Professional Documents
Culture Documents
Ddos - Am I A Target?: Kalle Bjorn Director, Systems Engineering - Middle East
Ddos - Am I A Target?: Kalle Bjorn Director, Systems Engineering - Middle East
Kalle Bjorn
Director, Systems Engineering – Middle East
9/14/21
1
FORTINET HIGHLIGHTS
2
FORTINET PRODUCT PORTFOLIO
3
IN THE PRESS…
4
… MORE R E C E N T LY …
5
… AND EVEN MORE R E C E N T LY
6
INTRODUCTION TO DoS/DDoS ATTACKS
Handlers
Agents
Victim(s)
Critical IT
Services
7
DDoS VOLUMETRIC ATTACK TRENDS
Centralized execution,
decentralized chaos
Spoofed attacks
Fewer machines, limited power
Non-spoofed bot clients
More machines, more power
Bot servers
More power and bandwidth,
socially engineered, more with less
8
FIZZY-ISAC CALLS FOR L AY E R E D DEFENSES
“…traditional measures
are ineffective against
today’s DDoS attacks.”
Financial Services Information Sharing and Analysis Center (FS-ISAC)
9
VOLUME AND MOTIVATION
10
COST AND MITIGATION
How much?
More than half say <10K/hr
More than 10% say >100K/hr
80% in financial services say >10K/hr
Current mitigation
Most use
firewalls/IDS/IPS/Routers/Switches
Reasonable % have no protection
Less than 5% have dedicated hardware
11
DDoS AND MARKET TRENDS
12
THE EVOLUTION OF DDoS MITIGATION
New defenses
Historically Next Generation
Large attack focus Behavioral and heuristic learning
Vulnerable to attack Detecting small targeted attacks
Limited mitigation Hardware assisted solutions
Spoofed Automatic mitigation
Slow response Removal of threat to service
Human intervention
13
DIFFERENTIATED SERVICES ARE CRITICAL
14
WHY IMPLEMENT DoS/DDoS PROTECTION TO D AY ?
15
WHY IMPLEMENT DoS/DDoS PROTECTION TO D AY ?
HOW EASY IS IT TO
ATTACK?
16
DDoS THREAT TRENDS NOW: 2012 Q4
Q4 2012
17
Prolexic_Quarterly_Global_DDoS_Attack_Report_Q412
DoS/DDoS PROTECTION: THE MITIGATION GAP
• PREVELANCE?
• 300+ reported having been DDoS attacked.
• BIGGEST FEAR?
• Customer service (51%)
• Negative brand impact (25%)
• Revenue loss (19%)
• TYPE OF DDoS PROTECTION USED?
• ATTACK DURATION? • Firewalls/Routers/Switches(56%)
• More than 24hours (35%) • None (25%)
• More than 1 week! (11%) • IDS/IPS(11%)
• Other (3%)
• DDoS Mitigation Hardware (5%) !!
18
WHERE IS THE DDoS SILVER BULLET SOLUTION?
Enterprise
ISP IT Services
19
WHERE IS THE DDoS SILVER BULLET SOLUTION?
Scrubbing
Solution
Enterprise
ISP IT Services
Option A - ISP
20
WHERE IS THE DDoS SILVER BULLET SOLUTION?
Enterprise
ISP IT Services
Option B - Cloud
21
WHERE IS THE DDoS SILVER BULLET SOLUTION?
ISP IT Services
Option C - Dedicated
22
EXISTING SOLUTIONS ARE BROKEN
Service-based
High and generally unpredictable costs
Slower and inflexible
Customer lacks control Frost & Sullivan 2011
Traditional firewall/IPS
Ineffective against sophisticated attacks
Problems scaling to high-volume attacks
Complex IDC 2011
23
EXISTING SOLUTIONS ARE BROKEN
24
INTRODUCING FORTIDDOS
ISP 2
Legitimate Traffic
Malicious Traffic
25
DETECTION AND MITIGATION
Virtual Partitioning
How it works
Geo-Location ACL
Bogon Filtering
Protocol Anomaly
Detection is performed in hardware Prevention
Legitimate Traffic
Attack Traffic
Packet Flood
Mitigation
Stateful Inspection
Out of State Filtering
Algorithmic Filtering
Heuristic Filtering
26
SERVICE PROTECTION PROFILES
Flexible protection
Global triggers
Flexible service
definitions
Hardware-based
monitoring and
mitigation
27
FORTIDDoS-100A / PROVIDES 2 Gbps PROTECTION
Power Single AC
Protection 2 Gbps
28
FORTIDDoS-200A / PROVIDES 4 Gbps PROTECTION
29
FORTIDDoS-300A / PROVIDES 6 Gbps PROTECTION
30
FORTIDDoS: 5 KEY FEATURES AND BENEFITS
Feature Benefit
FortiASIC accelerated • Custom designed high-speed ASIC processors block
A
detection & mitigation attacks before they can affect network availability
• Achieves more accurate threat detection through
Automatic traffic
B multi-layer profiling
pattern learning
• Modeling requires almost no end user intervention
• In multi-tenant or virtual environments, prevents
attack on one customer from affecting another
C Virtual Partitions
• Provides flexible deployment options and optimal
TCO for service providers and cloud environments
Rapid & Resilient • No network topology or configuration changes
D
deployment needed, integrates into existing network architecture
• Significantly reduces false positives
Microfine enforcement
• Automatically builds a complex and detailed
E of network traffic on
legitimate traffic model
layers 2, 3, 4 and 7
• Facilitates detection of sophisticated attacks
31
31
A. POWERED BY FORTIASIC TRAFFIC PROCESSOR
32
A. POWERED BY FORTIASIC TRAFFIC PROCESSOR
33
FORTIDDoS: 5 KEY FEATURES AND BENEFITS
Feature Benefit
FortiASIC accelerated • Custom designed high-speed ASIC processors block
A
detection & mitigation attacks before they can affect network availability
• Achieves more accurate threat detection through
Automatic traffic
B multi-layer profiling
pattern learning
• Modeling requires almost no end user intervention
• In multi-tenant or virtual environments, prevents
attack on one customer from affecting another
C Virtual Partitions
• Provides flexible deployment options and optimal
TCO for service providers and cloud environments
Rapid & Resilient • No network topology or configuration changes
D
deployment needed, integrates into existing network architecture
• Significantly reduces false positives
Microfine enforcement
• Automatically builds a complex and detailed
E of network traffic on
legitimate traffic model
layers 2, 3, 4 and 7
• Facilitates detection of sophisticated attacks
34
34
B. TRAFFIC LEARNING: BASELINE BUILDING
Links from
ISP(s)
Firewall
FortiGate
Hosting
Center
35
FORTIDDoS: 5 KEY FEATURES AND BENEFITS
Feature Benefit
FortiASIC accelerated • Custom designed high-speed ASIC processors block
A
detection & mitigation attacks before they can affect network availability
• Achieves more accurate threat detection through
Automatic traffic
B multi-layer profiling
pattern learning
• Modeling requires almost no end user intervention
• In multi-tenant or virtual environments, prevents
attack on one customer from affecting another
C Virtual Partitions
• Provides flexible deployment options and optimal
TCO for service providers and cloud environments
Rapid & Resilient • No network topology or configuration changes
D
deployment needed, integrates into existing network architecture
• Significantly reduces false positives
Microfine enforcement
• Automatically builds a complex and detailed
E of network traffic on
legitimate traffic model
layers 2, 3, 4 and 7
• Facilitates detection of sophisticated attacks
36
36
C. VIRTUAL PARTITIONS
Links from
• Uniquely enables up to 8 segmented zones ISP(s)
37
FORTIDDoS: 5 KEY FEATURES AND BENEFITS
Feature Benefit
FortiASIC accelerated • Custom designed high-speed ASIC processors block
A
detection & mitigation attacks before they can affect network availability
• Achieves more accurate threat detection through
Automatic traffic
B multi-layer profiling
pattern learning
• Modeling requires almost no end user intervention
• In multi-tenant or virtual environments, prevents
attack on one customer from affecting another
C Virtual Partitions
• Provides flexible deployment options and optimal
TCO for service providers and cloud environments
Rapid & Resilient • No network topology or configuration changes
D
deployment needed, integrates into existing network architecture
• Significantly reduces false positives
Microfine enforcement
• Automatically builds a complex and detailed
E of network traffic on
legitimate traffic model
layers 2, 3, 4 and 7
• Facilitates detection of sophisticated attacks
38
38
D. RESILIENT DELPOYMENT WITH MULTIPLE
ISP LINKS
39
FORTIDDoS: 5 KEY FEATURES AND BENEFITS
Feature Benefit
FortiASIC accelerated • Custom designed high-speed ASIC processors block
A
detection & mitigation attacks before they can affect network availability
• Achieves more accurate threat detection through
Automatic traffic
B multi-layer profiling
pattern learning
• Modeling requires almost no end user intervention
• In multi-tenant or virtual environments, prevents
attack on one customer from affecting another
C Virtual Partitions
• Provides flexible deployment options and optimal
TCO for service providers and cloud environments
Rapid & Resilient • No network topology or configuration changes
D
deployment needed, integrates into existing network architecture
• Significantly reduces false positives
Microfine enforcement
• Automatically builds a complex and detailed
E of network traffic on
legitimate traffic model
layers 3, 4 and 7
• Facilitates detection of sophisticated attacks
40
40
E. MICROFINE ENFORCEMENT OF MULTIPLE
N E T W OR K LAY E R S
41
RECENT CUSTOMER FEEDBACK
42
BASELINE BUILDING
Links from
ISPs
FortiDDOS is typically protecting
the customer links
FortiGate
Hosting
Center
43
BYPASS OPTIONS
LAN
Corporate
Headquarters
FortiDDoS
FortiGate
FortiBridge
44
SERVICE PROFILES
Wealth
Management
Access Online
Layer Banking
Distribution
Layer
Loans and
Mortgages
FortiDDoS
45
DEPLOYMENT SCENARIOS
46
FORENSICS OF AN ATTACK OVER A MONTH
47
MORE COMMON ATTACK CHARACTERISTICS
48
AGGREGATE DROPPED TRAFFIC
49
PACKETS DROPPED AT L AY E R 3
50
PACKETS DROPPED AT L AY E R 4
51
PACKETS DROPPED AT L AY E R 7
52
CAN YOU AFFORD NOT TO PROTECT IT
S E RV I C E S - TA K E AWAY S
53
Thank you
Kalle Bjorn
Email: kbjorn@fortinet.com
9/14/21
54