Application-Layer DDoS attacks are the emerging threat aiming to take down critical applications In every On-Line Business
Evidence on application-layer DDoS attacks is mainly discovered indirectly from customer complaints or operation-based monitoring of SLA statistics.
While volumetric (network) DDoS attacks are currently blocked automatically at the network gate based on statistical characteristics, application DDoS attacks are usually stopped manually. Thus, over 50% of companies report using 6+ people to mitigate application-layer DDoS attacks.
As web traffic is becoming mainly encrypted, over 50% of the total application DDoS attacks are being reported as encrypted, and at a growing rate. Encrypted DDoS attacks tunnel through all defense layers and explode upon reaching the web applications and API systems.
"Advanced" application-level DDoS attack mitigation requires new, updated techniques
|Properties||"Classical" Application-Level DDoS Attacks||"Advanced" Application-Level DDoS Attacks
|Attack Targets ("signatures") ||Known Signatures Infrastructure Vulnerabilities • Server vulnerabilities (Apache, etc.) • Platform vulnerabilities (WordPress, etc.)||Unknown Signatures Specific Applications Functionality • Heavy processing based controllers (Search, etc.) • Upload / download of media files
|Target Protocols ||HTTP, UDP, ICMP, SNMP, TCP = 100%||HTTPS > 50%
|Attack Dynamic ||Simple Traffic Dynamic • Simple flood attack • Mostly "flat" amplitude • Up to hours of attack||Stochastic Traffic Dynamic • Low, normal or flood attack rates • Randomized amplitude • Persistence, may last up to weeks/months
|Botnets ||Classical Botnets • Re-usage of known botnets IP's • Same IP's Along the Entire Attack Duration||Ad-Hock Botnets • Cloud services, Tor, IoT and Ad networks IP's • Fast Rotating IP's Mechanisms
|Attack Complexity ||Simple Attack Scenarios • Simple GET / POST commands • Monotonic repeat of the same requests • Synthetic traffic behavior • Monotonic flood||Sophisticated Attack Scenarios • Randomized GET / POST commands • Randomized requests firing • Mimicking human traffic behavior • Hit & Run
|Attack Technologies ||Simple tools • Simple flood scripts • Primitive simulators (LOIC, etc.) • Simple botnets C&C||Sophisticated Tools • Automatic testing platforms (Phantom, etc.) • Sophisticated scripts and Ad technologies • Sophisticated botnets C&C
the Ammune™ platform
Immune Model + Machine Learning = Automated, Real-Time DDoS Mitigation
Ammune™ is an always on virtual shield adapting itself automatically to application changes while protecting continuously from unseen application DDoS threats
- Detect in seconds application-layer DDoS attacks from their initiation
- Capture fast track attacks such as “Hit & Run” techniques
- Detection sensitivity not limited by attack amplitude, overall traffic volumes or attack length
- Isolate in seconds the exact attacking vectors
- Generate on-the-spot signatures optimized for the discovered attacking vectors
- Identification ability not limited by the number of vectors attacking simultaneously
- Signatures are fed to a reverse proxy system in real-time and used to mitigate bad requests
- Mitigation can be conducted by L7 Defense Ammune or other systems with unique APIs
Dr. Doron Chema (Ph.D.) - CEO
20+ years of R&D, Product & Architecture Management Doron is an experienced Hi-Tech manager and entrepreneur. He has over a decade of experience leading sophisticated products development in diverse verticals with direct business outcomes. He has extensive experience in leading teams and structuring flexible work processes while achieving fast results. Doron holds a PhD in Bio-Informatics from the University of Tel Aviv.
Mr. Yisrael Gross - CMO
Sales & Marketing Director for High Tech Companies Yisrael is an experienced Business Development Manager with almost a decade of leading various Business Development and Sales efforts in the Hi-Tech industry. In addition, he manages the "Israel Cyber Group" community, which has more than 150 cyber entrepreneurs and experts. Yisrael is a MBA graduate of Hebrew University majoring in Finance and Marketing.
Mr. Mark Ginzburg - Head of Algorithms
X-Officer in the IDF Intelligence Unit Specialist in Algorithms Mark is an experienced algorithm Group Leader. He has more than 10 years of leading various sophisticated technological solutions in field of Cyber security, including cryptography and secure communications. Mark is a graduate of an IDF Elite R&D Technological Unit in the C4I corps and Technion's excellence program. Mark holds a M.Sc in computer science from the Technion Institute.