1 / 29

Arbor Networks Company Overview

Arbor Networks Company Overview. Tomas Sundstrom Millmark Arbor Networks. Agenda. The Business Risks. The Problem. Smart. Secure. Available. Company Overview. The Arbor Solution. Agenda. The Business Risks. The Problem. Smart. Secure. Available. Company Overview. Company Overview.

kasi
Download Presentation

Arbor Networks Company Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Arbor Networks Company Overview Tomas Sundstrom Millmark Arbor Networks

  2. Agenda The Business Risks The Problem Smart. Secure. Available. Company Overview The Arbor Solution

  3. Agenda The Business Risks The Problem Smart. Secure. Available. Company Overview Company Overview The Arbor Solution • About Arbor Networks • Global Customer Base • A Proud History Protecting Networks & Businesses

  4. Who is Arbor Networks? A Trusted & Proven Vendor Securing the World’s Largest and Most Demanding Networks

  5. Agenda The Business Risks The Problem The Problem • DDoS is the #1 Security Threat • What is a DDoS Attack • Why DDoS is a Complex Threat • Why Other Solutions Simply Fail to Stop DDoS Attacks Smart. Secure. Available. Company Overview The Arbor Solution

  6. DDoS Attack? It Will Not Happen to Me… The Ostrich Mentality The attitude to DDoS has been similar in the past, but it has now become the #1 threat to availability& security because of: $2T (3.4% of G12 GDP)* #1. Broader Awareness (High-Profile DDoS Attacks: Anonymous & LulzSec) #2. Greater Risk (Massive Internet Economy) #3. More Attacks (Increased Motivations) “When an ostrich is afraid, it buries its head in the ground, assuming if it can’t see danger, danger cannot see it.” *McKinsey & Co: Internet Matters Report May 2011) *2011 Worldwide Infrastructure Security Report from Arbor Networks

  7. DDoS Attack? It Will Happen to You…

  8. What is a DDoS Attack? During a Distributed Denial of Service (DDoS) attack, compromised hosts or bots coming from distributed sources overwhelm the target with illegitimate traffic so that the servers can not respond to legitimate clients.

  9. Modern DDoS Attacks Are Complex & Diverse The Broad Impact of DDoS Attacks IPS Load Balancer DATA CENTER Attack Traffic Good Traffic Today’s DDoS attacks can cause (1) saturation upstream, (2) state exhaustion, or (3) service outages – many times a single attack can result in all three – and all with the same end result: critical services are no longer available!

  10. Today’s Defenses Are Not Designed for DDoS Existing perimeter security devices focus on integrity and confidentiality but not on availability Firewalls including WAFs help enforce confidentiality or that information and functions can be accessed only by properly authorized parties Intrusion Prevention Systems (IPS) help enforce integrity or that information can be added, altered, or removed only by authorized persons Information Security Triangle DATA CENTER All firewalls and IPS are statefuldevices which are targeted by state-based DoS attacks from botnets! IPS IPS Load Balancer

  11. The Concept of State The main reason this term is so elusive is that it can mean different things in different situations. Basically, state is the condition of being of a given communication session. The definition of this condition of being for a given host or session can differ greatly, depending on the application with which the parties are communicating and the protocols the parties are using for the exchange. Devices that track state most often store the information as a table. This state table holds entries that represent all the communication sessions of which the device is aware. Every entry holds a laundry list of information that uniquely identifies the communication session it represents. Such information might include source and destination IP address information, flags, sequence and acknowledgment numbers, and more. A state table entry is created when a connection is started out through the stateful device. Then, when traffic returns, the device compares the packet’s information to the state table information to determine whether it is part of a currently logged communication session. If the packet is related to a current table entry, it is allowed to pass.This is why the information held in the state table must be as specific and detailed as possible to guarantee that attackers will not be able to construct traffic that will be able to pass the state table test.

  12. Agenda The Business Risks The Business Risks The Problem • The Impact of DDoS to a Business • Why All Firms Must do a DDoS Risk Analysis & Mitigation Plan • Select the Right Tools & processes for the Organization Smart. Secure. Available. Company Overview The Arbor Solution

  13. Impact of DDoS Attacks on the Business Botnets & DDoS attacks cost an average enterprise $6.3M* for a 24-hour outage! * Source: McAfee – Into the Crossfire – January 2010 Source: Ponemon Institute – 2010 State of Web Application Security The impact of loss of service availability goes beyond financials:

  14. DDoS is Availability Risk Planning DDoS is the #1 threat to the availability of services – but it is not part of the risk analysis When measuring the risk to the availability or resiliency of services, where does the risk of DDoS attacks fall on the list? Availability Scorecard

  15. How big do you think a DDoS is?

  16. Ground Truth! Bots and DDoS “It is hard”

  17. This Talk • “Ground-truth” about security is hard… • True in enterprise • But especially so in carrier / national infrastructure • Most infrastructure attacks go unreported • Less than 5 percent surveyed ISPs reported one Network Infrastructure Security Report http://www.arbornetworks.com/report • Significant anecdotal reports / surveys • including Arbor, Cisco, etc. • But no validation • e.g. do providers really know the size of botnets?

  18. All Firms Must Have DDoS Risk Mitigation Plan All enterprises must take control of their DDoS risk mitigation strategy – don’t be an ostrich! A simple cost-benefit analysis reveals the benefits of a proactive strategy – can any enterprise simply afford to not control their response to a DDoS attack?

  19. The Right DDoS Tools for the Organization • Modern DDoS attacks are complex, and only a completeDDoS solution can stop them by protecting all services • Critical services – HTTP, SSL, DNS, Mail, VoIP • Key protocols – TCP/IP, UDP, ICMP • Bandwidth – from upstream providers • Any solution that does not address the complex nature of DDoS or protects only HTTP/S will failin the real world. • Choose the right tools for the enterprise based on threats:

  20. Agenda The Business Risks The Problem Smart. Secure. Available. Company Overview The Arbor Solution The Arbor Solution • Overview of Products & Services • Peakflow SP & TMS • Pravail APS & NSI • ATLAS, ASERT, & Arbor’s Key Technologies

  21. Arbor Products & Services • Enterprises • Security Response • Protection • Visibility • Research • Support • Service Providers Services Products

  22. Right Tools and Processes for the Job!

  23. Visibility • Protection Pravail Products Pravail APS Pravail NSI Models: X-CONT-1, X-COL-8K32/16K, X-COL-AIC, X-VIRTUAL Models: APS-2104, APS-2105, APS-2107, APS-2108 The Pravail Network Security Intelligence (NSI) solution (formally known as Peakflow X) collects and analyzes Flow and raw packet data; performs behavioral anomaly detection; and provides application-level and pervasive security intelligence across the enterprise network. • The Pravail Availability Protection System (APS) provides out-of-box protection for attacks while being immune to state-exhausting attacks; blocks complex application-layer DDoS; supports a dynamic threat from ATLAS to stop botnets; supports inline deployment models; and ability to send cloud signals upstream.

  24. Active Threat Feed (ATF) The ATLAS Initiative The ATLAS initiativeis the world’s most comprehensive Internet monitoring & security intelligence system Services: ATLAS Intelligence Feed (AIF), Active Threat Feed (ATF), Fingerprint Sharing, Global Threat Analysis Portal ATLAS intelligence is seamlesslyintegrated into Arbor’s products and service including real-time services, global threat intelligence, and insight into key Internet trends. ASERT, Arbor’s Security Engineering and Research Team, also leverages ATLAS to provide expert commentary on security trends and to address the significant Internet research questions.

  25. ATLAS – Research & Collaboration Annual Worldwide Infrastructure Security Report Finger Print Sharing Alliance

  26. PREPARATION Prep the network Create tools Test tools Prep procedures Train team Practice IDENTIFICATION POST MORTEM What was done? Can anything be done to prevent it? How can it be less painful in the future? How do you know about the attack? What tools can you use? What’s your process for communication? REACTION What options do you have to remedy? Which option is the best under the circumstances? CLASSIFICATION What kind of attack is it? TRACEBACK Where is the attack coming from? Where and how is it affecting the network? Six Phases of Infrastructure “Availibillity” Infrastructure Security Report

  27. Subscriber Network Subscriber Network Internet Service Provider The Cloud Signaling Coalition Unite the enterprise & service providersvia Arbor’s Cloud Signaling Coalition 1. Service Operating Normally Arbor Peakflow SP / TMS-based DDoS Service 2. Attack Begins & Blocked by Pravail 3. Attack Grows Exceeding Bandwidth 4. Cloud Signal Launched Arbor Pravail APS 5. Customer Fully Protected! Firewall / IPS / WAF Cloud Signaling Status Data Center Network Public Facing Servers

  28. Arbor’s Threat Ecosystem The Arbor ecosystem between service providers & enterprises DCs offers unique insight into emerging and active threats Service Providers Enterprise Data Centers Enterprise data center services are now fully available!

  29. Thank You

More Related