SlideShare a Scribd company logo

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC

Download as PPTX, PDF
Cloudflare, profile picture
Cloudflare

The document discusses the evolution of DDoS attacks and the importance of bot management in mitigating these threats, featuring insights from experts at Cloudflare and IDC. It highlights current trends in DDoS attacks, the challenges posed by increasing sophistication of attackers, and Cloudflare's approach to providing effective DDoS protection and bot management solutions. Key developments in the cybersecurity landscape, especially in Europe, and the necessity for comprehensive security strategies are also addressed.

Technology
1 of 31
Downloaded 16 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
The Morphing DDoS and Bot Landscape Featuring Guest Speaker from IDC
What you will learn today 2 How is DDoS evolving? Why should bot management also be part of your DDoS mitigation strategy? How Cloudflare helps you address these challenges
Today’s Speakers Timothy Fong Product Marketing Lead, Security Solutions @ Cloudflare Romain Fouchereau Manager, Security Appliance Program, European Systems and Infrastructure Solutions @ IDC
We are helping build a better Internet 4
5 Cloudflare Security Vision Provide world-class visibility, controls, and guided configurations so that customers of any size and technical sophistication can keep their Internet property safe and secure without sacrificing speed and performance 5
A Global Anycast Network 175+Data centers globally 2.8B Monthly active visitors generating 1.3 trillion page view 10%Internet requests everyday 8MRequests/second websites, apps & APIs in 150+ countries 14M+ 2x Speed up each request by
Rate Limiting SSL L3/4 DDoS Protection ` We secure traffic end-to-end, providing a layered defense Request Passed! Bot Management WAFDNS/DNSSEC Argo Tunnel 7 Orbit Spectrum EXTEND WorkersAccess CONTROL 7 L7 DDoS Protection
Factors increasing exposure to security risks Greater scrutiny by government and media around data, privacy and security Greater attack surface area from more public APIs, moving to the cloud, and increasing third-party integrations Stronger and more sophisticated attackers
IDC MarketScape: WW DDoS Prevention Solutions IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons. Cloudflare is positioned as a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Assessment According to IDC, Cloudflare Strengths are its "unique architecture" and "rapid on-boarding process which is considered one of the easiest and fastest in the industry." Source: IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment, by Martha Vazquez, March 2019, IDC #US43699318 Report Link: here
Romain Fouchereau is a Manager in IDC's Security Appliance Program, European Systems and Infrastructure Solutions. He specializes in monitoring the security server appliance market in Western Europe and maintains IDC’s extensive tracker product for this technology. Specific technology focus areas include network security (including unified threat management, firewall, IDP) and content management appliances. Of particular focus for Fouchereau is the development, evolution, and penetration of this technology and the approaches vendors are taking to stimulate adoption both at channel and end-user level. 10© IDC Today’s Presenter
© IDC 11 Three Security Mega Drivers in Europe Dynamic Threat Landscape Regulatory Upheaval Digital Transformation
Top Trends in Today’s DDoS Attacks 12© IDC ▪ Volumetric attack; TCP exhaustion ; Application layer; Multi-vector ▪ Volumetric to various types of DDoS attacks, such as TCP exhaustion , application layer, multi-vector ▪ IoT connected devices is becoming a major force behind DDoS attacks ▪ Highly profitable and low entry (e.g. Script Kiddies) ▪ Convergence of DDoS attack and fraud (e.g. targeting at business logics)
Prominent Types of DDoS Attacks 13© IDC Q. What type of attacks did you experience? Source: IDC DDoS Prevention Survey, January 2018, n=140 • TCP exhaustion (focuses on web servers, firewalls, and load balancers to disrupt connections, thus exhausting the finite number of concurrent connections devices can support) • Application layer attacks (also known as Layer 7 attacks, specifically targets weaknesses in an application or server with the goal of establishing a connection and exhausting it by monopolizing processes and transactions) • Multivector attacks (combine volumetric attacks, stateful exhaustion attacks, and application-layer attacks) • DDoS attacks with ransom requests • DDoS attacks as smoke screen
Over 50% of Respondents Had Been Attacked Between 1-10 Times in the Past Year With Over 60% Attacks Lasting an Average of 0-10 Hours 14© IDC Q. How frequently did your organization experience a DDoS attack in the past year? Q. If you experienced a DDoS attack, on average, how long did the attack last? Source: DDoS Prevention Survey, January 2018, IDC Frequency of Attacks Duration of Attacks
© IDC 15 Significant market developments More targeted attacks Evolution of the attacks Internet of Things & 5G E-commerce, E-gaming CX High Cost Botnet protection More Complex Larger Multi-Vector More sophisticated Part of larger illegal activity Easy targets Consumer devices have no security Huge scale of available new devices
© IDC 16 Bot Management Looking beyond DDoS attacks: Bot Activity ▪ Search engine bots ▪ Partner systems ▪ Web indexing ▪ Archiving ▪ Data collection ▪ Inventory hoarding ▪ Ad fraud / Skewed metrics ▪ Scalping ▪ Credential stuffing ▪ Account takeover ▪ Others (?)
© IDC 17 DDOS attacks headlines in Europe
© IDC 18 European Market Sizing Source: Western Europe DDoS Protection Forecast, 2018-2022 ▪ Growing demand for DDoS mitigation products and solutions in Europe at +13.8% CAGR through 2022 ▪ Cloud services growing faster and representing 2/3 of the total market
© IDC 19 European Trends ▪ Cloud providers adoption and MSSP growth ▪ IoT growth will only increase DDoS attacks ▪ European organisation increase DDoS Protection spending ▪ DDoS as smokescreen ▪ Beyond DDoS protection, need for Bot management
▪ Get the facts. To assess the imminent risk and determine what action to take and, perhaps more importantly, communicate to senior management, you must determine who, what, where, when, and how at a broad level. ▪ Identify, friend or foe. With facts in hand, now you can determine whether your organization is a target, in line for collateral damage, or reasonably unaffected. ▪ Take action. If you haven't planned for an outage or the attack exceeds your capacity, your immediate response options are limited to network reconfiguration or isolation (e.g., pulling the plug). ▪ Spread the (accurate) word. With major outages, communication is key. Remember, there could be all sorts of rumors spreading that can only be addressed with specifics of the organization's plan. ▪ Kick the tires. Even if your organization is not the target, these are excellent real-world scenarios that allow organizations to work through their protection mechanisms as if they are affected. ▪ Watch your back. Perhaps the more insidious opportunity for attackers during big splashy failures like these is to execute targeted attacks undercover, using the event as a distraction. ▪ Be a good neighbor. In today's interconnected world, your technical presence on the internet affects others. Downstream liability due to perceived negligence is a budding concern for many. © IDC 20 The CIOs’ Seven-Step Checklist for Internet Availability Source: IDC #US41895416, Nov2016 DNS DDoS Debacle: The CIO's Seven-Step Checklist for Internet Availability
Timothy Fong Security Lead, Product Marketing Manager @ Cloudflare
Industry Legacy Scrubbing vs. Cloudflare Always-On 22 Industry Legacy Scrubbing - Long propagation times (up to 300 sec) - Asynchronous routing - Adds significant latency - Typically requires manual intervention Always-On - Zero propagation time - Synchronous routing - No added latency - Immediate, automated mitigation, with no “cut over” required
Cloudflare DDoS Solution 23 Protect Non HTTP Ports Spectrum protects non- HTTP ports open to the Internet with the same distributed architecture Custom Rate Limiting Customers can tune Layer 7 protections to their specific applications and traffic profile through rate limiting rules. Resilient DNS Cloudflare’s resilient DNS protects customers from going down because their DNS is overwhelmed by a volumetric attack. Always On DDoS With automatic heuristics and a distributed Anycast network, Cloudflare’s Always On DDoS detects and mitigates Layer ¾ and Layer 7 attacks at scale.
Cloudflare DDoS Differentiation 24 Easy Deployment Easy to turn-on protections that mitigate within minutes and remain “always on” without requiring ongoing maintenance or configuration. Integrated Our integration with Bot Management and Firewall Rules gives additional capabilities from a single control plane. Scale As our network continues to grows, so does our capacity and data-driven insight to block attacks automatically.
Bot Management Use Cases Attempts to log into and take-over a user’s account by automatically applying previously stolen account credentials Steals public information from a website Adds malicious content to web properties such as forums and registration forms Credential Stuffing Content Scraping Content Spam Fraudulently purchases goods to deprive legitimate customers or resell for a higher price Inventory Hoarding Credit Card Stuffing Tries to validate stolen credit cards to then make fraudulent purchases 25
Cloudflare Bot Management One-Click Deployment ● With a single click, deploy rules with Cloudflare recommended bot score thresholds ● No instrumentation with third-party JavaScript required Control and Configurability ● Scope rules by path or URI pattern, request method, and bot score thresholds ● Select mitigation methods, such as log, CAPTCHA, or block Rich Analytics and Logs ● Time-series graphs with drill-down tables ● Logs bot management rule, action, and rich request meta-data for every request Detect and mitigate bad bots by leveraging intelligence from over 14 million Internet properties. All with one click.
Cloudflare Bot Management Methods Machine Learning Cloudflare’s ML trains on a curated subset of more than 475 billion requests per day across 14M+ Internet properties to create a reliable “bot score” for every request. Behavioral Analysis Behavioral analysis detects anomalies in site-specific traffic, scoring every request on how different it is from the baseline. Automatic Whitelist Because not all bots are bad, the solution automatically maintains and updates a white list of "good" bots, such as those belonging to search engines. Mobile SDK The mobile SDK prevents attacks against mobile application APIs by impersonation and emulation bots. 27 Detection Protection
Cloudflare Bot Management Differentiation 28 Integrated Complete not Complex Cloudflare Bot Management is best-in-class both as a stand-alone solution and as integrated with WAF and DDoS protection: ● Streamlines deployment by integrating with a CDN and smart routing for origin traffic. ● Shares control plane through UI and API with WAF and Firewall Rules for better consistency and lower context switching ● Gives a holistic view through common analytics and logs Deploys a bot management solution against a full range of bot attacks with a single click: ● Deploys protections against content/price scraping, credential and credit card stuffing, content spam, and inventory hoarding -- all in one click. ● Fingerprints all traffic without requiring Javascript injection ● Suggested rules work out-of-the box. No fiddling and endless configuration required to get solid results Smart Data Cloudflare Bot Management leverages the trillions of requests per day processed from protecting 14M+ Internet properties: ● Machine learning trains on data curated from 475B requests per day and analyzed on a state-of-the-art GPU cluster ● Our data set contains traffic from over 150 countries ● Learnings from one website are immediately applied to the whole network
Summary 29 How DDoS is evolving Why should bot management also be part of your DDoS mitigation strategy How Cloudflare helps you address these challenges
Questions?
Thank You

More Related Content

PPTX
What You're Missing With Your Current WAF Provider
Cloudflare
 
PPTX
Recent DDoS attack trends, and how you should respond
Cloudflare
 
PPTX
The Advent of Serverless Technologies
Cloudflare
 
PPTX
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
PPTX
Network Transformation: What it is, and how it’s helping companies stay secur...
Cloudflare
 
PDF
Stopping DDoS Attacks in North America
Cloudflare
 
PPTX
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
PPTX
Accelerate your digital transformation
Cloudflare
 
What You're Missing With Your Current WAF Provider
Cloudflare
 
Recent DDoS attack trends, and how you should respond
Cloudflare
 
The Advent of Serverless Technologies
Cloudflare
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Cloudflare
 
Stopping DDoS Attacks in North America
Cloudflare
 
Strengthening security posture for modern-age SaaS providers
Cloudflare
 
Accelerate your digital transformation
Cloudflare
 

What's hot (20)

PPTX
Fight bad bot on the internet
Cloudflare
 
PDF
A Different Approach to Securing Your Cloud Journey
Cloudflare
 
PPTX
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
PPTX
Web Performance Without Sacrificing Security: Featuring Forrester Guest Speaker
Cloudflare
 
PPTX
Application layer attack trends through the lens of Cloudflare data
Cloudflare
 
PPTX
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
Cloudflare
 
PPTX
Cyber Security 101
Cloudflare
 
PPTX
The 2019 Security Strategy
Cloudflare
 
PPTX
Why you should replace your d do s hardware appliance
Cloudflare
 
PPTX
Cyber security fundamentals (Cantonese)
Cloudflare
 
PPTX
Authentication, Security, and Performance for the Internet of Things
Cloudflare
 
PPTX
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Cloudflare
 
PPTX
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
PPTX
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
PPTX
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Cloudflare
 
PPTX
Cyber security fundamentals
Cloudflare
 
PPTX
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
PPTX
Filling the Gaps in Your DDoS Mitigation Strategy
Cloudflare
 
PPTX
Stopping DDoS Attacks In South Africa
Cloudflare
 
PDF
How to Plan for Performance and Scale for Multiplayer Games
Cloudflare
 
Fight bad bot on the internet
Cloudflare
 
A Different Approach to Securing Your Cloud Journey
Cloudflare
 
Bring speed and security to the intranet with cloudflare for teams
Cloudflare
 
Web Performance Without Sacrificing Security: Featuring Forrester Guest Speaker
Cloudflare
 
Application layer attack trends through the lens of Cloudflare data
Cloudflare
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
Cloudflare
 
Cyber Security 101
Cloudflare
 
The 2019 Security Strategy
Cloudflare
 
Why you should replace your d do s hardware appliance
Cloudflare
 
Cyber security fundamentals (Cantonese)
Cloudflare
 
Authentication, Security, and Performance for the Internet of Things
Cloudflare
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Cloudflare
 
Scaling service provider business with DDoS-mitigation-as-a-service
Cloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Cloudflare
 
Going Beyond the Cloud to Modernize Your Banking Infrastructure
Cloudflare
 
Cyber security fundamentals
Cloudflare
 
Zero trust for everybody: 3 ways to get there fast
Cloudflare
 
Filling the Gaps in Your DDoS Mitigation Strategy
Cloudflare
 
Stopping DDoS Attacks In South Africa
Cloudflare
 
How to Plan for Performance and Scale for Multiplayer Games
Cloudflare
 
Ad

Similar to The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC (20)

PPTX
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
Nexusguard
 
DOCX
DDoS Report.docx
Tushar Mathur
 
PDF
comparing-approaches-for-web-dns-infrastructure-security-white-paper
Renny Shen
 
PDF
Level 3 Security solutions
Alan Rudd
 
PDF
The role of DDoS Providers
Neil Hinton
 
PDF
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
 
PDF
The_Forrester_Wave_DDoS_S 2015Q3.PDF
Dominik Suter
 
PDF
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks
 
PDF
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Rachel Wandishin
 
PDF
DDoS Mitigation Tools Explained_ Key Features, Benefits, and Implementation I...
GargiBen
 
DOCX
ITSecurity_DDOS_Mitigation
R. Blake Martin
 
PDF
a-guide-to-ddos-2015-2
Mike Revell
 
PDF
Introduction of Cloudflare Solution for Mobile Payment
Jean Ryu
 
PDF
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
Cristian Garcia G.
 
PPT
ICRTITCS-2012 Conference Publication
Tejaswi Agarwal
 
PPTX
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
PDF
HaltDos DDoS Protection Solution
Haltdos
 
PPTX
The evolution of IT in a cloud world
Zscaler
 
PPT
UTM Unified Threat Management
Lokesh Sharma
 
PDF
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
Nexusguard
 
DDoS Report.docx
Tushar Mathur
 
comparing-approaches-for-web-dns-infrastructure-security-white-paper
Renny Shen
 
Level 3 Security solutions
Alan Rudd
 
The role of DDoS Providers
Neil Hinton
 
Cloudflare_Everywhere_Security_Solution_Brief (1).pdf
petchphumsanit40
 
The_Forrester_Wave_DDoS_S 2015Q3.PDF
Dominik Suter
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Rachel Wandishin
 
DDoS Mitigation Tools Explained_ Key Features, Benefits, and Implementation I...
GargiBen
 
ITSecurity_DDOS_Mitigation
R. Blake Martin
 
a-guide-to-ddos-2015-2
Mike Revell
 
Introduction of Cloudflare Solution for Mobile Payment
Jean Ryu
 
DETENIENDO LOS ATAQUES DDOS CON NSFOCUS
Cristian Garcia G.
 
ICRTITCS-2012 Conference Publication
Tejaswi Agarwal
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
HaltDos DDoS Protection Solution
Haltdos
 
The evolution of IT in a cloud world
Zscaler
 
UTM Unified Threat Management
Lokesh Sharma
 
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
Ad

More from Cloudflare (10)

PDF
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
PPTX
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Cloudflare
 
PPTX
Why Zero Trust Architecture Will Become the New Normal in 2021
Cloudflare
 
PPTX
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
PPTX
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
PPTX
It’s 9AM... Do you know what’s happening on your network?
Cloudflare
 
PPTX
Cyber security fundamentals (simplified chinese)
Cloudflare
 
PPTX
Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflare
 
PPTX
Webinar - Cyber Security basics in Japanese
Cloudflare
 
PDF
How to Build a Practical and Cost-Effective Security Strategy
Cloudflare
 
Succeeding with Secure Access Service Edge (SASE)
Cloudflare
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Cloudflare
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Cloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
Cloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cloudflare
 
It’s 9AM... Do you know what’s happening on your network?
Cloudflare
 
Cyber security fundamentals (simplified chinese)
Cloudflare
 
Cloudflareのソリューションを使用して悪意のあるBot対策
Cloudflare
 
Webinar - Cyber Security basics in Japanese
Cloudflare
 
How to Build a Practical and Cost-Effective Security Strategy
Cloudflare
 

Recently uploaded (20)

PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
A Presentation on Touch Screen Technology
memembruh336
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
project resource management chapter-09.pdf
ssuser00e6e21
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Encapsulation theory and applications.pdf
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Mushroom cultivation and it's methods.pdf
mailmeonrishi
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
Transform Your ITIL® 4 & ITSM Strategy with AI in 2025.pdf
PDCA Consulting
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 

The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC

  • 1. The Morphing DDoS and Bot Landscape Featuring Guest Speaker from IDC
  • 2. What you will learn today 2 How is DDoS evolving? Why should bot management also be part of your DDoS mitigation strategy? How Cloudflare helps you address these challenges
  • 3. Today’s Speakers Timothy Fong Product Marketing Lead, Security Solutions @ Cloudflare Romain Fouchereau Manager, Security Appliance Program, European Systems and Infrastructure Solutions @ IDC
  • 4. We are helping build a better Internet 4
  • 5. 5 Cloudflare Security Vision Provide world-class visibility, controls, and guided configurations so that customers of any size and technical sophistication can keep their Internet property safe and secure without sacrificing speed and performance 5
  • 6. A Global Anycast Network 175+Data centers globally 2.8B Monthly active visitors generating 1.3 trillion page view 10%Internet requests everyday 8MRequests/second websites, apps & APIs in 150+ countries 14M+ 2x Speed up each request by
  • 7. Rate Limiting SSL L3/4 DDoS Protection ` We secure traffic end-to-end, providing a layered defense Request Passed! Bot Management WAFDNS/DNSSEC Argo Tunnel 7 Orbit Spectrum EXTEND WorkersAccess CONTROL 7 L7 DDoS Protection
  • 8. Factors increasing exposure to security risks Greater scrutiny by government and media around data, privacy and security Greater attack surface area from more public APIs, moving to the cloud, and increasing third-party integrations Stronger and more sophisticated attackers
  • 9. IDC MarketScape: WW DDoS Prevention Solutions IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons. Cloudflare is positioned as a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Assessment According to IDC, Cloudflare Strengths are its "unique architecture" and "rapid on-boarding process which is considered one of the easiest and fastest in the industry." Source: IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment, by Martha Vazquez, March 2019, IDC #US43699318 Report Link: here
  • 10. Romain Fouchereau is a Manager in IDC's Security Appliance Program, European Systems and Infrastructure Solutions. He specializes in monitoring the security server appliance market in Western Europe and maintains IDC’s extensive tracker product for this technology. Specific technology focus areas include network security (including unified threat management, firewall, IDP) and content management appliances. Of particular focus for Fouchereau is the development, evolution, and penetration of this technology and the approaches vendors are taking to stimulate adoption both at channel and end-user level. 10© IDC Today’s Presenter
  • 11. © IDC 11 Three Security Mega Drivers in Europe Dynamic Threat Landscape Regulatory Upheaval Digital Transformation
  • 12. Top Trends in Today’s DDoS Attacks 12© IDC ▪ Volumetric attack; TCP exhaustion ; Application layer; Multi-vector ▪ Volumetric to various types of DDoS attacks, such as TCP exhaustion , application layer, multi-vector ▪ IoT connected devices is becoming a major force behind DDoS attacks ▪ Highly profitable and low entry (e.g. Script Kiddies) ▪ Convergence of DDoS attack and fraud (e.g. targeting at business logics)
  • 13. Prominent Types of DDoS Attacks 13© IDC Q. What type of attacks did you experience? Source: IDC DDoS Prevention Survey, January 2018, n=140 • TCP exhaustion (focuses on web servers, firewalls, and load balancers to disrupt connections, thus exhausting the finite number of concurrent connections devices can support) • Application layer attacks (also known as Layer 7 attacks, specifically targets weaknesses in an application or server with the goal of establishing a connection and exhausting it by monopolizing processes and transactions) • Multivector attacks (combine volumetric attacks, stateful exhaustion attacks, and application-layer attacks) • DDoS attacks with ransom requests • DDoS attacks as smoke screen
  • 14. Over 50% of Respondents Had Been Attacked Between 1-10 Times in the Past Year With Over 60% Attacks Lasting an Average of 0-10 Hours 14© IDC Q. How frequently did your organization experience a DDoS attack in the past year? Q. If you experienced a DDoS attack, on average, how long did the attack last? Source: DDoS Prevention Survey, January 2018, IDC Frequency of Attacks Duration of Attacks
  • 15. © IDC 15 Significant market developments More targeted attacks Evolution of the attacks Internet of Things & 5G E-commerce, E-gaming CX High Cost Botnet protection More Complex Larger Multi-Vector More sophisticated Part of larger illegal activity Easy targets Consumer devices have no security Huge scale of available new devices
  • 16. © IDC 16 Bot Management Looking beyond DDoS attacks: Bot Activity ▪ Search engine bots ▪ Partner systems ▪ Web indexing ▪ Archiving ▪ Data collection ▪ Inventory hoarding ▪ Ad fraud / Skewed metrics ▪ Scalping ▪ Credential stuffing ▪ Account takeover ▪ Others (?)
  • 17. © IDC 17 DDOS attacks headlines in Europe
  • 18. © IDC 18 European Market Sizing Source: Western Europe DDoS Protection Forecast, 2018-2022 ▪ Growing demand for DDoS mitigation products and solutions in Europe at +13.8% CAGR through 2022 ▪ Cloud services growing faster and representing 2/3 of the total market
  • 19. © IDC 19 European Trends ▪ Cloud providers adoption and MSSP growth ▪ IoT growth will only increase DDoS attacks ▪ European organisation increase DDoS Protection spending ▪ DDoS as smokescreen ▪ Beyond DDoS protection, need for Bot management
  • 20. ▪ Get the facts. To assess the imminent risk and determine what action to take and, perhaps more importantly, communicate to senior management, you must determine who, what, where, when, and how at a broad level. ▪ Identify, friend or foe. With facts in hand, now you can determine whether your organization is a target, in line for collateral damage, or reasonably unaffected. ▪ Take action. If you haven't planned for an outage or the attack exceeds your capacity, your immediate response options are limited to network reconfiguration or isolation (e.g., pulling the plug). ▪ Spread the (accurate) word. With major outages, communication is key. Remember, there could be all sorts of rumors spreading that can only be addressed with specifics of the organization's plan. ▪ Kick the tires. Even if your organization is not the target, these are excellent real-world scenarios that allow organizations to work through their protection mechanisms as if they are affected. ▪ Watch your back. Perhaps the more insidious opportunity for attackers during big splashy failures like these is to execute targeted attacks undercover, using the event as a distraction. ▪ Be a good neighbor. In today's interconnected world, your technical presence on the internet affects others. Downstream liability due to perceived negligence is a budding concern for many. © IDC 20 The CIOs’ Seven-Step Checklist for Internet Availability Source: IDC #US41895416, Nov2016 DNS DDoS Debacle: The CIO's Seven-Step Checklist for Internet Availability
  • 21. Timothy Fong Security Lead, Product Marketing Manager @ Cloudflare
  • 22. Industry Legacy Scrubbing vs. Cloudflare Always-On 22 Industry Legacy Scrubbing - Long propagation times (up to 300 sec) - Asynchronous routing - Adds significant latency - Typically requires manual intervention Always-On - Zero propagation time - Synchronous routing - No added latency - Immediate, automated mitigation, with no “cut over” required
  • 23. Cloudflare DDoS Solution 23 Protect Non HTTP Ports Spectrum protects non- HTTP ports open to the Internet with the same distributed architecture Custom Rate Limiting Customers can tune Layer 7 protections to their specific applications and traffic profile through rate limiting rules. Resilient DNS Cloudflare’s resilient DNS protects customers from going down because their DNS is overwhelmed by a volumetric attack. Always On DDoS With automatic heuristics and a distributed Anycast network, Cloudflare’s Always On DDoS detects and mitigates Layer ¾ and Layer 7 attacks at scale.
  • 24. Cloudflare DDoS Differentiation 24 Easy Deployment Easy to turn-on protections that mitigate within minutes and remain “always on” without requiring ongoing maintenance or configuration. Integrated Our integration with Bot Management and Firewall Rules gives additional capabilities from a single control plane. Scale As our network continues to grows, so does our capacity and data-driven insight to block attacks automatically.
  • 25. Bot Management Use Cases Attempts to log into and take-over a user’s account by automatically applying previously stolen account credentials Steals public information from a website Adds malicious content to web properties such as forums and registration forms Credential Stuffing Content Scraping Content Spam Fraudulently purchases goods to deprive legitimate customers or resell for a higher price Inventory Hoarding Credit Card Stuffing Tries to validate stolen credit cards to then make fraudulent purchases 25
  • 26. Cloudflare Bot Management One-Click Deployment ● With a single click, deploy rules with Cloudflare recommended bot score thresholds ● No instrumentation with third-party JavaScript required Control and Configurability ● Scope rules by path or URI pattern, request method, and bot score thresholds ● Select mitigation methods, such as log, CAPTCHA, or block Rich Analytics and Logs ● Time-series graphs with drill-down tables ● Logs bot management rule, action, and rich request meta-data for every request Detect and mitigate bad bots by leveraging intelligence from over 14 million Internet properties. All with one click.
  • 27. Cloudflare Bot Management Methods Machine Learning Cloudflare’s ML trains on a curated subset of more than 475 billion requests per day across 14M+ Internet properties to create a reliable “bot score” for every request. Behavioral Analysis Behavioral analysis detects anomalies in site-specific traffic, scoring every request on how different it is from the baseline. Automatic Whitelist Because not all bots are bad, the solution automatically maintains and updates a white list of "good" bots, such as those belonging to search engines. Mobile SDK The mobile SDK prevents attacks against mobile application APIs by impersonation and emulation bots. 27 Detection Protection
  • 28. Cloudflare Bot Management Differentiation 28 Integrated Complete not Complex Cloudflare Bot Management is best-in-class both as a stand-alone solution and as integrated with WAF and DDoS protection: ● Streamlines deployment by integrating with a CDN and smart routing for origin traffic. ● Shares control plane through UI and API with WAF and Firewall Rules for better consistency and lower context switching ● Gives a holistic view through common analytics and logs Deploys a bot management solution against a full range of bot attacks with a single click: ● Deploys protections against content/price scraping, credential and credit card stuffing, content spam, and inventory hoarding -- all in one click. ● Fingerprints all traffic without requiring Javascript injection ● Suggested rules work out-of-the box. No fiddling and endless configuration required to get solid results Smart Data Cloudflare Bot Management leverages the trillions of requests per day processed from protecting 14M+ Internet properties: ● Machine learning trains on data curated from 475B requests per day and analyzed on a state-of-the-art GPU cluster ● Our data set contains traffic from over 150 countries ● Learnings from one website are immediately applied to the whole network
  • 29. Summary 29 How DDoS is evolving Why should bot management also be part of your DDoS mitigation strategy How Cloudflare helps you address these challenges