arbor’s peakflow solution - eventos 2020
TRANSCRIPT
![Page 1: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/1.jpg)
Arbor’s Peakflow Solution
Eduardo Maffessoni Consulting Engineer - Instructor
![Page 2: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/2.jpg)
CURIOSIDADES DE POSSUIR
VISIBILIDADE
![Page 3: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/3.jpg)
3
Tráfego na cidade do RJ durante as Olimpiadas, subiu ~50%
![Page 4: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/4.jpg)
4
Tráfego total NETFLIX Brasil, durante os jogos:
![Page 5: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/5.jpg)
5
Total do tráfego interno do Brasil, aumenta 40% durante as Olimpiadas
![Page 6: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/6.jpg)
6
Tráfego de Internet no Brasil, cai ~20% durante a abertura dos jogos Olímpicos
![Page 7: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/7.jpg)
7
Tráfego do Google sobe ~500% no RJ
![Page 8: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/8.jpg)
8
Monitoramento da BotNet IoT – constante a 18 meses
![Page 9: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/9.jpg)
9
Monitoramento global de TELNET
Padrão de comunicação da
Bot
Utilizado para manutenção, descoberta,
infecção
![Page 10: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/10.jpg)
10
Aproximadamente, 500.000 devices na Internet
![Page 11: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/11.jpg)
11
O que é ter visibilidade de seu tráfego? O que é poder mitigar qualquer formato de ataque de flood de pacotes?
Cópia do comando da Bot IoT para infecção
de novo device
![Page 12: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/12.jpg)
O QUE A ARBOR PROVÊ 100% dos T1 de Internet 8 dos 10 maiores bancos do planeta 3 das 5 maiores redes sociais 5 das 5 maiores operadoras de cartões globais 5 últimos jogos Olímpicos Os maiores bancos do Brasil Governos federal, estaduais e municipais Mais de 600 CLIENTES protegidos no Brasil ~70% de todo o mercado Anti-DDoS do planeta, confia na Arbor
![Page 13: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/13.jpg)
video
![Page 14: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/14.jpg)
ARBOR SP/TMS
(FORMER PEAKFLOW)
![Page 15: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/15.jpg)
15
Comprehensive Dashboards
Network: Top peers, ASNs,
Countries, Cities Applications,
Fingerprints, Growth
Application: Customers, Ports,
Peers, Markets
Customer: Applications, Peers,
Fingerprints, Markets, Alerts
Router: Per router stats, Top
Interfaces, Applications,
Customers
Per interface traffic alerts
![Page 16: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/16.jpg)
16
Network Visibility: Report Examples
TCP Applications
BGP ASPath BGP ASN Origin
![Page 17: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/17.jpg)
17
Global Geography Reporting
• Reports and tracking by
country, region, city
• Track threat sources
• Country baselines and
alerts
• Allow, drop, shape traffic
based on country
• Identify growth markets
• Measure service usage
by city
A New Dimension of Network Intelligence
Benefits Better threat response Better market analysis
Better planning
![Page 18: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/18.jpg)
18
IPv6 Visibility
• First line of defense –
Visibility
– Peakflow SP (since 2009)
provides operators visibility
into IPv6 traffic.
• Why visibility is important
– Can’t troubleshoot what you
can’t see
– Can’t get alerted to what you
can’t measure
– Can’t gauge effectiveness of
remediation
– Can’t plan for growth
Which customers are using IPv6?
How does IPv6 compare to all other traffic?
Are customers using Tunnels (proto 41, Teredo)?
![Page 19: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/19.jpg)
19
IPv6 Reports and Dashboard
Benefits
Understand IPv6 Usage
Better IPv6 planning
Identify potential misuse of tunnels
![Page 20: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/20.jpg)
20
Peer Reports & Tools: Peering Evaluation
Find best candidates for new peering and visualize
savings against existing transit connections
![Page 21: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/21.jpg)
21
Peer Reports & Tools: Transit Reports
• Gain a strong understanding of the traffic that transits your network
beyond your initial peers
– View where your customers traffic is truly destined
– Make intelligent decisions about peering expansions
– Assure that existing peering agreements are being used to their full potential
• Ensure that transit customers are abiding service agreements like no-
resell agreements
Ensure peering
and transit
arrangements
are as cost
effective as
possible
![Page 22: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/22.jpg)
22
Route and VPN Analytics
• BGP Route Analytics – Route analytics
– Route instability reports
– Route hijack prevention
– 4 Byte ASN support
• VPN Analytics – MPLS in/out per router, per interface
– QoS in/out per router / interface
– MPLS egress PE per router / interface
Benefits Improved Operations Management
Enhance MPLS Service Revenue Manage Service Level Agreements
Optimize capital spend
![Page 23: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/23.jpg)
Advanced Threat Protection Detect and mitigate threats (e.g. volumetric & application layer DDoS attacks, mobile signaling storms) before they impact service availability or performance.
Service Enablement Monetize network infrastructure and Arbor technologies for revenue generating services & competitive differentiation.
Arbor’s Peakflow Solution for Service Providers
Backed By the Industry Leading Global Threat Intelligence from ASERT and ATLAS
Pervasive Network Visibility • Backbone • Peering/Transit edge • Cloud/Datacenter • Mobile network • Customer Edge
You Can’t Protect What You Can’t See…We See Things Others Can’t.
![Page 24: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/24.jpg)
MITIGAÇÃO
![Page 25: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/25.jpg)
Challenges & Trends for Service Providers
Network
Traffic
M&A Multiple
Technologies
Rise in
DDoS
Tools &
Motivations
Mobile
Malware
Increased
Competition
Managed Security
Services
M2M SDN/NFV
Hacktivism Availability Commoditization ARPU
Value Added Services Advanced Threats
Network/Operational Complexity Cloud Adoption
Public
Hybrid
Private
Customer
Loyalty
PaaS/XaaS CDN
![Page 26: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/26.jpg)
INTERNET
MOBILE
SUBSCRIBERS
& DEVICES
CUSTOMER
EDGE
BUSINESS
CUSTOMERS
BROADBAND
SUBSCRIBERS
DATA CENTER &
CLOUD SERVICES
MOBILE NETWORK
BACKBONE
Transit Peer Edge
Attack Traffic
Legit Traffic
A complex environment under constant threat
Today’s Service Provider Network…
![Page 27: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/27.jpg)
“Detection in 1 sec, Mitigation in less than 1 min”
27
![Page 28: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/28.jpg)
28
Service Protection with Peakflow SP HTTP / Web 2.0 Protection
– Block malformed HTTP
– Rate-limit HTTP requests
– Stop “low and slow” attacks
SSL Protection
– Neutralize SSL signaling protocol attacks
VoIP Protection
– Block malformed SIP packets
– SIP request limiting
DNS Protection
– DNS Regular Expressions (RegEx)
– DNS Authentication/Anti-Spoofing
– DNS Query Rate Limiting
– DNS Non-Existent Domain (NXDOMAIN)
– Rate Limiting
IP-based Protection
– Packet scrubbing (TCP / UDP/ ICMP)
– TCP Connection reset
– White list / black list
Benefits
Protect business critical applications
from targeted attacks
![Page 29: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/29.jpg)
29
Threat Detection Methods
• Misuse Anomaly – Thresholds for potentially
malicious traffic (TCP SYN, IP Frag, DNS malformed, etc)
• Profiled Anomaly – Legitimate traffic that exceeds
normal patterns (e,g, http flood attacks, amplification attacks)
• Fingerprint Anomaly – Known attack signatures
– Auto updates – ATF, FSA
– Custom
• IP Location Anomaly – Alert on Traffic Spikes from
unexpected countries
• Cloud Signaling – Cloud signaling alerts from
registered Pravail APS devices
Network Wide: Detects Highly Distributed Attacks
![Page 30: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/30.jpg)
30
View packet samples in real time
• View real time packet contents in wireshark
• Analyze malicious packets while under attack
![Page 31: Arbor’s Peakflow Solution - Eventos 2020](https://reader033.vdocuments.pub/reader033/viewer/2022052013/6285f4d23a8843580c477c48/html5/thumbnails/31.jpg)
Obrigado