DDoS Mitigation - DefensePro - RADWARE
•Transferir como PPTX, PDF•
2 gostaram•2,531 visualizações
Attacks evenly split across network and application layers Web-based attacks remain the single most common attack vector 1 in every 4 are HTTPS Increase reflective attacks cause UDP attacks to increase From 7% in 2013 to 16% in 2014 Reflective attacks represent 2014’s single largest DDoS “headache”
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (7)
Semelhante a DDoS Mitigation - DefensePro - RADWARE
Semelhante a DDoS Mitigation - DefensePro - RADWARE (20)
Último
Último (19)
DDoS Mitigation - DefensePro - RADWARE
- 1. Radware’s New Attack Mitigation Platform (DefensePro x4420) Deivid Toledo deivid.Toledo@wtrservices.com.br WTR Services 25 de Setembro 2015
- 3. The Rise of the Continuous Attack Longer, larger and more sophisticated attacks. Constant attacks on the rise. In previous years - attacks that were considered “constant” never exceeded 6% In 2014 - 19% were considered “constant” Attack size also increases – 1 of 7 attacks larger than 10G in 2014. % 5% 10% 15% 20% 25% 30% 35% 40% Less than a day 1 hour-1 day 1 day-1 week over a week Constantly 2011 2012 2013 2014 In 2014, 19% of attacks were considered “constant”
- 4. No One is Immune – Unexpected Targets Threats in new industries, organizational sizes and technology deployments Healthcare and Education – unexpected targets now at risk Gaming, Hosting and ISP companies – increased likelihood 2014 Change from 2013 4
- 5. Reflective Attacks – the Largest DDoS Headache Attacks evenly split across network and application layers Web-based attacks remain the single most common attack vector – 1 in every 4 are HTTPS Increase reflective attacks cause UDP attacks to increase – From 7% in 2013 to 16% in 2014 Reflective attacks represent 2014’s single largest DDoS “headache” 10% 16% 6% 18% Network 51% TCP- Other UDP IPv6 1% TCP-SYN Flood ICMP 9% 23% 16% Application 49% VoIP 1% Web (HTTP/HTTPS) SMTP DNS
- 6. Complexity of Attacks Continues to Grow Multi-vector attacks target all layers of the infrastructure IPS/IDS “Low & Slow” DoS attacks (e.g.Sockstress) Large volume network flood attacks Syn Floods Network Scan HTTP Floods SSL Floods App Misuse Brute Force Cloud DDoS protection DoS protection Behavioral analysis IPS WAF SSL protection Internet Pipe Firewall Load Balancer/ADC Server Under Attack SQL Server 6
- 7. The Need: High Performance with Comprehensive Protection Protection from both sophisticated and volumetric attacks. Carriers and cloud providers - Need to support a growing number of customers with increased complexity and capacity. - Require high end devices that can handle growth and scale (mitigation, bandwidth, complexity and number of served customers). Current competitor offerings today require to chose between high performance and attack mitigation coverage/quality 7
- 9. Radware’s New Attack Mitigation Platform Widest range of protections at high mitigation capacity, including UDP reflection attacks, fragmented and out-of-stack floods Up to 300Gbps throughput inspection while allowing customers to enjoy the widest range of simultaneous cyber-attack protection in the industry 230M PPS anti-DDoS along with best-in-class DNS, SIP, SMTP, HTTPS, and other application protections Commercial grade out-of-the-box compliance and customer tenancy managing over 1,000 policies in a secure Role-Based Access control format First dedicated attack mitigation platform to offer 100G interfaces No compromise: High performance + High mitigation capacity + Widest protection 9
- 10. DefensePro x4420 - Technical Highlights Total throughput up to 300G - Legit traffic throughput up to 160G - BW license 50G/100G/160G High port density (with any port type support) - 4x100G (QSFP28) - 4 x 40GbE (QSFP+) - 20 x 1/10GbE (SFP+) New ‘Performance’ mode - up to 230M Attack PPS (supports SYN protection, packet anomaly, BL/WL) Up to 1,000 active policies Space conservative - only 2U of rack space DefensePro x4420
- 11. DefensePro Layers of Defense Behavioral-based protections DME DDoS Mitigation Engine (230M PPS) L7 Regex Acceleration ASIC Multi Purpose Multi Cores CPU’s & Reputation Engine Hardware Architecture – Tailored for Attack Mitigation 11
- 12. Multi Tenancies Support Separate processing capabilities per tenant Role based access control for management permissions per policy Each tenant can view and monitor only the resources that are relevant for them Personalized, per tenant, historical reporting, dashboards and event management 12
- 13. DefensePro x4420 - Summary Highest rate mitigation with widest coverage - up to 230M PPS Any port connectivity - including 100G ports Designed for multi tenancy (MSSP/Carriers/Cloud) - Up to 1000 policies New scalable SW Architecture Compact form factor – 2U only
- 15. Technical Specs
- 16. DefensePro x4420 Technical Specification Features DefensePro x4420 DefensePro Model DP model 504420 – 50 Gbps DP model 1004420 – 100 Gbps DP model 1604420 – 160 Gbps Network Location Core Network Hardware Platform OnDemand Switch HT Performance Capacity 300 Gbps Max Legit Throughput 160 Gbps Max Concurrent Sessions 25,000,000 Maximum DDoS Flood Attack Prevention Rate 230,000,000 packets per second Latency 60 micro seconds Real time signatures Detect and protect attacks in less than 18 seconds Physical Ports Traffic Ports 4x 100 GbE QSFP28 4 x 40 GbE QSFP+ 20 x 10GbE SFP+ Management Ports 2 * 1 Gbe Copper, out of band RS-232 RJ-45 Serial Connection 16
- 17. DefensePro x4420 Technical Specification – Cont. Features DefensePro x4420 Operation Mode Network Operation Transparent L2 Forwarding, IP Forwarding Deployment Modes In-line; SPAN Port Monitoring; local out-of-path; Out-of-path mitigation (scrubbing center solution) Tunneling protocols support VLAN Tagging, L2TP, MPLS, GRE, GTP, IPinIP IPv6 Full IPv6 support for detection and mitigation Policy Action Block & Report, Report Only Block Actions Drop packet, reset (source, destination, both), suspend (source, src port, destination, dest port or any combination), Challenge-Response for TCP, HTTP and DNS suspicious traffic High Availability Dual Power Supply Yes Advanced internal overload mechanism Yes High Availability deployment - Active-Passive Yes 17
- 18. DefensePro x4420 Technical Specification – Cont. Features DefensePro x4420 Physical Dimensions (W x D x H) mm 2U: 424x600x88 mm EIA Rack or Standalone: 482 mm (19 in) Weight (kg, lb) 18.7Kg Power Supply Auto-range supply: AC: 100-240 V, 47-63 Hz DC: -36~-72 V Dual power supply (AC/DC) Power Consumption 890W Heat Dissipation (BTU/h) 2930 BTU/hr Operating Temperature 0-40°C (32-104°F) Humidity (non-condensing) Humidity: 5% to 95% non-condensing Certifications Safety: CE LVD( EN 60950-1), CB - IEC 60950-1, CCC, cTUVus, C-Tick EMC: CE EMC (EU directive 2004/108/EC), FCC Part 15B Class A, ICES-003, VCCI RoHS Compliant (EU directive 2011/65/EC) 18
Notas do Editor
- Cyber-attacks have reached a tipping point in terms of quantity, length, complexity and targets. Extra-large attacks are seen on a daily basis—and these attacks are targeting all types of organizations. In 2014, one in seven attacks was larger than 10G. And we've seen attacks in the 100Gbps+ size range. Attacks are evolving to become longer, larger and more sophisticated. Beyond just the growth in high-volume attacks, we are seeing constant attacks on the rise. In Radware's 2014-2015 report on the threat landscape, almost 20% of respondents report that they were continuously under attacks in 2014.
- Threats have expanded to a broader range of industries, organizational sizes and technology deployments.
- Continuing a four-year trend, cyber-attacks were again split evenly between the network and application levels. That’s because attackers’ “interest” lies in multi-sector blended attacks. Web attacks remain the single most common attack vector; for every four web-based attacks, three target HTTP and one is an HTTPS attack. Reflective attacks started heating up in 2013 and remained a persistent threat throughout 2014. While most of 2013’s reflected attacks targeted DNS, we saw more UDP based (NTP, CHARGEN) reflective attacks in 2014. Which is why we see UDP attacks in general increased from 7% in 2013 to 16% in 2014. What makes reflective attacks effective is the ease with which they can be generated— and the impact they can have on a network. Reflected attacks make it comparatively easy not only to generate an extra-large attack but also to sustain it for an extended period.
- Attackers are deploying multi-vulnerability attack campaigns by increasing the number of attack VECTORS they launch in parallel. To target your blind spot, different attack vectors target different layers of the network and data center, for example Net DDoS, App DDoS, Low & slow, SSL attacks and Web attacks. Even If only one vector will go undetected then the attack is successful and the result is highly destructive To effectively mitigate all type of DoS/DDoS attacks you need to go beyond protection at the network layer and implement a solution that gives you protection from the wide range of attacks types across all layers of the infrastructure. DoS protection to detect and mitigate all type of network DDoS attacks Behavioral Analysis to protect against application DDoS and misuse attacks. Behavioral-based real-time signatures and challenge-response mechanism can block the attack traffic accurately without blocking legitimate user traffic. IPS to block known attack tools and the low and slow attacks SSL protection to protect against encrypted flood attacks WAF, web application firewall, to prevent web application vulnerability exploitations
- Organizations need comprehensive protection and high performance to protect from both sophisticated and volumetric attacks. Carriers and cloud providers today Need to support a growing number of customers with increased complexity and capacity. Require high end devices that can handle all the scale items (mitigation, bandwidth, complexity and number of served customers). Current competitor offerings today require to chose between high performance and attack mitigation coverage/quality A10 (Thunder 6630 ADC or 6435 TPS) – relatively strong performance but limited attack coverage (only SYN floods on the ADC device, no behavioral on the TPS) F5 (BIG-IP 10250) – high/medium performance (80Gbps, 850M CPS) with limited attack coverage (L3 only) Arbor (Peakflow TMS) – good attack coverage but limited performance (40 Gbps, 40 Mpps + 10G ports)
- The industry's most advanced and highest performance attack mitigation platform. You no longer have to choose between performance and quality of protection. Attack mitigation platform that goes beyond just SYN flood protection to offer a wide range of protections at high mitigation capacity, including UDP reflection attacks, fragmented and out-of-stack floods. Industry leading defense breadth: Up to 300Gbps throughput inspection while allowing customers to enjoy the widest range of simultaneous cyber-attack protection in the industry. Industry leading defense depth: 230M PPS anti-DDoS along with best-in-class DNS, SIP, SMTP, HTTPS, and other application protections. Commercial grade out-of-the-box compliance and customer tenancy managing over 1,000 policies in a secure Role-Based Access control format. First dedicated attack mitigation platform to offer 100G interfaces – providing best in class attack detection and mitigation in the most demanding operational environments.