Quantcast
Last updated on April 17, 2014 at 12:58 EDT

Radware’s Emergency Response Team Says Recent Cyber Attacks Proved Again the Need to Fight DDoS Attacks on All Fronts

January 31, 2012

MAHWAH, New Jersey, January 31, 2012 /PRNewswire/ –

According to network security specialists at Radware [http://www.Radware.com ]
(NASDAQ: RDWR), a leading provider of application delivery
[http://www.radware.com/Products/ApplicationDelivery/default.aspx ] and application
security [http://www.radware.com/Products/ApplicationNetworkSecurity/default.aspx ]
solutions for virtual and cloud data centers, the second half of January contained one of
the most intense periods of cyber attacks ever.

The wave of hacks started on January 16 when pro-Palestinian “hacktivists”
unsuccessfully tried over three days to bring down the Israeli stock market, national
airlines, the central bank, the ministry of foreign affairs, and several major and
vulnerable private banks. That was followed on January 23 when hackers loosely affiliated
with the Anonymous collective crashed websites in the U.S. to protest proposed antipiracy
legislation and the shut down by authorities of the Megaupload.com web site. Among the
sites attacked were the U.S. Department of Justice, the Federal Bureau of Investigation,
and the White House, as well as corporations like the Motion Picture Association of
America, the Recording Industry Association of America, CBS.com, Warner Music and
Universal Music.

An analysis of the cyber attacks by Radware’s Emergency Response Team (ERT) notes that
companies relying only on ‘one-size-fits-all’ managed security, or on-premise security
solutions alone could not withstand the coordinated attack campaigns. The Radware ERT
review of the attack traffic from several of the reported cases shows that:

        - Attackers are deploying multi-vulnerability attack campaigns, targeting
          all layers of the victim's IT infrastructure - this includes the network, servers and
          application layers.
        - Attackers who previously used distributed denial of service (DDoS) attack
          tools that focused on networks have developed new DDoS tools focusing on applications.
        - Attackers are using "low & slow" attack techniques that misuse the application
          resource rather than resources in the network stacks.
        - Attackers have improved evasion techniques to avoid detection and mitigation
          including SSL-based attacks, changing the page request in a HTTP page flood attacks
          and more.

This doesn’t mean that businesses should abandon service providers when instituting
DDoS protection. Radware’s ERT points out that the cloud anti-DoS and CDN should be
considered the first line of defense because they can remove the volumetric bandwidth
attacks that saturate the online business links. That should be followed by a second line
of defense consisting of perimeter network security capable of removing the application
DDoS attacks, “low & slow” DoS attacks, and SSL attacks such as Slowloris, Socketstress,
SSL handshake attacks, HTTPS floods and others. These threats require more “intimacy” with
the application level and thus must be done on-premises. The service provider typically
cannot detect these attack tools proficiently, or even if detected, will not be able to
accurately mitigate them.

DDoS Protection Golden Rules

Radware’s ERT offers these Golden Rules to defend against DDoS attacks:

        - Deploy an in-house attack mitigation system that can fend off Network DDoS
          flood attacks, application DDoS flood attacks, "low & slow" attacks and SSL attacks.
        - Obtain and register an anti-DoS solution through your service provider or an
          MSSP (managed security service provider). This will help remove the volumetric
          attacks.
        - Deploy a Security Information Event Management (SIEM) system to get the full
          visibility into your business security status including detection of attackers and
          fireproofing, which may provide you the early notice for upcoming attack campaigns.
        - Establish your response team and make sure it includes members from your IT
          team and the service provider's team.

Radware Attack Mitigation System (AMS) and the Radware ERT

Radware’s AMS is the industry’s first fully integrated IT security strategy and
portfolio that protects the application infrastructure in real time against network and
application downtime, application vulnerability exploitation, malware spread, information
theft, Web service attacks and Web defacement. Radware’s AMS provides the most
comprehensive solution to fight multi-vulnerability campaigns that are hard to defend
against because they are aimed at multiple layers in the IT architecture, particularly at
network infrastructure equipment, servers and applications.

Radware AMS can be deployed in the cloud and on premises to deliver the best
mitigation solution against DDoS threats. Together with an integrated SIEM the system can
be synchronized to fight attacks at the point where they can be most effective: Volumetric
attacks are mitigated in the cloud, while on premise is the best point to fight
application floods, low & slow attacks and SSL attacks.

Radware supplements these capabilities by adding the human factor – the professional
security consultants of its ERT who are available around the clock. As literal “first
responders” to cyber attacks, Radware’s ERT members gained their extensive experience by
successfully dealing with some of the industry’s most notable hacking episodes, providing
the knowledge and expertise to mitigate the kind of attack a business’s security team may
never have handled.

Supporting Quotes

“These techniques have raised the bar for detecting and mitigating cyber attacks.
Common security solutions including cloud anti-DoS services and relying on Content
Delivery Network (CDN) were shown to offer a partial solution against the recent attacks.
Cloud anti-DoS tools can mitigate network bandwidth attacks; they are limited, however, in
protecting against application DDoS and cannot protect against the low & slow and SSL DDoS
attacks. Also, these attack tools were able to bypass the CDN by changing the page request
in every Web transaction – content cannot be cached – making the CDN act as a proxy
disembarking the attack traffic directly at the target servers.”

– Ron Meyran, director, Product Security at Radware.

“To effectively mitigate all attack vectors during the recent attack campaign against
our financial services customers, we have deployed Radware’s Attack Mitigation System
(AMS) in the cloud and on-site. The in-the-cloud AMS removed the volumetric SYN and UDP
flood attacks, while the customers’ AMS device could effectively mitigate the application
DDoS attacks. Their business was kept alive throughput the attack campaign while
legitimate users experience excellent response time. After considering several DDoS
mitigation solutions, Radware’s AMS is the only solution that can effectively detect and
block all type of attacks that overuse the network resources and our customers’
application resources within seconds.”

– Shlomi Cohen Business Development, Bezeqint

About Radware

Radware [http://www.radware.com ] (NASDAQ: RDWR), is a global leader of application
delivery [http://www.radware.com/Products/ApplicationDelivery/default.aspx ] and
application security
[http://www.radware.com/Products/ApplicationNetworkSecurity/default.aspx ] solutions for
virtual and cloud data centers. Its award-winning solutions portfolio delivers full
resilience for business-critical applications, maximum IT efficiency, and complete
business agility. Radware’s solutions empower more than 10,000 enterprise and carrier
customers worldwide to adapt to market challenges quickly, maintain business continuity
and achieve maximum productivity while keeping costs down. For more information, please
visit http://www.radware.com.

Radware encourages you to join our community and follow us on; LinkedIn
[http://www.linkedin.com/company/165642 ], Radware Blog [http://blog.radware.com ],
Twitter [http://twitter.com/#!/radware ], YouTube [http://www.youtube.com/radwareinc ] and
the Radware Connect [http://itunes.apple.com/us/app/radware-connect/id391124100?mt=8 ] app
for iPhone(R).

This press release may contain statements concerning Radware’s future prospects that
are “forward-looking statements” under the Private Securities Litigation Reform Act of
1995. These statements are based on current expectations and projections that involve a
number of risks and uncertainties. There can be no assurance that future results will be
achieved, and actual results could differ materially from forecasts and estimates. These
risks and uncertainties, as well as others, are discussed in greater detail in Radware’s
Annual Report on Form 20-F and Radware’s other filings with the Securities and Exchange
Commission. Forward-looking statements speak only as of the date on which they are made
and Radware undertakes no commitment to revise or update any forward-looking statement in
order to reflect events or circumstances after the date any such statement is made.
Radware’s public filings are available from the Securities and Exchange Commission’s
website at http://www.sec.gov or may be obtained on Radware’s website at

http://www.radware.com.

        Corporate Media Relations:
        Michael Lordi
        +1-201-785-3206  (office)
        +1-201-574-3840  (cell)
        mikel@radware.com

SOURCE Radware Ltd


Source: PR Newswire