radware: anatomy of an iot botnet and economics of defense · radware: anatomy of an iot botnet and...

Radware: Anatomy of an IoT Botnet and Economics of Defense

Eric Grubel

BRKPAR-4000

Anatomy of an IoT Botnet and Economics of Defense

Eric Grubel

January 2018

VP, Business Development

Time isMoney

Theme of Discussion Today

5

Market Leader in Application Availability solutions

7/14 Top Stock Exchanges

12/22 Top Commercial Banks

>$200MRevenue

6/10 Top Carriers

3/7 Top Cloud Service Providers

Carriers, Service & Cloud ProvidersFinancial Services

Awarded Best Managed Security Service 2016

Enterprise, Retail & Online Businesses1/5 Top Brand in Every Key Vertical

About Radware

6Biggest Business Concern If Faced w/a Cyber-Attack

• Data loss followed by reputation loss were the biggest concerns related to cyber-attacks.

• Fewer were concerned with revenue loss this year, compared to 2016.

What is your concern if faced with a cyber-attack?

10%

10%

13%

17%

23%

28%

0% 5% 10% 15% 20% 25% 30%

Productivity loss

Customer / partner loss

Revenue loss

Reputation loss

Availability / SLA Degradation

Data Leakage/ information…

7Vertical Highlights

40%

42% 31%

73%

24%

Of retailers report bot traffic above75% of total

Of education institutes actually fear availability issues, over data theft or reputation loss

Of service providers intend to invest in DDoS mitigation in 2018

Of government and public sector organizations suffer attacks daily

Of healthcare’s express low to medium confidence in securing patient records

44%Of financials do not track the dark web after a data security breach

8Security Measures Following Attacks (2017)

• In general, customers are not holding organizations responsible for cyber-attacks

• Customers filing lawsuits following data breaches or DDoS downtime are more common in APAC

9%

9%

13%

7%

10%

5%

9%

11%

12%

75%

70%

70%

0% 20% 40% 60% 80% 100%

Malware contamination andpropogation

Data breach

DDoS downtime Customers askingfor compensation

Lawsuits

Q.19b: Have any of your customers taken any measures because of any of the following attacks against your organization?

9Modern Day Bots: IoT-Based Botnets

• IoT is the birthplace for new type of bots and malwares.

• Unsophisticated, yet very efficient and lethal.

Mirai Hajime BrickerBot

10IoT Botnets - Modus Operandi

Infection vectors:

• SSH/Telnet brute force

• TR-069 protocol

• Manufacturer backdoors

Taking advantage of factory flaws to

infect

Identify the

device

Upload the

matching binary

Drop the

payload

Remove other

malware

Scan for more

devices

11Failure Points in the Data Center

• Internet Pipe Saturation incidence grew 50% from 2016

• Servers are compromised the most - as they keep the lucrative data

• 40% growth in complete outages over mere service degradation

Internet pipe (Saturation)

37%

Firewall

17%

IPS/IDS

6% Load Balancer(ADC)

4% The Server Under Attack

35%

SQLServer

1%

Internet Pipe Firewall IPS/IDS Load Balancer/ADC

Server Under Attack

SQL Server

12Cisco transforms security service integration

• Integrated Radware Virtual DefensePro (vDP) in-line DDoS mitigates attacks

• Available on Cisco Firepower 4100 / 9300 series

• Lower latency than a stand-alone DDoS solution

• Consolidation with simplified support and procurement

• Fully automated solution

Unified Threat Platform with Integrated Security

Data Packet

100100010111100010

1110

DDoS FW NGIPS AMP

Maximum Protection

Low Latency Scalable processing

URL Filtering

SSL

Key:

Cisco Service

3rd Party Service

13Stay Focused. Be Prepared.

Don’t be the next Equifax. Build your protection strategy.

Consolidate and automate

Elastic, unified systems against multiple threats.

Fight fire with fire

AI based solutions to mitigate advanced cyber-

weapons.

Hope for the best, Prepare for the worst

Study new technologies, have an ER plan.

Thank YouEric Grubel

VP, Business Developmenteric.grubel@radware.com

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

• Please complete your Online Session Evaluations after each session

• Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt

• All surveys can be completed via the Cisco Live Mobile App or the Communication Stations

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/.

Complete Your Online Session Evaluation

© 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Tech Circle

• Meet the Engineer 1:1 meetings

• Related sessions

16BRKPAR-4000

Thank you