Showing posts with label Arbor. Show all posts
Showing posts with label Arbor. Show all posts

Tuesday, January 24, 2017

Arbor: Weaponization of IoT Devices Drives Attack Size Higher by 60%

The threat landscape has been transformed by the emergence of Internet of Things (IoT) botnets, with attackers now able to weaponize inherent security vulnerabilities in certain IoT devices, according to Arbor Networks' 12th Annual Worldwide Infrastructure Security Report (WISR).  Arbor Networks is the security division of NETSCOUT.

“The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade,” said Darren Anstee, Arbor Networks Chief Security Technologist. “However, IoT botnets are a game changer because of the numbers involved. There are billions of these devices deployed, and they are being easily weaponized to launch massive attacks. Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes.”

Some highlights:

  • The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. 
  • Since Arbor began the WISR in 2005, DDoS attack size has grown 7,900%, for a compound annual growth rate (CAGR) of 44%.
  • In the past five years alone, DDoS attack size has grown 1,233%, for a CAGR of 68%.
  • 53% of service providers indicated they are seeing more than 21 attacks per month – up from 44% last year.
  • 21% of data-center respondents saw more than 50 attacks per month, versus only 8% last year.
  • 45% of enterprise, government and education respondents experienced more than 10 attacks per month – a 17% year over year increase.
  • 67% of service providers and 40% of Enterprise, Government and Education (EGE) reported seeing multi-vector attacks on their networks.
  • 61% of data center operators reported attacks totally saturating data center bandwidth.
  • 25% of data center and cloud providers saw the cost of a major DDoS attack rise above $100,000, and 5% cited costs of over $1 million.
  • 41% of EGE organizations reported DDoS attacks exceeding their total internet capacity. Nearly 60% of EGE respondents estimate downtime costs above $500/minute.
  • 77% of service provider respondents are capable of mitigating attacks in less than 20 minutes.
  • Nearly 55% of EGE respondents now carry out DDoS defense simulations, with approximately 40% carrying them out at least quarterly.
  • The proportion of data center and cloud provider respondents that are using firewalls for DDoS defense has fallen from 71% to 40%. 

https://www.arbornetworks.com/

Sunday, October 16, 2016

Arbor Networks Updates DDoS Digital Attack Map with Jigsaw

Arbor Networks announced an enhanced version of the Digital Attack Map, a live data visualization of distributed denial-of-service (DDoS) attacks around the globe.

The Digital Attack Map uses data from Arbor Networks’ Active Threat Level Analysis System (ATLAS), a globally scoped threat monitoring network that currently collects 140Tbps of anonymous traffic data from more than 330 service provider customers. This represents approximately one-third of the world’s global internet traffic.
lability.

Updates include:

  • A change in architecture of the ATLAS system allows the Digital Attack Map to unlock 20X the data of the previous version in terms of the number and scale of the attacks presented.
  • The new system architecture moves all of this data from batch processing to real-time streaming, thereby ensuring that the data is up to date, and as accurate as possible.


Jigsaw, which is an incubator within Alphabet (Google's parent company) focused on addressing online censorship, is using the data for its mission.

“DDoS attacks are growing at an alarming rate in terms of size, frequency and complexity. They are the primary threat to the availability of networks, application and online services. The Digital Attack Map represents a just a slice of the rich data set that we have in ATLAS and it has been brought to visual life by the engineers at Jigsaw, allowing anyone to see DDoS attacks on a global scale or a country by country basis. Jigsaw is doing important work to educate the public about the DDoS threat, and we are gratified that our data is being showcased on the Digital Attack Map,” said Brian McCann, President of Arbor Networks.

http://www.DigitalAttackMap.com

Tuesday, January 26, 2016

Arbor Networks: DDoS Attacks Continue to Grow and Clouds Come Under Threat

Cloud services are coming increasingly under attack, according to Arbor Networks' newly released, 11th Annual Worldwide Infrastructure Security Report (WISR). The report is based on a survey of Tier 1 and Tier 2/3 service providers and hosting, mobile, enterprise and other types of network operators from around the world. Data covers November 2014 through November 2015.

Some highlights:

Top 5 DDoS Trends
  • Change in Attack Motivation: This year the top motivation was not hacktivism or vandalism but ‘criminals demonstrating attack capabilities,’ something typically associated with cyber extortion attempts.
  • Attack Size Continues to Grow: The largest attack reported was 500 Gbps, with others reporting attacks of 450 Gbps, 425 Gbps and 337 Gbps. In 11 years of this survey, the largest attack size has grown more than 60X.
  • Complex Attacks on the Rise: 56 percent of respondents reported multi-vector attacks that targeted infrastructure, applications and services simultaneously, up from 42 percent last year. 93 percent reported application-layer DDoS attacks. The most common service targeted by application-layer attacks is now DNS (rather than HTTP).
  • Cloud Under Attack: Two years ago, 19 percent of respondents saw attacks targeting their cloud-based services. This grew to 29 percent last year and now to 33 percent this year – a clear upward trend. In fact, 51 percent of data center operators saw DDoS attacks saturate their Internet connectivity. There was also a sharp increase in data centers seeing outbound attacks from servers within their networks, up to 34 percent from 24 percent last year.
  • Firewalls Continue to Fail During DDoS Attacks: More than half of enterprise respondents reported a firewall failure as a result of a DDoS attack, up from one-third a year earlier. As stateful and inline devices, firewalls add to the attack surface and are prone to becoming the first victims of DDoS attacks as their capacity to track connections is exhausted. Because they are inline, they can also add network latency.
Top 5 Advanced Threat Trends
  • Focus on Better Response: 57 percent of enterprises are looking to deploy solutions to speed the incident response processes. Among service providers, one-third reduced the time taken to discover an Advanced Persistent Threat (APT) in their network to under one week and 52 percent stated their discovery to containment time has dropped to under one month.
  • Better Planning: 2015 saw an increase in the proportion of enterprise respondents who had developed formal incident response plans and dedicated at least some resources to respond to such incidents, up from around two-thirds last year to 75 percent this year.
  • Insiders in Focus: The proportion of enterprise respondents seeing malicious insiders is up to 17 percent this year (12 percent last year). Nearly 40 percent of all enterprise respondents still do not have tools deployed to monitor BYOD devices on the network. The proportion reporting security incidents relating to BYOD doubled, to 13 percent from six percent last year.
  • Staffing Quagmire: There has been a significant drop in those looking to increase their internal resources to improve incident preparedness and response, down from 46 to 38 percent in this year’s results.
  • Increasing Reliance on Outside Support: Lack of internal resources this past year has led to an increase in the use of managed services and outsourced support, with 50 percent of enterprises having contracted an external organization for incident response. This is 10 percent higher than within service providers. Within service providers, 74 percent reported seeing more demand from customers for managed services.

“A constantly evolving threat environment is an accepted fact of life for survey respondents,” said Arbor Networks Chief Security Technologist Darren Anstee. “This report provides broad insight into the issues that network operators around the world are grappling with on a daily basis. Furthermore, the findings from this report underscore that technology is only part of the true story since security is a human endeavor and there are skilled adversaries on both sides. Thanks to the information provided by network operators worldwide, we are able to offer insights into people and process, providing a much richer and more vibrant picture into what is happening on the front lines.”

Download the full report (registration required).

Monday, January 11, 2016

Arbor Uncovers Trochilus RAT

Arbor Networks disclosed details of a newly-discovered Remote Access Trojan (RAT) named "Trochilus" attacking various government websites and non-governmental organizations.

Arbor’s Security Engineering & Response Team (ASERT) said this Trochilus RAT is likely driven by East Asian threat actors. It is part of a seven-piece malware cluster that offers threat actors a variety of capabilities, including espionage and the means to move laterally within target networks in order to achieve more strategic access.

http://arbor.link/xo0jq


Tuesday, July 21, 2015

Arbor: DDos Attacks Continue to Grow in Ferocity

The average size of distributed denial-of-service (DDoS) attacks, from both a bits-per-second and packets-per-second perspective, continues to grow, according to new tracking data released by Arbor Networks.

Arbor’s data is gathered through ATLAS, a collaborative partnership with more than 330 service provider customers who share anonymous traffic data with Arbor in order to deliver a comprehensive, aggregated view of global traffic and threats. ATLAS collects 120TB/sec of Internet traffic and is the source of data for the Digital Attack Map, a visualization of global DDoS attacks created in collaboration with Google Ideas.

The largest attack monitored in Q2 was a 196GB/sec UDP flood, a large, but no longer uncommon attack size. Of most concern to enterprise networks is the growth in the average attack size. In Q2, 21 percent of all attacks topped 1GB/sec, while the most growth was seen in the 2-10GB/sec range. However, there was also a significant spike in the number of attacks in the 50-100GB/sec range in June, mainly SYN Floods targeting destinations in the US and Canada.

“Extremely large attacks grab the headlines, but it is the increasing size of the average DDoS attack that is causing headaches for enterprise around the world,” said Arbor Networks Chief Security Technologist Darren Anstee. “Companies need to clearly define their business risk when it comes to DDoS. With average attacks capable of congesting the Internet connectivity of many businesses, it is essential that the risks and costs of an attack are understood, and appropriate plans, services and solutions put in place. ”

http://www.slideshare.net/Arbor_Networks/atlas-q2-2015final

Tuesday, July 14, 2015

NetScout Acquires Danaher’s Communications Business

NetScout Systems completed its acquisition of Danaher Corporation’s Communications Business. The deal was valued at $2.3 billion and involved the issuance of 62.5 million shares of NetScout common stock at $36.89 per share to Danaher’s shareholders.

The acquisition includes Tektronix Communications, Arbor Networks and parts of the Fluke Networks businesses, all of which were owned by Danaher Corp.  The deal was first announced in October 2014.

Danaher’s Communications business generated revenue (unaudited) of approximately $836 million for the year ended December 31, 2013.

Danaher’s Communications business, which has over 2,000 employees worldwide, includes: 

Tektronix Communications, based in Plano, Texas, which provides a comprehensive set of assurance, intelligence and test solutions and services support for a range of architectures and applications such as LTE, HSPA, 3G, IMS, mobile broadband, VoIP, video and triple play. Also included are VSS Monitoring and Newfield Wireless.

Arbor Networks, based in Burlington, Massachusetts, which provides solutions that help secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats.

Fluke Networks, based in Everett, Washington, which delivers network monitoring solutions that speed the deployment and improve the performance of networks and applications. The data cabling tools business and carrier service provider (CSP) tools business within Fluke Networks are not included this transaction.

“This acquisition represents an important milestone for NetScout that enhances our ability to drive value for customers, stockholders, employees and other stakeholders,” stated Anil Singhal, president and CEO.   “With a broader range of market-leading capabilities and technologies, as well as more extensive, global go-to-market and distribution resources, NetScout will be better positioned to capitalize on the many exciting opportunities we see to further expand our customer relationships around the world.  We welcome over 2,000 new colleagues to NetScout and collectively, we are looking forward to realizing the Company’s potential in the marketplace.”

NetScout also announced today that it has secured a new five-year, $800 million senior secured revolving credit facility that replaces its previous revolving credit facility of $250 million.

http://www.netscout.com

Danaher acquired Tektronix in 2007 for $1.1 billion.

Danaher acquired Arbor Networks in 2010.

Wednesday, February 18, 2015

Arbor's Threat Monitoring Atlas Gathers Data from 330 Operators

Arbor Networks's ATLAS threat monitoring infrastructure, which was launched 8 years ago, now gathers data from more than 330 participating network operators around the world who report data representing around 120Tbps of Internet traffic.

ATLAS collates data from multiple sources, one of which is a collaborative effort with Arbor customers who have agreed to share anonymous distributed denial-of-service (DDoS) and traffic data on an hourly basis (leveraging the Arbor technology that sits within their networks). ATLAS also utilizes data from Arbor dark address space monitoring probes, BGP routing information from multiple operators and data from ASERT research programs, as well as third-party data feeds. The network and security intelligence delivered via ATLAS gives Arbor customers a considerable competitive advantage, as it allows them to compare and contrast what they are seeing on their own network with a macro view of global Internet traffic and threats.

“ATLAS gives our customers the ability to see how DDoS threats are evolving not just in their own market, but more broadly around their region and the world, allowing them to better understand the threats and thus ensure the protection of their services and customers,” said Darren Anstee, director of solutions architects for Arbor Networks.

http://www.arbornetworks.com/news-and-events/press-releases/recent-press-releases/5368-arbor-networks-atlas-infrastructure-provides-insight-into-120tbps-of-global-internet-traffic


Wednesday, January 7, 2015

Arbor Networks Appoints CTO

Arbor Networks has appointed Sam Curry to the newly created position of Chief Technology & Security Officer. He previously served as Senior Vice President of Information Security and Chief Information Security Officer at MicroStrategy. Before that, he held a number of significant roles at RSA, including Chief Technology Officer for Identity and Data Protection. Sam also held a number of senior roles at McAfee and Computer Associates, among other companies.

http://www.arbornetworks.com/

Tuesday, October 21, 2014

Arbor Networks Defends Against Fast Flood DDoS attacks

The latest release of Arbor Networks' Peakflow distributed denial-of-service (DDoS) platform can now detect Fast Flood DDoS attacks in as little as one second and initiate mitigation in less than thirty seconds.

The Peakflow platform includes two main components, Peakflow and the Peakflow Threat Management System. Peakflow combines network-wide anomaly detection and traffic engineering with the Peakflow Threat Management System’s carrier-class threat management, which automatically detects and surgically removes only attack traffic, while maintaining other business traffic. With the ability to mitigate only the attack traffic, customer-facing services remain available while providers actively mitigate attacks. The Peakflow platform also powers many of the world's leading cloud-based DDoS managed security services.

The Peakflow Threat Management System now includes an optional on-box SSL acceleration card to deliver an integrated, one-appliance solution to inspect encrypted traffic for DDoS threats. DDoS attacks are blocked in real time as normal traffic passes uninterrupted – all without forcing changes to existing network and application infrastructure.

Arbor noted that through the end of the third quarter, more than 130 attacks larger than 100Gbps have occurred, a dramatic spike in the frequency of volumetric attacks compared to previous quarters.

“The majority of the world’s service providers rely on the Peakflow platform for network intelligence and DDoS protection. More than sixty providers utilize the Peakflow platform to also offer DDoS managed services to their customers. Our continued innovation in the area of DDoS attack detection and mitigation has duel benefits for our service provider customers, helping protect their own infrastructure while also improving their ability to deliver DDoS managed security offerings,” said Arbor Networks President, Matthew Moynahan.

http://arbornetworks.com

Tuesday, July 15, 2014

Arbor: DDoS Attacks Regularly Top 100 Gbps

Distributed Denial of Service (DDoS) attacks are now regularly exceeding the 100 Gbps threshold and have been measured at up to 325 Gbps, according to Arbor Networks. There were 72 attacks measured at over 100 Gbps in Q1, however the number dropped to 39 attacks at this level for Q2.

“Following on from the storm of NTP reflection attacks in Q1 volumetric DDoS attacks continued to be a problem well into the second quarter, with an unprecedented 100 attacks over 100GB/sec reported so far this year. We’ve also already seen more than twice the number of attacks over 20GB/sec than we saw in the whole of last year,” said Arbor Networks Director of Solutions Architects Darren Anstee. “The frequency of very large attacks continues to be an issue, and organizations should take an integrated, multi-layered approach to protection. Even organizations with significant amounts of Internet connectivity can now see that capacity exhausted relatively easily by the attacks that are going on out there.”

Some highlights from the Arbor study:

  • 1H 2014 saw the most volumetric DDoS attacks ever, with more than 100 events over 100GB/sec reported so far this year
  • At the mid-point of 2014, 2x the number of events over 20GB/sec have been reported, as compared to all of 2013
  • The largest reported attack in Q2 was 154.69GB/sec, down 101% from Q1 2014. This was an NTP reflection attack targeting a destination in Spain.
  • NTP reflection attacks are still significant, but size and scope is down versus Q1 2014. Average NTP traffic volumes are falling back globally, but still not back to the levels of November 2013 (pre the start of NTP attack proliferation)
  • Q2 2014 saw fewer very large attacks – with average attack size down by 47% compared to Q1 2014

http://www.arbornetworks.com

Wednesday, January 8, 2014

Arbor Networks Appointa Matthew Moynahan as President

Arbor Networks appointed Matthew Moynahan to the position of President, replacing Colin Doherty. Mr. Moynahan had been senior vice president of product management and corporate development at Arbor since 2012. Previously, he was  president and chief executive officer of Veracode, a leader in application security. Before that, he served as a vice president at Symantec in several roles, including the consumer products and client and host (server) security divisions.

http://www.arbornetworks.com/

See also