Professional Documents
Culture Documents
1.企業網路安全缺口何在 Arbor
1.企業網路安全缺口何在 Arbor
Tony Teo
Regional SE Director – APAC
tteo@arbor.net
Existing Solutions Have Critical Gaps
Mobile
Carriers
CDNs Internal
Apps
Remote
Offices
Employees
SaaS Enterprise
Mobile
Perimeter
WiFi
Cloud
Providers
2
DDoS Challenges
3
Not Optimized for DDoS Protection
Weak in DDoS
Can be DDoSed
Countermeasure
4
Modern DDoS Attacks Are Complex & Diverse
The Broad Impact of DDoS Attacks
DATA CENTER
Attack Traffic
Good Traffic
Mobile
Carriers
CDNs Internal
Apps
Remote
Offices
Peakflow SP/TMS
Pravail
Availability
See and Protection System Never see the
stop the
threat threat already
Service anywhere
Stop
inside enterprise Corporate
Providers Servers
Arbor Cloud the threat
(ATLAS) Cloud
Signaling
Employees
SaaS Enterprise
Mobile
Perimeter
WiFi
Cloud
Providers
6 Threat Dashboard
MAINTAINS LEAD IN OVERALL MARKET AND
HIGH-GROWTH SEGMENTS
In 1Q14 total DDoS prevention appliance revenue, Arbor ranks first with 48.8%; they
maintain a strong leadership position despite having a wide range of challengers.
Key takeaway: Changing technologies and customer requirements leave significant potential for
advancement in the competitive landscape.
Competitive Landscape
Total DDoS Mitigation Market: Global, 2013
Arbor Networks
Fortinet Corero Juniper Radware
Meets Market Demands
Rio Rey
10
Did you know?
Arbor Networks collaborated with Google Ideas to create the Digital Attack
Map (www.digitalattackmap.com), a data visualization that maps global
distributed denial of service (DDoS) attacks.
This Attack Map leverages Arbor’s ATLAS data, allowing users to explore
historical DDoS trends in DDoS attacks, making the connections to
related news on any given day.
11
Global
We see Intelligence.
things others Local
can’t
Protection.
12
DDoS campaigns & Advanced Threats
ASERT
DATA
ISP 1 AIF Reputation Feed
CENTER
ISP
ISP 2
IPS
Load
Balancer
14
Multi-Tier DDoS : The Cloud Signaling
Unite the Enterprise and
Service & Cloud Providers
via Arbor’s Cloud Signaling Subscriber Network Subscriber Network
15
Advanced Threat Challenges
16
What is dwell time?
17
17
Time Lapsed Detecting An Advanced Threat
5. 1.
STEALS/ RECON
ACTS
THREAT
DETECTED
1 92 4. 2.
DAYS
COMMAND GETS IN
OUT
3.
SPREADS
18
APT Operation – Long Term Objective
19
Why Pravail Security Analytics
• .
20
Pravail Security Analytics Operation
Security Report
Security Packet
Intelligent Capture
Big Data
Engine
Data
Looping
21
Pravail Security Analytics Data Looping
Security Report
Security Packet
Intelligent Capture
Big Data
Engine
Data
Looping
22
Pravail Security Analytics for 0 Day Exploit Hunting
Detection capability update but without signature for the Zero Day attack
Detection capability update INCLUDING signature for the Zero Day attack
23
Hunting 0-Day Attack
24
0 Day Vulnerabilities / Attack Challenges
0 Day Vulnerability
Discovered by
Hacker
t=0
25
25
0 Day Vulnerabilities / Attack Challenges
Good guy
UNAWARE of New
0 Day
Vulnerability
t=0
26
26
0 Day Vulnerabilities / Attack Challenges
0 Day Exploit
Launched
t=0 t=3
27
27
0 Day Vulnerabilities / Attack Challenges
t=3 t=5
CnC
28
28
0 Day Vulnerabilities / Exploits Challenges
t=0 t=50
29
29
0 Day Vulnerabilities / Attack Challenges
NO PROTECTION PROTECTED
30
30
Traditional Security Solution for 0 Day Exploit Hunting
t > 50 Correlated
Block Alert
AV Block Alert
Block Alert WAF
SIEM
Block Alert FW
LOGS
Block Alert IPS
PACKET
CAPTURE
32
32
0 Day Vulnerabilities / Attack Challenges
0 Day Exploit
Launched
t=0 t=3
Attack Infection
33
33 Point !!
0 Day Vulnerabilities / Attack Challenges
t=3 t=5
CnC
34
34
Arbor’s Solution Bridges the Gaps
Mobile
Carriers
CDNs Internal
Apps
Remote
Offices
Pravail
Security Analytics
Never see Can’t
the external withstand a
Service threat traffic direct attack Corporate
Providers Detect, Play, Pause & Rewind Servers
the threat / attack lurking
inside the enterprise
Employees
SaaS Enterprise
Mobile
Perimeter
WiFi
Cloud
Providers
Threat Dashboard
Arbor Overview
DDoS Advanced Threats
Arbor Cloud
Cloud Signaling
~100 Tbps Visibility
SP/TMS
Mobile SP ATLAS/ASERT SP/TMS APS APS NSI SA