Transcription
How F5 Helps Customers FacingDDoS Attacks and ThreatsTed NixonManager, Global Services SalesStephen KielSecurity Specialist
A New Perimeter Requires New DefensesApplications are exposed from end to end
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:Distributed Denial of Service (DDoS) attacks are bad and getting worse.
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:Distributed Denial of Service (DDoS) attacks are bad and getting worse.The Challenges:
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:Distributed Denial of Service (DDoS) attacks are bad and getting worse.The Challenges:How can you leverage and strengthen your relationship with the customerwhile solving an immediate threat that could cause critical downtime?
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:Distributed Denial of Service (DDoS) attacks are bad and getting worse.The Challenges:How can you leverage and strengthen your relationship with the customerwhile solving an immediate threat that could cause critical downtime?
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:Distributed Denial of Service (DDoS) attacks are bad and getting worse.The Challenges:How can you leverage and strengthen your relationship with the customerwhile solving an immediate threat that could cause critical downtime?The Solution:
A New Perimeter Requires New DefensesApplications are exposed from end to endThe Problem:Distributed Denial of Service (DDoS) attacks are bad and getting worse.The Challenges:How can you leverage and strengthen your relationship with the customerwhile solving an immediate threat that could cause critical downtime?The Solution:F5 Silverline DDoS Protection service, DDoS Hybrid Defender, andthe Emergency Onboarding Process.
DDoS Attacks:From Bad to Worse
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
DDoS Attacks MotivatorsAccidentsFameExtortionBusiness acktivismInter-Personal/-Group RivalryMisconfigurationIdeologyFinancial Market eNotorietyDistraction/DiversionIn other words: Money, Protest, Mischief, Rivalry, Incompetence, or Narcissism 2016 F5 Networks5
Threats Today: HacktivismUsing and abusing technology to affect social change 2016 F5 Networks6
Threats Today: HacktivismUsing and abusing technology to affect social change 2016 F5 Networks6
Threats Today: HacktivismUsing and abusing technology to affect social changeHacktivism is a form of cyber terrorism Rooted in hacker culture—i.e., hacker activism. Usually related to free speech, human rights, or freedom of information. 2016 F5 Networks6
Threats Today: HacktivismUsing and abusing technology to affect social changeHacktivism is a form of cyber terrorism Rooted in hacker culture—i.e., hacker activism. Usually related to free speech, human rights, or freedom of information.Anonymous is synonymous with hacktivism “Anonymous has a very loose and decentralized commandstructure that operates on ideas rather than directives.”* Their activities have evolved over time from making prankphone calls, to sending black faxes, to launching DDoS attacks.*Source: http://www.wired.com/images blogs/threatlevel/2010/12/ANONOPS The Press Release.pdf 2016 F5 Networks6
Threats Today: HacktivismRecent Anonymous DDoS targetsMarch 2016Low OrbitIon CannonISIS, Donald Trump (again), NASA, Oakland CountyRepublicansApril 2016Angolan, Ku Klux Klan, Black Lives Matter, Israel, Denmark,Iceland, Dalhousie University, ItalyMay 2016Multiple global financial institutions, North CarolinaPraetox.comJune/July 2016 ? 2016 F5 Networks7
Threats Today: DDoS ExtortionPay up or be taken downThe DDoS extortion model is proven:1.2.3.4.Threaten a company with a major Distributed Denial of Service attack.Execute an immediate warning DDoS attack as proof of intent and capability.Demand a payment (usually in Bitcoin) to prevent a future massive DDoS attack.Follow up with further threats to heighten the fear. 2016 F5 Networks8
Threats Today: DDoS ExtortionPay up or be taken downThe DDoS extortion model is proven:1.2.3.4.Threaten a company with a major Distributed Denial of Service attack.Execute an immediate warning DDoS attack as proof of intent and capability.Demand a payment (usually in Bitcoin) to prevent a future massive DDoS attack.Follow up with further threats to heighten the fear.Why use Bitcoin?It is a new and unregulated currency that allowsextortionists to accept payments anonymously 2016 F5 Networks8
Threats Today: DDoS ExtortionNew DDoS extortionists emerge using the same old tricks (and names)DD4BC (DDoS for Bitcoin)—Mid 2014Attacked 140 companies; Suspects arrested by Europol in January 2016.Armada Collective—Fall 2015/Spring 2016Attacked dozens of companies and growing.Caremini—Spring 2016Multiple German companies threatened to pay “charity donations.”More greedy copycats and impersonators continue to appearSome threats are not even reinforced with warning attacks! 2016 F5 Networks9
Threats Tomorrow: ?Today’s young online gamers may become tomorrow’s DDoS extortionists 2016 F5 Networks10
Threats Tomorrow: ?Today’s young online gamers may become tomorrow’s DDoS extortionists 2016 F5 Networks10
Threats Tomorrow: ?Today’s young online gamers may become tomorrow’s DDoS extortionistsOnline Stresser/Booter service 2016 F5 Networks10
Threats Tomorrow: ?Today’s young online gamers may become tomorrow’s DDoS extortionistsOnline Stresser/Booter service 2016 F5 Networks10
Threats Tomorrow: ?Today’s young online gamers may become tomorrow’s DDoS extortionists/\ /\ \ \ / \( ) / /\/ ' \ / \ / \/ / \ / \ ' \/ / \/ / / \ / / / / /\ / ( ) ( ) ) / / \\ ( /\/ \ \ \ \/ \ / \ / . / \ / \ , \ , \ Online Stresser/Booter service 2016 F5 NetworksCyber attack how-to guidesreleased by Anonymous to targetISIS websites in November 2016 inresponse to the Paris bombings10
Threats Tomorrow: ?Today’s young online gamers may become tomorrow’s DDoS extortionists?/\ /\ \ \ / \( ) / /\/ ' \ / \ / \/ / \ / \ ' \/ / \/ / / \ / / / / /\ / ( ) ( ) ) / / \\ ( /\/ \ \ \ \/ \ / \ / . / \ / \ , \ , \ Online Stresser/Booter service 2016 F5 NetworksCyber attack how-to guidesreleased by Anonymous to targetISIS websites in November 2016 inresponse to the Paris bombings10
F5 SilverlineDDoS Protection Service
WarsawPOLANDSeattle, WAUSAFrankfurtGERMANYSan Jose, CAUSAAshburn, VAUSASingaporeSINGAPORESecurity OperationCenters (SOCs)ScrubbingCenters 2016 F5 NetworksSilverline Service ingBandwidth12
F5 Silverline DDoS Protection ServiceMultiple deployment optionsStandaloneDeploymentLegitimateUserNo On-PremisesEquipment RequiredInternetOriginated BGPannouncementGRE TunnelISPCustomer EdgeRouterF5 Silverline DDoSProtection/CustomerBGP PeeringCustomerData CenterDDoSAttackerISP 2016 F5 Networks13
F5 Silverline DDoS Protection ServiceMultiple deployment riginated BGPannouncementNo On-PremisesEquipment RequiredGRE TunnelISPCustomer EdgeRouterF5 Silverline DDoSProtection/CustomerBGP PeeringCustomerData CenterDDoSAttackerISPOptional BIG-IP SignalingHybridDeploymentLeverage OnPremises BIG-IPTechnologyLegitimateUserInternetOriginated BGPannouncementGRE TunnelISPCustomer EdgeRouterF5 Silverline DDoSProtection/CustomerBGP PeeringCustomerData CenterDDoSAttackerISP 2016 F5 Networks13
F5 Silverline DDoS Protection ServiceMultiple deployment riginated BGPannouncementNo On-PremisesEquipment RequiredGRE TunnelISPCustomer EdgeRouterF5 Silverline DDoSProtection/CustomerBGP PeeringCustomerData CenterOptional Router MonitoringDDoSAttackerISPOptional BIG-IP SignalingHybridDeploymentLeverage OnPremises BIG-IPTechnologyLegitimateUserInternetOriginated BGPannouncementGRE TunnelISPDDoSAttackerCustomer EdgeRouterF5 Silverline DDoSProtection/CustomerBGP PeeringCustomerData CenterOptional Router MonitoringISP 2016 F5 Networks13
F5 Silverline DDoS Protection ServiceMultiple service options 2016 F5 Networks14
F5 Silverline DDoS Protection ServiceMultiple service options 2016 F5 Networks14
F5 Silverline DDoS Protection ServiceMultiple service optionsAlways OnPrimary protection as thefirst line of defenseAlways AvailablePrimary protectionavailable on-demandStops bad traffic from ever reaching your networkRuns on stand-byContinuously processes all traffic through the cloudscrubbing serviceInitiated when under DDoS attackDelivers only legitimate traffic to your site 2016 F5 NetworksMitigates attack traffic on arrival14
Cost Components of ServiceType of Service Always On AlwaysAvailableClean Bandwidth Returned trafficduring attack—95th percentileLength of Term 1-yearagreement 3-yearagreement Number ofAssets Protecting # of DCs, VIPs The F5 Silverline AccountManagement team willassist you in scoping outthe deal
F5 DDoS Hybrid Defender
Introducing F5’s New Standalone Security ProductF5 DDoS Hybrid DefenderIntegrated Layer 3 – Layer 7 DDoSProtection in one applianceNative behavioral analysis capabilities forsophisticated DDoS threat discoveryBuilt-in SSL attack defense with support fortermination and inspection of SSL trafficBot detection for automated layer 7 DDoSdefenseStreamlined cloud off load of volumetricattack trafficMultiple BIG-IP platform choices andflexible hybrid deployment options80 Gbps – 1 Tbps15 Gbps – 30 GbpsUp to 10 GbpsBIG-IPVirtual Editions(1G, 3G, 5G)BIG-IPPlatform(5250V)VIPRIONPlatform(FUTURE)
Example Hybrid On Premises/Cloud DeploymentF5 DDoS Hybrid Defender F5 Silverline DDoS Protection ServiceTier 1CustomersTier 2ISPaL3/L4 DDoS MitigationDDoS AttackCustomersISPbF5 DDoS Hybrid DefenderFirewallSSL TerminationL7 DDoS MitigationF5 DDoS Hybrid DefenderDDoS AttackL3/L4 DDoS MitigationF5 SilverlineDDoS Protection Service Layer 3/Layer 4 DDoS mitigation in front of Firewall forsmall-medium volumetric DDoS attack protection Layer 7 DDoS mitigation with SSL termination behindFirewall for SSL and Protocol based DDoS attack protection Always Available (on-demand) Silverline Service withsignaling for large-huge volumetric DDoS attack protection
F5 Emergency Onboarding Process
Emergency Activation of F5 Silverline ServicesWorking with a customer who is under DDoS attack (or being threatened)If your customer calls you, do the following:1. Contact F5 24x7 live under attack hotline: 866-329-4253 Silverline sales team: AMERSilverlineSalesTeam@F5.com2. Silverline specialist will engage with you and your customer3. Deliver a quote and confirm the purchase
Engaging with the Dedicated Specialist TeamBreaking down the customer engagement with the Silverline Specialist TeamF5 SpecialistHas Call withPartner andCustomerF5 SpecialistSends ServiceTerms toCustomerCustomerExecutesServiceTermsF5 SOCCompletesOnboardingProcessF5 SOCBeginsDDoS AttackMitigationRequirement DiscoveryScopingTechnical Q&APricingNext Steps Action Items 2016 F5 Networks21
Engaging with the Dedicated Specialist TeamBreaking down the customer engagement with the Silverline Specialist TeamF5 SpecialistHas Call withPartner andCustomerF5 SpecialistSends ServiceTerms toCustomerCustomerExecutesServiceTermsF5 SOCCompletesOnboardingProcessF5 SOCBeginsDDoS AttackMitigationService terms sent to customer throughDocuSign(minimum 1-year commitment) 2016 F5 Networks22
Engaging with the Dedicated Specialist TeamBreaking down the customer engagement with the Silverline Specialist TeamF5 SpecialistHas Call withPartner andCustomerF5 SpecialistSends ServiceTerms toCustomerCustomerExecutesServiceTermsF5 SOCCompletesOnboardingProcessF5 SOCBeginsDDoS AttackMitigationCustomer signs terms via DocuSignPartner confirms purchase of services bycustomer 2016 F5 Networks23
Engaging with the Dedicated Specialist TeamBreaking down the customer engagement with the Silverline Specialist TeamF5 SpecialistHas Call withPartner andCustomerF5 SpecialistSends ServiceTerms toCustomerCustomerExecutesServiceTermsF5 SOCCompletesOnboardingProcessF5 SOCBeginsDDoS AttackMitigationSpecialist authorizes provisioning to SOCSOC sends provisioning emailSOC reaches out to customer for on boardingcall (if necessary)Provisioning begins(15 minutes—proxy/4 hours—routed) 2016 F5 Networks24
Engaging with the Dedicated Specialist TeamBreaking down the customer engagement with the Silverline Specialist TeamF5 SpecialistHas Call withPartner andCustomerF5 SpecialistSends ServiceTerms toCustomerCustomerExecutesServiceTermsF5 SOCCompletesOnboardingProcessF5 SOCBeginsDDoS AttackMitigationOnce provisioning complete and tested,traffic is redirected to SilverlineHipChat or conference call is openedScrubbing begins 2016 F5 Networks25
Recent Success: CompuNetA retail customer of CompuNet, a 2015 Unity Rising Star Partner of theYear, received a low level and threatening ransom demand email from theArmada Collective. Rather than pay the demand which expired in 24 hours, this customer relied on their trustedreseller to offer a solution which will allow them to meet their stringent technical requirements,engage in their purchase process, and complete provisioning before the attack deadline.“First Call at Noon PO signed by 6:00 routing traffic by8:00, all traffic converged and routing through Silverline by9:30. If that isn’t a story we can sell, I don’t know what is.The F5/Silverline experience was unbelievable. I franklycannot believe that this kind of an experience waspossible.”-Robert Elsethagen, Consulting Engineer, CompuNet, Inc. F5 Networks, Inc26
Action ItemsStart your preparations now and be ready to goPlant SeedsEducate customer base on their optionsPosition yourselves and F5 as the firstpoint of contactDiscuss the benefits of being proactiveContinue to WaterContinually drip feed your customersDDoS information so that they think ofyou and F5 in their time of need 2016 F5 Networks27
GiveFeedback–GetPoints! Addclasstoyourpersonalschedule. SurveywillpopupinMobileApp. Answerthemultiplechoice. Submityourquestiontocomplete. Receive5points!
Manager, Global Services Sales . F5 Silverline DDoS Protection service, DDoS Hybrid Defender, and . Stops bad traffic from ever reaching your network Continuously processes all traffic through the cloud-scrubbing service Delivers only legitimate traffic to your site Multiple service options 14
