Inteligencia Digital de ataques DDoSOPERACIÓN #Deshaucios contra Partido Popular
Marzo 2013
2
Ayuntamiento de Ledrada
Motivos del ataque
Inicio de la operación de ataque DDoS
3
Ayuntamiento de Ledrada
Publicacion de Anonymous en tweeter sobre el hackeo de la pagina del ayuntamiento de Ledrada: www.aytoledrada.com
4
Ayuntamiento de Ledrada
El resultado
5
Pagina del Partido Popular de Alpedrete
Publicacion de Anonymous en tweeter sobre el hackeo de la pagina del Partido Popular de Alpedrete: http://pp‐alpedrete.com/
6
Pagina del Partido Popular de Alpedrete
Inicio de la operación de ataque DDoS
7
Pagina del Partido Popular de Alpedrete
El resultado
8
Pagina del Partido Popular de Alpedrete
El resultado
9
Pagina del Partido Popular de San Juan de Aznalfarache
Publicacion de Anonymous en tweeter sobre el hackeo de la pagina del Partido Popular de San Juan de Aznalfarache
10
Pagina del Partido Popular de San Juan de Aznalfarache
Inicio de la operación de ataque DDoS
11
Pagina del Partido Popular de San Juan de Aznalfarache
El resultado
12
Arbor Networks: Overview
90%Percentage of world’s Tier 1 service providers who are Arbor customers 115
Number of countries with Arbor products deployed
35Tbps
Amount of global traffic monitored by the ATLAS security intelligence initiative right now!
#1
Arbor market position in Carrier, Enterprise and Mobile DDoS equipment market segments –61% of total market [Infonetics Research Dec 2011]
Number of years Arbor has been delivering innovative security and network visibility technologies & products
13
$16B
2011 GAAP revenues [USD] of Danaher – Arbor’s parent company providing deep financial backing
The Arbor Unique Solution
Global & Enterprise Visibility
Security Intelligence
Availability Protection
A World-Class Research Team (ASERT) Analyzing all the World’s Internet Traffic (ATLAS) to Stop Emerging Advanced Threats
Know Your Network No Matter Where It
Resides
Find the Threat No Matter Where the
Threat Lurks
Protect the Business at All Times
The Solution to Stop Advanced Threats –Built on Global Network Visibility & Security Intelligence
13
Introducing Pravail APS
Stateless Analysis & Filtering Engine
Stateless Analysis & Filtering Engine
Cloud SignalingCloud SignalingATLAS
Intelligence Feed
ATLAS Intelligence
Feed
Arbor’s core Stateless Analysis and Filtering Engine (SAFE) is the technology used by 90% of Tier 1 carriers & ISPs to stop attacks is also immune to all threats against availability.
The Arbor Threat Level Analysis System (ATLAS) provides global visibility into botnets and malware which is then transformed into an intelligence feed for Arbor’s products
Cloud Signaling is a proprietary protocol enabling signaling from the enterprise edge to the ISP cloud for complete protection from all DDoS attacks.
SAFE: Stateless Analysis Filtering Engine
• Proven anti-DDoS protection in enterprise appliance
– Same core engine from Peakflow SP TMS that’s been proven in the world’s most demanding networks
• Protections focused on both Application & Volume attacks
– Packaged for enterprises with out-of-the-box to block most known attacks “tools”
– Protection to block volumetric DDoS attacks up to the link’s max capacity
• Protection designed for specific assets and services
– Trusted default policy templates for:‒ Web servers‒ DNS‒ File Servers‒ Mail Servers‒ VPN‒ VOIP Servers‒ Remote Login‒ Generic Servers
15
16
ATLAS & ASERT: Global security intelligence feeds real-time protection updates for Pravail APS
Active Threat Level Analysis System
Peakflow SP Peakflow X(Pravail NSI)
ISP NetworkDARKNET
ATLAS SENSOR
Peakflow SP Peakflow X
ISP NetworkDARKNET
ATLAS SENSOR
Peakflow SP Peakflow XPravail NSI
ISP NetworkDARKNET
ATLAS SENSOR
ATLAS DATA CENTER
ATLAS ANALYSIS SYSTEMS
ATLAS sensors are deployed in global internet darknet space to discover and classify attack activity
The information is sent to an ATLAS central repository where it is combined with Arbor Peakflow, third‐party, and vulnerability data
ASERT analyzes combined data and converts into actionable intelligence which is posted on the ATLAS public portal and provides security content updates to Pravail solutions
11
33
22
ATLAS Intelligence Feed (AIF)
• Continuously updated feed of botnet DDoS threats to availability
• Layer 7 fingerprints focused on inbound threats– Includes ASERT threat level and confidence
assessment
• ASERT tracking 100s individual botnets in the wild and across the globe enabled by ATLAS
Leverages the global intelligence in Arbor’s ATLAS to stop emerging DDoS
and botnet attacks
17
18
Pravail APS: Scalability for every network
• Software upgrades– Upgrades available with each platform series– Ex: upgrade from 2002 to 2003– Ex: Upgrade from 2104 to 2108
2000‐series 2002 2003ProtectedThroughput
500 Mbps 1 Gbps
Interface Options • 8x 10/100/1000 Copper• 8x GE (SX or LX)
2100‐series 2104 2105 2107 2108ProtectedThroughput
2 Gbps 4 Gbps 8 Gbps 10 Gbps
Interface Options • 12x 10/100/1000 Copper• 12x GE (SX or LX)
• 4x 10/100/1000, 4x GE SX, 4x GE LX• 2x 10GE (SR or LR)
Thank You