Electricity + Control July 2018

LIGHT + CURRENT

Fighting attacks on encrypted services

• Application-layer attacks against underlying services running over SSL/TLS. Hamman says that against such grimly determined tactics, a multi-layered defensive strategy is required in turn. NETSCOUT Arbor’s DDoS defence approach incorporates the following key strategies: • Arbor Cloud and 24/7 Security Operations Centre, which de- tects and mitigates volumetric attacks upstream before hitting the organisation. • Arbor APS, which stops ‘low and slow’ application layer at- tacks. • Arbor Cloud Signaling™, which intelligently routes traffic to secure clouds, thereby preventing on-premise infrastructure protection from being overwhelmed. • Arbor ATLAS Intelligence Feed, which sends continual alerts to security teams to inform them of developing threats and trends. Bienkowski concludes, “A key component of the security arsenal is the ability to inspect encrypted traffic securely and attest to its authenticity without slowing, disrupting or compromising le- gitimate traffic. While decryption is not always necessary for suc- cessful mitigation, there is a growing need for scalable solutions for decrypting packets. “One positive conclusion coming out of the 13th WISR is that both service providers and enterprises are recognising that tradi- tional firewalls and intrusion prevention systems are insufficient in confronting sophisticated DDoS attacks – particularly encrypted attacks targeting encrypted services. Encryption is essential but cannot be relied upon on its own to thwart determined and so- phisticated attackers.” For more information about NETSCOUT Arbor in Africa, please contact Bryan Hamman at bhamman@arbor.net. Enquiries: Evalean Moonsamy.Tel +27 (0) 11 202 8400 or email evalean.moonsamy@nu.co.za

According to NETSCOUT Arbor’s 13 th Annual Worldwide Infra- structure Security Report (WISR), attacks targeting encrypted web services have become increasingly common. According to Bryan Hamman, territory manager for sub-Saha- ran Africa at NETSCOUT Arbor, which specialises in advanced Dis- tributed Denial of Service (DDoS) protection solutions, encryption is a basic necessity in an organisation’s cyber security defence ar- senal. “Encryption is the way in which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is a tremendously important method for providing data security, especially for end-to-end protection of data transmitted across networks. “For example, encryption allows banks to offer online banking and funds transfers, and protects the public’s online interactions when they use their credit or debit cards, or interact with any ser- vice provider for an online transaction that involves the exchange of information. Breaking web service encryption of such online data stores, which house confidential personal and financial data, is therefore a serious goal for cyber attackers, and, according to the most recent NETSCOUT Arbor WISR, attacks targeting en- crypted web services in recent years are becoming more com- mon. Using a DDoS attack is one method of carrying out such an assault on data.” A DDoS attack is an attempt to make an online service una- vailable by overwhelming it with traffic from multiple sources. In recent years, DDoS attacks have become a major cyber-securi- ty issue for CIOs and CSOs, as each year these attacks grow in number, becoming bigger and more damaging. Just a few months ago, NETSCOUT Arbor defences were able to foil – on behalf of its clients – two of the biggest DDoS attacks in history. Hamman notes, “On 28 February, a 1.3Tbps DDoS attack was confirmed against developer platform GitHub, which was unavail- able from 17:21 to 17:26 UTC, and intermittently unavailable from 17:26 to 17:30 UTC, due to the attack. However, no data was lost.

This was then the most powerful DDoS attack recorded to date. Hot on its heels though, just days later in early March, an even larger attack of 1.7Tbps – a reflection/ amplification attack – was targeted at a customer of an American-based service provider and recorded by the NETSCOUT Arbor ATLAS global traffic and DDoS threat data system. Again, the attack was unsuccessful.” With reference to a recent article by Tom Bien- kowski, director of DDoS Product Marketing at NET- SCOUT Arbor, Hamman clarifies that there are four key types of DDoS attacks that target encrypted ser- vices: • Attacks that target the SSL/TLS negotiation, which determines how two parties to an internet con- nection will encrypt their communications. • Protocol or connection attacks against SSL service ports. • Volumetric attacks targeting SSL/TLS service ports, which overwhelm port capacity with high volume traffic floods.

Electricity + Control

JULY 2018

47