Radware攻擊緩解方案介紹

1、Attack Mitigation Solution攻擊緩解方案介紹威脅變化攻擊者動機在轉變勒索動機增加勒索動機 超過 50% 增長 大部分的攻擊動機未明1/3 攻擊動機是政治、黑客主意大約1/4動機是競爭者、勒索或暴怒的用戶3Q: Which of the following motives are behind any cyber-attacks your organization experienced?攻擊目標你我無一幸免教育及數(shù)據(jù)中心攻擊增加大部分的目標群體維持不變教育及數(shù)據(jù)中心 相對增加要求DDoS學校的請求數(shù)量增加攻擊數(shù)據(jù)中心的目標不一有些鎖定數(shù)據(jù)中心的客戶有些鎖定數(shù)據(jù)中心自身2

2、015Change from 20144DoS攻擊更加自動化、持續(xù)化突波攻擊增加目標遭受攻擊的前三大事件其攻擊時間持續(xù)不超過1個小時的受訪者超過50%相較于2014的 27% 有顯著的增長這是攻擊朝自動化演變的一個特性5Q: What are the three biggest cyber-attacks you have suffered: Duration?Network AttacksApplication Attacks網(wǎng)絡型攻擊與應用型攻擊比例趨近6experienced Network attacks daily, weekly or monthly38-42%experience

3、d Application attacks daily, weekly or monthly38-52%Internet 管道 #1 故障點Internet pipe is the bottleneck of DDoS attacksIPS/IDSInternet PipeFirewallLoad Balancer/ADCServer Under AttackSQL Server7INTERNET PIPE(Saturation)36%FIREWALL21%IPS/IDS10%ALANCERLOADB(ADC)3%THE SERVERUNDERATTACK28%SQLSERVER2%“Low

4、& Slow” 低速慢速DoS 攻擊 (e.g.Slowloris)攻擊復雜度持續(xù)在增長多種攻擊手段鎖定基礎架構的所有層面進行打擊IPS/IDS巨量網(wǎng)絡泛洪攻擊Syn Floods網(wǎng)絡掃描HTTP 洪水攻擊SSL 加密洪水攻擊App Misuse暴力猜解On-Demand Cloud DDoSDoS protectionBehavioral analysisIPSWAFSSL protectionInternet PipeFirewallLoad Balancer/ADCServer Under AttackSQL Server8XSS, CSRFSQL 注入需要采用混合防護模式On-Dema

5、nd Cloud DDoSSSL protectionDoS protectionBehavioral analysisIPSWAF單靠云端DDoS 防護無法提供完整防護Radware 提供全套 混合 防護模式云端按需防護持續(xù)防護本地端提供DDoS 及多種攻擊持續(xù)防護 云端提供DDoS攻擊按需防護9本地端混合防護模式該如何做才正確有效本地端必須同步防御動作 才不會各說各話所有安全防護設備通過Defense Messaging防護信令溝通得到更準確的偵測與防護，對應用服務干擾 最小Defense Messaging 防護信令11云端Defense MessagingOn-PremiseDoS p

6、rotectionBehavioral analysisIPSWAFSSL protection多層防護方案只有多層防護方案才能同時對多種攻擊手段威脅提供全面防護避免服務受阻、減少服務干擾12In-the-CloudOn-Demand Cloud DDoS多層防護方案13DoS protectionBehavioral analysisIPSWAFSSL protectionOn-Demand Cloud DDoS按需云端DDoS防護保護Internet管道云端防護避免管道擁堵業(yè)界首創(chuàng)混合防護方案只在管道有擁堵危機時觸發(fā)云端與本地端同步防護策略14多個清洗中心全球覆蓋混合模式 DDoS 防護方

7、案云端企業(yè)本地端Radware On-Demand Cloud DDoS15Data CenterDefense Messaging本地端數(shù)據(jù)中心遭受DDoS攻擊攻擊立刻在本地端被偵測并進行防護攻擊內容被同步到Radware的云端清洗中心攻擊流量牽引到云端清洗中心防護清除管道擁堵云端DDoS按需清洗防護方案Radware On-Demand Cloud DDoS16Data Center本地端無偵測及防護設備攻擊流向本地網(wǎng)絡Radware 應急響應小組(ERT) 著手處理攻擊ERT 將攻擊牽引到云端清洗云端企業(yè)本地端多層防護方案17DoS protectionBehavioral analys

8、isIPSWAFSSL protectionOn-Demand Cloud DDoS基于行為 vs. 基于量變 偵測異常To prevent service-level impact of legit trafficBehavior-Based DetectionRadwareRate-Based DetectionNon-Radware實時攻擊特征創(chuàng)建 vs. 人工創(chuàng)建Real-Time Signature GenerationRadware18 SECONDSManual Signature GenerationNon-Radware30 MINUTESManual signature c

9、reation can take up to 30 minutes.Radware Real-Time Signature is generated in up to 18 seconds.1910GbpsCapacityLegitimateTraffic + Attack10GbpsCapacityLegitimateTraffic專屬防護硬件阻擋攻擊Other IPS SolutionsDefensePro10 MillionPPSAttackTraffic1MPPS2MPPS5MPPSDevice handles attack traffic on the expense of legi

10、timate traffic!Attack traffic does not impact legitimate trafficNon-RadwareRadware20超越 傳統(tǒng)原始基于Source IP 攔阻Smart traffic blocking based on Real-Time Signature incorporating multiple parameters comparing to primitive source IP address blockingNon-RadwareSource IP Address OnlyX.X.X.XRadwareSignature wit

11、h multiple parameters21多層防護方案22DoS protectionBehavioral analysisIPSSSL protectionWAFOn-Demand Cloud DDoS緩解 SSL 攻擊威脅Security CoverageFull coverage - detects all types of SSL encrypted attacksSSL Negotiation FloodsHTTPS FloodsEncrypted Web AttacksDeployment FlexibilitySymmetric / Ingress only deployme

12、ntStateless solution - non-vulnerable mitigation architecture Minimum LatencyNo attack - No added latencyUnder attack 1st session per client onlyCertificate ControlOn-premise No requirement to export certificatesWAF多層防護方案24DoS protectionBehavioral analysisIPSSSL protectionOn-Demand Cloud DDoS無可匹敵的We

13、b應用防護全面防護OWASP Top-10主要攻擊威脅靈活部署可在本地透明串接、旁路 或于云端部署使用 自動策略生成縮短防護時間獨特非基于IP地址的設備指紋識別技術增強攻擊肉雞識別與攻擊防護Web 攻擊防護 旁路部署模式26Data CenterDefense MessagingRadware的WAF可以使用旁路部署于鏡像端口Radware的WAF 偵測到web應用攻擊Radware的WAF 使用信令將攻擊信息同步到前端邊界攻擊緩解設備Radware的攻擊緩解設備將攻擊阻擋于邊界攻擊者發(fā)起web應用攻擊無時延. 無干擾. 無風險云端企業(yè)本地端在云端保護應用企業(yè)云遷移Internet企業(yè)本地端公

14、有云服務Data CenterEnterprises expand application resources to the cloudMulti-vector attacks target enterprise applications everywhereOn-premises mitigation tools alone are ineffective against cloud-based attacks28使用 通過 ICSA Labs 認證的Radware WAF產(chǎn)品自動策略生成 應對零日攻擊完全托管安全服務 24x7無憂簡單彈性靈活部署整合本地端及云端 WAF 防護 常時行為分析

15、DDoS 防護Radware Cloud WAF 服務無可匹敵 Web 安全防護29Radware Cloud WAFRadware Cloud WAFWeb-based attack is launched and detected by Radwares Cloud WAFAttack is mitigated and clean traffic is relayed to the customers cloud and premise在云端防護應用攻擊私有云應用企業(yè)本地端Data Center30云端確保服務水平的全面服務隨時隨地 適合任何業(yè)務的靈活模型云端服務運維托管服務自用32應急響

16、應小組 (ERT)對抗全球重大攻擊事件保障客戶服務質量Emergency Response Team (ERT) - 24x7 安全專家團隊專注于快速響應攻擊緩解33“Weve been fortunate to be able to work with the ERT to help us deploy custom signatures that are very specific, reactive approaches to a customized attack, which has been a fantastic thing.”Ron Winward, Director of N

17、etwork Engineering, ServerCentral ERT Premium 尊享服務Radware 安全專家團隊 為您提供全面的監(jiān)控與管理服務24/7 DDoS 防護服務在線管理頁面與報表本地 CPE防護設備管理定期安全咨詢34全球保障35Radware Cloud WAF POPsRadware Scrubbing CentersComing soon集中管理與報告實時監(jiān)控提供豐富日志報告內容安全事件處理流程管理 用戶訪問分權管理36總結防護方案摘要安全覆蓋防護方案防護生效時間混合云防護模式 加上 WAF 及 SSL 攻擊緩解Full DDoS, encrypted atta

18、cks & Web attacks38Radware Cloud WAFFull DDoS & Web attacks服務選擇Fully managed with ERT PremiumCloud ServiceERT Premium optionBestReal-time, secondsBestReal-time, seconds云端DDoS按需清洗防護 Full DDoSCloud ServiceNo ERT Premium optionLimitedNo real-time detectionRadwares 安全方案組成元素39Centralized Management & ReportingAPSolute VisionWeb Applicati