20.
Attack Mitigation. In Poland
CP
TMS

21.
Attack Mitigation. In Poland
1. Detect
(Network wide: CP using Flow)
CP
TMS

22.
Attack Mitigation. In Poland
1. Detect
(Network wide: CP using Flow)
2. Activate Mitigation (TMS)
CP
TMS

23.
Attack Mitigation. In Poland
1. Detect
(Network wide: CP using Flow)
2. Activate Mitigation (TMS)
3. Divert Traffic (Network wide: BGP OFF-Ramp announcement)
CP
TMS

24.
Attack Mitigation. In Poland
1. Detect
(Network wide: CP using Flow)
2. Activate Mitigation (TMS)
4. Clean the Traffic and forward the legitimate
(Network wide: using ON-Ramp Technique [e.g. MPLS, GRE, VLAN, …])
5. Protected
3. Divert Traffic (Network wide: BGP OFF-Ramp announcement)
CP
TMS

25.
Thank You
Questions?