Corero Network Security First Line of Defense Introduction © 2014 Corero www.corero.com DDoS attacks making headlines © 2014 Corero www.corero.com DDoS Attacks, 2013-2014 Total Attack Bandwidth Gbps Data shown represents the top ~2% of reported attacks DEC 31 2013 AUG 9 2013 400 MAR 29 2014 MAJOR HOSTING SITES 300 200 100 JUN 1 JUL 1 JUNE 21 2013 AUG 1 SEP 1 OCT 1 NOV 1 DEC 1 JAN 1 2014 FEB 1 MAR 1 APR 1 MAR 17 2014 DEC 4 2013 MAY 1 JUN 1 JUNE 23 2014 HONG KONG VOTING SITES €700K 86 20% €8K minutesof is per data an average per minute center incident is of downtime the data isaverage the center downtime is caused costaverage of this due by adowntime to cost DDoS DDoS ofattack a DDoS outage attacks 3 © 2014 Corero JUL 1 www.corero.com Source: Network Computing/Ponemon Institute Source: Digital Attack Map - DDoS attacks around the globe Businesses need protection from the Internet With a first line of defense that: 4 PREVENTS ASSURES PROVIDES EXTENDS network/service outages by blocking attacks in real time customers can access online services insight into attacks and evolving threats the effective life of your existing security investments © 2014 Corero www.corero.com Solution - Corero’s First Line of Defense Corero protects your IT infrastructure by removing broad based attacks DDoS Attacks Undesired Users & Services Attackers X X IPS Customer Traffic Router SLB X X Good Users WAF AETs & Protocol Abuse Server Side Exploits First Line of Defense 5 © 2013 Corero Efficient Firewalls www.corero.com Effective IT Infrastructure High Performing Applications The hybrid approach Attack Detection to Prevention Process Cloud Service Pricing $$$$ Good Users Attackers Time to Reroute Always on Good Traffic Attack Traffic N On-Premises Defenses L3-L7 30 Mins. Redirection Method $$$ Good Traffic Attack Traffic Good Traffic Attack Type 20Mins. Attack Leakage Size of Attack $$ Base Service Protected Critical Infrastructure Service Provider Defenses L3-L4 © 2014 Corero www.corero.com 10 Mins. $ Attack Begins Attack Detected Rerouted to Scrubbing Center What categories do I need to defend against? ATTACKS & TECHNIQUES Network Level DDoS Reflective Amplified DDoS Fragmented Packet DDoS Application Layer DDoS Specially Crafted Packet SYN, TCP, UDP, ICMP Floods DNS, NTP, SNMP, QOTD Floods Overlapping, Missing, Too Many Low and Slow, App Scripts Stack, Protocol, Buffer THREAT LANDSCAPE 7 © 2014 Corero www.corero.com Corero First Line of Defense ATTACKS & TECHNIQUES Network Level DDoS Reflective Amplified DDoS Fragmented Packet DDoS Application Layer DDoS Specially Crafted Packet SYN, TCP, UDP, ICMP Floods DNS, NTP, SNMP, QOTD Floods Overlapping, Missing, Too Many Low and Slow, App Scripts Stack, Protocol, Buffer THREAT LANDSCAPE CORERO FIRST LINE OF DEFENSE Traditional Border Infrastructure Critical Network Services Other Security Technologies Online Business Integrity Total System Failures Investment Productivity Public Image Lines of Business Escalating Costs PROTECTION 8 © 2014 Corero www.corero.com Existing security layers can’t handle the onslaught Corero’s attack observations: Bandwidth Saturation Connection Saturation Spoofed Connections Reflections/Amplifications Fragments Partial Saturation © 2014 Corero www.corero.com Real concerns with partial saturation attacks They’re beyond small attacks exhausting a particular resource Worse than traditional attacks targeting infrastructure Designed to consume time, attention, resources, and storage Attacks are a diversion for much larger threats Enable persistent backdoors, planting malware, data exfiltration Expect password-guessing attacks on SSH, HTTPS, FTP, and others © 2014 Corero www.corero.com Corero First Line of Defense Product Family SmartWall® Threat Defense System (TDS) The Corero First Line of Defense Solution Includes: Enterprises & Service/Hosting Providers On Premises or Cloud deployments Protection in modular increments of 110 Gbps In-line or scrubbing topologies The Corero SmartWall TDS Tech support, software maintenance, threat updates SecureWatch server for 24x7 monitoring by Corero SOC Monitoring of system faults and security events Automatic support case creation for incident escalations Alerting/notification to customer within 1 business day Access to SecureWatch Analytics dashboards Available Services (additional): KEY COMPONENTS 11 ADVANCED DDOS&CYBERTHREAT TECHNOLOGY NEW GENERATION ARCHITECTURE © 2014 Corero www.corero.com SecureWatch PLUS Advance Hardware Replacement COMPREHENSIVE ATTACK VISIBILITY & NETWORK FORENSICS SmartWall TDS – Power in a Small Package Scalable Deployment Increments of 10 Gbps, 30M PPS ¼ rack width 12 © 2014 Corero www.corero.com Next Gen - First Line of Defense Modular Security Appliances (each 4 x 10Gb ports) • Network Threat Defense (DDoS) • Network Forensics (PCAP) • Network Bypass (ZPB, TAP) Corero Management Server • Single Management View 1RU Rack Width 13 © 2014 Corero www.corero.com Connection: Bypass-Forensics-Threat Defense Corero Management Server Data Center 10 Gbps SNMP Syslog SmartWall Mgmt VLAN Packet Flow (10 Gbps) CLI Web UI REST API Packet Capture Storage 10 Gig (iSCSI) 1 RU Network Bypass Appliance 10 Gbps Service Providers (Internet) Packet Flow (10 Gbps) Packet Flow (10 Gbps) Network Forensics Appliance Threat Defense Appliance Legend Internal side packet flow External side packet flow Example 10G HA Deployment with Bypass Server SERVICE PROVIDER • Central Management Packet Flow (10 Gbps) NB 10 Gbps NTD 10 Gbps NB 10 Gbps 10 Gbps Peers (Internet) Packet Flow (10 Gbps) Packet Flow (10 Gbps) NTD • Splunk Analytics/ Reporting Packet Flow (10 Gbps) Legend Internal side packet flow OSPF or 802.1d (layer 2) External side packet flow NB = Network Bypass NTD = Network Threat Defense HOSTING PROVIDERS & DATA CENTERS 19 © 2014 Corero www.corero.com SmartWall – Solution Architecture Real-time Alerting, Historical Reporting, Behavioral Analysis ANALYTICS AND REPORTING ENGINE AUTOMATION AND PROVISIONING SYSTEM Automated Provisioning Event and Alert Reporting Web User Interface REST API - CLI Syslog - SNMP Browser Unified Corero CMS Corero CMS Management Threat Defense Appliance DO-NO-HARM DETECTION AND PROTECTION n x 1/10G 1G/ 10G 16 © 2014 Corero N www.corero.com 1G/10G TECHNOLOGY PARTNERS Advanced DDoS/Cyber Threat Protection Next Generation Architecture 17 Comprehensive Visibility © 2014 Corero www.corero.com Next Generation Architecture Industry Leading DDoS Protection and Performance DO-NO-HARM PROTECTION 18 MODULAR AND SCALABLE PURPOSE-BUILT MULTI-CORE PLATFORM © 2014 Corero www.corero.com AUTOMATED PROVISIONING NFV/SDN AND CLOUD READY Advanced DDoS/Cyber Threat Protection FLEXIBLE POLICY CONTROLS PRECISE ENFORCEMENT INFRASTRUCTURE PROTECTION Inspect / Analyze / Respond / Mitigate Multiple Protection Groups IP Reputation /Whitelists / Blacklists Configurable Rate Limits Do No Harm Philosophy Volumetric DDoS attack mitigation Reflective / Amplification DDoS attack mitigation Application Layer DDoS attack mitigation Protect firewalls, IPSs, routers, switches, servers Bandwidth Optimization Service Availability /Optimization 19 © 2014 Corero www.corero.com Comprehensive Visibility REAL-TIME SECURITY EVENT VISUALIZATION 20 ADVANCED SYSLOG EVENT DATA BUILT-IN REPORTS & CUSTOM QUERY CAPABILITIES © 2014 Corero www.corero.com ARCHIVED EVENT & PACKET CAPTURE ANALYTICS, REPORTING AND FORENSICS Comprehensive Visibility and Analytics using the Corero SmartWall Corero First Line of Defense® Security Events Threat Intelligence System Health Data Forensics Data VALUABLE RAW DATA Powerful Analytics Engine Virtual SOC Portal 10:00 PM ACTIONABLE SECURITY ANALYTICS & VISUALIZATION Real-time Dashboards Historical Reporting Behavioral Analysis Powered by 21 © 2014 Corero www.corero.com Forensic Analysis Network Statistics Network & Security Level Visibility Provide complete traffic visibility • • • • Bandwidth Flows & Setups Packets Security Events Monitor all connections • Monitor all requests • Block all unwanted traffic • Allow all good traffic 22 © 2015 Corero www.corero.com Network & Security Level Visibility Provide in-depth security information • • • • Bandwidth Blocked clients Targeted Servers & Ports Log all security policy violations • Record attack traffic – PCAP • Gather attack intelligence INSTANTANEOUS attack VISIBILITY and HISTORICAL view into your environment 23 © 2015 Corero www.corero.com Who is Corero Network Security? HQ 500+ First Line of Defense® Boston, MA, USA Publicly traded CNS:LN Sales through channels EMEA sales office in F, D, CH, UK, Spain active customers across many verticals world-wide E-commerce, Finance, Admin, Hosting, ISP, Insurance, etc. against DDoS attacks and cyber threats Corero products and services PROTECT AND OPTIMIZE your critical infrastructure and online services HOSTING PROVIDERS & DATA CENTERS 24 SERVICE PROVIDERS © 2014 Corero www.corero.com ENTERPRISE First Line of Defense Applications In the Cloud On Premises Service providers, IT hosting and Cloud providers Enterprises – financial services, e-commerce providers, gaming, education DDOS Cloud Service Internet Peering Points DDOS Protection 18 On Premise IPS/APT SLB/ADC SP Hosting © 2014 Corero www.corero.com WAF Protected Critical Infrastructure and Services Integration with the Provider’s Customer Portal Corero Management Server & Splunk Enabled Analytics App DASHBOARD 1 DASHBOARD 2 DASHBOARD 5 DASHBOARD 3 DASHBOARD 4 DASHBOARD Dashboard 6 6 Corero Secure Operations Center CORERO SOC CAN REMOTELY ASSIST THE PROVIDER Provider’s Customer CUSTOMERS CAN VIEW DASHBOARDS OF THEIR OWN DATA Provider PROVIDERS CAN PROVISION AND CUSTOMIZE DASHBOARDS PER CUSTOMER Customer A Customer B Customer C Providers get a single point of provisioning and analytics reporting. Corero’s Analytics Splunk app can integrate with provider’s customer portal for customer accessible reporting. 26 © 2014 Corero www.corero.com OPERATIONAL STRATEGIC First Line of Defense Extensible Platform Actionable Intelligence Modular and scalable architecture makes your DDoS protection investment timeless. And it evolves with industry trends (NFV/SDN) so you can utilize off-the shelf hardware that best fits your needs. Real-time visibility and historical analysis provide actionable intelligence so you can not only stop threats today but also be better prepared for the future. Infrastructure Optimization Operational Uptime Broad protection at all layers protects critical infrastructure & optimizes its performance. Service availability protects business integrity, increases productivity, and reduces costs. TECHNOLOGY 27 BUSINESS © 2014 Corero www.corero.com NEXT STEPS Arrange for a proof of concept Learn more at: www.corero.com Adrian Bisaz VP of Sales EMEA [email protected] +41 79 540 2420 28 © 2014 Corero www.corero.com
© Copyright 2026 Paperzz