Introduction to Cybersecurity Part 4

Introduction to Cybersecurity Part 4

Introduction to Cybersecurity Part 4

This is a 6 part introduction to Cybersecurity. The fourth and following parts of the guide introduces the reader to a case study:

Which Technologies, Products/Providers Can Be Used To Counter 2 threats (DDOS attack and SQL Injection)?

Forrester Research Analysis:

a. Akamai Technologies
b. Century Link
c. CloudFlare
d. DOSarrest Internet Security
e. F5 Networks
f. Imperva
g. Level 3 Communications
h. Neustar
i. Verisign

Figure 2- DDoS service provider comparative analysis (Source-Forrester Research)

Figure 2- DDoS service provider comparative analysis (Source-Forrester Research)

Current offering: Each vendor’s position on the vertical axis of the Forrester Wave graphic indicates the strength of its current DDoS product offering. The sets of capabilities evaluated in this category are: the vendor’s business description, alert notification process (DDoS monitoring service), amplification attack defense, attack types defended, automated response capabilities (on-demand modes of operation), customer portal features, customer references, data/scrubbing center geographic presence, defended network protocols, defense tactics (prior to an attack), detection tactics, filtering rule deployment times, IP location and maps, response tactics (after an attack is detected), SSL traffic inspection capabilities, standard mitigation times, supported devices, and traffic redirection techniques.

Strategy: a vendor’s position on the horizontal axis indicates the strength of its DDoS strategy, specifically focused on the customer communications process. Solution development plans, business and technical value, pricing models, geographies served, hybrid implementation availability, threat intelligence capabilities, system integration partners, technology partners, value-added resellers, technical and development staff, professional services staff, and sales staff.

Market presence: the size of the vendor’s bubble on the chart indicates its market presence, which Forrester measured based on the company’s client base, revenue, revenue growth, and the years the firm has offered DDoS services.

Evaluation of providers:

Akamai Technologies, CloudFlare, Imperva, CenturyLink, and Verisign are Leaders. To be a leader in a Forrester Wave, a vendor must have a strong current offering and a strong strategy that will clearly address current and future market needs. These vendors demonstrate effective portals, good client and revenue growth, and a focus on customer service. Each of the leaders offers a robust set of capabilities for DDoS protection services, with the ability to defend against the largest amplification attacks and the most pernicious application attacks.

F5 Networks, Neustar, DOSarrest, and Level 3 Communications are Strong Performers. Strong Performers offer solid DDoS protection services and often compete successfully with similar levels of service and price as the leaders. Compared with the leaders, the Strong Performers did not rate as consistently well across key areas such as business value, client references, customer services, information portals, security analytics, and threat intelligence. While not all of their capabilities are at the level of the leaders, if you are looking to outsource security to a competent partner, you should consider these vendors.

Providers from IP Expo Europe:

a. Kaspersky

Kaspersky DDoS Protection is a solution that protects against all types of DDoS attacks by using a distributed infrastructure of data cleaning centers. The solution combines different methods, including traffic filtration on the provider side, installation of a remotely controlled appliance to analyze traffic next to the client’s infrastructure, and the use of specialized cleaning centers with flexible filters. In addition the solution’s work is constantly monitored by Kaspersky Lab’s experts, so the onset of any attack can be detected as soon as possible, and filters can be modified as required.

Kaspersky DDoS Protection in Active Mode

Kaspersky DDoS Protection in Active Mode

Advantages as presented by Kaspersky Lab’s approach:

Only redirecting traffic to Kaspersky Lab cleaning centers during an attack and filtering traffic on the provider’s 
side helps significantly reduce the cost to the customer.
Filtration rules are individually developed for each customer depending on the specific online services that need to be protected.
Kaspersky Lab experts monitor the process and quickly adjust filtration rules when necessary.
Close cooperation between Kaspersky DDoS Protection experts and Kaspersky Lab developers makes it possible 
to adapt the solution flexibly and rapidly in response to changing circumstances.
To ensure the highest possible level of reliability, Kaspersky Lab only uses European equipment and service suppliers in European countries.
Kaspersky Lab has accumulated a wealth of experience applying this technology in Russia, where it successfully protects leading financial institutions, commercial and government agencies, online shops, etc.

b. Checkpoint:

Checkpoint DDOS Protector: stop Denial of Service Attacks in seconds with customized, multi-layered protection that blocks a wide range of attacks.

DDOS Protector 10420/20420/30420/40420/4412/8412/12412/506/1006/2006

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are increasing in number, speed and complexity in recent years. These attacks are relatively easy to carry out, and can cause serious damage to companies who rely on web services to operate. Many DDoS protection solutions are deployed by an Internet Service Provider, offering generic protections against network layer attacks.

However, today’s DDoS attacks have become more sophisticated, launching multiple attacks at network and application layers. Successful DDoS solutions will offer companies the ability to customize their protections to meet changing security needs, fast responses time during an attack, and a choice of deployment options.

Check Point new DDoS Protector keeps businesses running with multi-layered, customizable protections and up to 40 Gbps performance that automatically defends against network flood and application layer attacks for fast response time against today’s sophisticated denial of service attacks. DDoS Protector appliances offer flexible deployment options to easily protect any size business, and integrated security management for real-time traffic analysis and threat management intelligence for advanced protection against DDoS attacks. Check Point also provides dedicated 24/7 support and resources to ensure up-to-the-minute protections.

Benefits:

Protection against evolving DDoS attacks to minimize business impacts
Advanced techniques help maintain web services during an attack
Turn-key appliances works right out of the box
Integrated with Check Point security management for greater visibility and control
High-performing DDoS solution with up to 40 Gbps throughput
Multi-layered protection blocks network and application attacks
Customized protections fit different business sizes and security needs
Flexible deployment options include on-site installation or through ISP

Introduction to Cybersecurity Part 1 
Introduction to Cybersecurity Part 2 
Introduction to Cybersecurity Part 3