Attacks evenly split across network and application layers
Web-based attacks remain the single most common attack vector
1 in every 4 are HTTPS
Increase reflective attacks cause UDP attacks to increase
From 7% in 2013 to 16% in 2014
Reflective attacks represent 2014’s single largest DDoS “headache”
3. The Rise of the Continuous Attack
Longer, larger and more sophisticated
attacks. Constant attacks on the rise.
In previous years - attacks that were considered
“constant” never exceeded 6%
In 2014 - 19% were considered “constant”
Attack size also increases – 1 of 7 attacks larger
than 10G in 2014.
%
5%
10%
15%
20%
25%
30%
35%
40%
Less than a day 1 hour-1 day 1 day-1 week over a week Constantly
2011 2012 2013 2014
In 2014, 19% of attacks
were considered “constant”
4. No One is Immune – Unexpected Targets
Threats in new industries, organizational
sizes and technology deployments
Healthcare and Education – unexpected targets
now at risk
Gaming, Hosting and ISP companies – increased
likelihood
2014 Change from 2013
4
5. Reflective Attacks – the Largest DDoS Headache
Attacks evenly split across network and application
layers
Web-based attacks remain the single most
common attack vector
– 1 in every 4 are HTTPS
Increase reflective attacks cause UDP attacks to
increase
– From 7% in 2013 to 16% in 2014
Reflective attacks represent 2014’s single largest
DDoS “headache”
10%
16%
6%
18%
Network 51%
TCP- Other UDP
IPv6 1% TCP-SYN Flood
ICMP
9%
23%
16%
Application 49%
VoIP 1% Web (HTTP/HTTPS)
SMTP DNS
6. Complexity of Attacks Continues to Grow
Multi-vector attacks target all layers of the infrastructure
IPS/IDS
“Low & Slow” DoS
attacks (e.g.Sockstress)
Large volume network
flood attacks
Syn
Floods
Network
Scan
HTTP Floods
SSL Floods App Misuse
Brute Force
Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection
Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server
6
7. The Need: High Performance with Comprehensive Protection
Protection from both sophisticated and volumetric attacks.
Carriers and cloud providers
- Need to support a growing number of customers with increased complexity and capacity.
- Require high end devices that can handle growth and scale (mitigation, bandwidth, complexity
and number of served customers).
Current competitor offerings today require to chose between high performance and
attack mitigation coverage/quality
7
9. Radware’s New Attack Mitigation Platform
Widest range of protections at high mitigation capacity, including UDP reflection attacks,
fragmented and out-of-stack floods
Up to 300Gbps throughput inspection while allowing customers to enjoy the widest range of
simultaneous cyber-attack protection in the industry
230M PPS anti-DDoS along with best-in-class DNS, SIP, SMTP, HTTPS, and other application
protections
Commercial grade out-of-the-box compliance and customer tenancy managing over 1,000
policies in a secure Role-Based Access control format
First dedicated attack mitigation platform to offer 100G interfaces
No compromise: High performance + High mitigation capacity + Widest protection
9
10. DefensePro x4420 - Technical Highlights
Total throughput up to 300G
- Legit traffic throughput up to 160G
- BW license 50G/100G/160G
High port density (with any port type support)
- 4x100G (QSFP28)
- 4 x 40GbE (QSFP+)
- 20 x 1/10GbE (SFP+)
New ‘Performance’ mode - up to 230M Attack
PPS (supports SYN protection, packet anomaly,
BL/WL)
Up to 1,000 active policies
Space conservative - only 2U of rack space
DefensePro x4420
11. DefensePro Layers of Defense
Behavioral-based protections
DME
DDoS Mitigation Engine
(230M PPS)
L7 Regex Acceleration
ASIC
Multi Purpose Multi Cores CPU’s
& Reputation Engine
Hardware Architecture – Tailored for Attack Mitigation
11
12. Multi Tenancies Support
Separate processing capabilities per tenant
Role based access control for management permissions per policy
Each tenant can view and monitor only the resources that are relevant for them
Personalized, per tenant, historical reporting, dashboards and event management
12
13. DefensePro x4420 - Summary
Highest rate mitigation with widest coverage - up to 230M PPS
Any port connectivity - including 100G ports
Designed for multi tenancy (MSSP/Carriers/Cloud) - Up to 1000 policies
New scalable SW Architecture
Compact form factor – 2U only
16. DefensePro x4420 Technical Specification
Features DefensePro x4420
DefensePro Model DP model 504420 – 50 Gbps
DP model 1004420 – 100 Gbps
DP model 1604420 – 160 Gbps
Network Location Core Network
Hardware Platform OnDemand Switch HT
Performance
Capacity 300 Gbps
Max Legit Throughput 160 Gbps
Max Concurrent Sessions 25,000,000
Maximum DDoS Flood Attack
Prevention Rate
230,000,000 packets per second
Latency 60 micro seconds
Real time signatures Detect and protect attacks in less than 18 seconds
Physical Ports
Traffic Ports 4x 100 GbE QSFP28
4 x 40 GbE QSFP+
20 x 10GbE SFP+
Management Ports 2 * 1 Gbe Copper, out of band
RS-232 RJ-45 Serial Connection
16
17. DefensePro x4420 Technical Specification – Cont.
Features DefensePro x4420
Operation Mode
Network Operation Transparent L2 Forwarding, IP Forwarding
Deployment Modes In-line; SPAN Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center
solution)
Tunneling protocols support VLAN Tagging, L2TP, MPLS, GRE, GTP, IPinIP
IPv6 Full IPv6 support for detection and mitigation
Policy Action Block & Report, Report Only
Block Actions Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest
port or any combination), Challenge-Response for TCP, HTTP and DNS suspicious traffic
High Availability
Dual Power Supply Yes
Advanced internal overload
mechanism
Yes
High Availability deployment -
Active-Passive
Yes
17
18. DefensePro x4420 Technical Specification – Cont.
Features DefensePro x4420
Physical
Dimensions (W x D x H) mm 2U: 424x600x88 mm
EIA Rack or Standalone: 482 mm (19 in)
Weight (kg, lb) 18.7Kg
Power Supply Auto-range supply:
AC: 100-240 V, 47-63 Hz
DC: -36~-72 V
Dual power supply (AC/DC)
Power Consumption 890W
Heat Dissipation (BTU/h) 2930 BTU/hr
Operating Temperature 0-40°C (32-104°F)
Humidity (non-condensing) Humidity: 5% to 95% non-condensing
Certifications Safety: CE LVD( EN 60950-1), CB - IEC 60950-1, CCC, cTUVus, C-Tick
EMC: CE EMC (EU directive 2004/108/EC), FCC Part 15B Class A, ICES-003, VCCI
RoHS Compliant (EU directive 2011/65/EC)
18
Notas do Editor
Cyber-attacks have reached a tipping point in terms of quantity, length, complexity and targets. Extra-large attacks are seen on a daily basis—and these attacks are targeting all types of organizations.
In 2014, one in seven attacks was larger than 10G. And we've seen attacks in the 100Gbps+ size range.
Attacks are evolving to become longer, larger and more sophisticated. Beyond just the growth in high-volume attacks, we are seeing constant attacks on the rise.
In Radware's 2014-2015 report on the threat landscape, almost 20% of respondents report that they were continuously under attacks in 2014.
Threats have expanded to a broader range of industries, organizational sizes and technology deployments.
Continuing a four-year trend, cyber-attacks were again split evenly between the network and application levels. That’s because attackers’ “interest” lies in multi-sector blended attacks.
Web attacks remain the single most common attack vector; for every four web-based attacks, three target HTTP and one is an HTTPS attack.
Reflective attacks started heating up in 2013 and remained a persistent threat throughout 2014.
While most of 2013’s reflected attacks targeted DNS, we saw more UDP based (NTP, CHARGEN) reflective attacks in 2014.
Which is why we see UDP attacks in general increased from 7% in 2013 to 16% in 2014.
What makes reflective attacks effective is the ease with which they can be generated— and the impact they can have on a network.
Reflected attacks make it comparatively easy not only to generate an extra-large attack but also to sustain it for an extended period.
Attackers are deploying multi-vulnerability attack campaigns by increasing the number of attack VECTORS they launch in parallel. To target your blind spot, different attack vectors target different layers of the network and data center, for example Net DDoS, App DDoS, Low & slow, SSL attacks and Web attacks. Even If only one vector will go undetected then the attack is successful and the result is highly destructive
To effectively mitigate all type of DoS/DDoS attacks you need to go beyond protection at the network layer and implement a solution that gives you protection from the wide range of attacks types across all layers of the infrastructure.
DoS protection to detect and mitigate all type of network DDoS attacks
Behavioral Analysis to protect against application DDoS and misuse attacks. Behavioral-based real-time signatures and challenge-response mechanism can block the attack traffic accurately without blocking legitimate user traffic.
IPS to block known attack tools and the low and slow attacks
SSL protection to protect against encrypted flood attacks
WAF, web application firewall, to prevent web application vulnerability exploitations
Organizations need comprehensive protection and high performance to protect from both sophisticated and volumetric attacks.
Carriers and cloud providers today
Need to support a growing number of customers with increased complexity and capacity.
Require high end devices that can handle all the scale items (mitigation, bandwidth, complexity and number of served customers).
Current competitor offerings today require to chose between high performance and attack mitigation coverage/quality
A10 (Thunder 6630 ADC or 6435 TPS) – relatively strong performance but limited attack coverage (only SYN floods on the ADC device, no behavioral on the TPS)
F5 (BIG-IP 10250) – high/medium performance (80Gbps, 850M CPS) with limited attack coverage (L3 only)
Arbor (Peakflow TMS) – good attack coverage but limited performance (40 Gbps, 40 Mpps + 10G ports)
The industry's most advanced and highest performance attack mitigation platform.
You no longer have to choose between performance and quality of protection.
Attack mitigation platform that goes beyond just SYN flood protection to offer a wide range of protections at high mitigation capacity, including UDP reflection attacks, fragmented and out-of-stack floods.
Industry leading defense breadth: Up to 300Gbps throughput inspection while allowing customers to enjoy the widest range of simultaneous cyber-attack protection in the industry.
Industry leading defense depth: 230M PPS anti-DDoS along with best-in-class DNS, SIP, SMTP, HTTPS, and other application protections.
Commercial grade out-of-the-box compliance and customer tenancy managing over 1,000 policies in a secure Role-Based Access control format.
First dedicated attack mitigation platform to offer 100G interfaces – providing best in class attack detection and mitigation in the most demanding operational environments.