HARPP DDoS Mitigator is listed as one of the “Key Innovators” in MarketsandMarkets’ DDoS Protection and Mitigation Market – Forecast to 2021 Report.

Posted by:

The research report, segments the DDoS protection market by Component (Solution, and Service), Application Area (Network, Application, Database, and Endpoint), Deployment Mode, Organization Size, Vertical, and Region.

Labris Networks is listed as one of Key Innovators in the 15th chapter of the report with its AI (Artifical Intelligence) based L7, CPE DDoS Mitigation product line and integrated SOC and CERT services.Labris Networks is the game changer player in the market with its technology and business model innovations.

About MarketsandMarkets:
MarketsandMarkets is the largest market research firm worldwide in terms of premium market research reports published annually. Serving 1,700 Fortune organizations globally with more than 1200 premium studies in a year, MarketsandMarkets caters to multitude of clients across 12 different industry verticals.

Author Details:
Shreyas Waikar
Industry Analyst, Information Security at MarketsandMarkets

Additional information is reachable from the report’s page.

Harpp DDoS Mitigator Markets&Markets Key Innovator Forecast 2021


Check out HARPP DDoS CERT Statistics from Labris Networks’ 2016 Cyber Security Report and 2017 Forecast

Posted by:

Classic network threats have been evolved to threats that are encrypted and disguised in application traffics.

Labris Networks has released 2016 Cyber Security Report. The report is published in the light of cyber treats responded by Labris Security Operations Center (SOC) throughout the year. The report also provides insights to the year 2017. Read the full report and the statistics from http://labrisnetworks.com/labris-soc-annual-report/

In 2016, cyber-attacks attempted to threaten daily life of the people. Countries used cyber-attacks as a tool to impact and suppress each other. Yet, the bright side is while the level of treats is increasing, the awareness to these is growing beyond the specialized authorities. From the highest government representatives to the regular citizens who are not even computer literate, the consciousness has been more and more advanced. It has been accepted that cyber-attacks are the natural part of the process while analyzing the critical daily events.

“Attacks and defense are getting smarter”

Need for cyber security products that have artificial intelligence and can scan on the application level is becoming critical. The increasing speed of the traffic and the growing need for inspection performance make it essential that different tasks should be done on different network layers.

The percentage of DDoS attacks performed on L7 application has been reached up to 69%. This reveals the fact that L7 DDoS inspection products with artificial intelligence and located on the entrance of the network as CPE, have become a fundamental defense line.

“Significance of services delivered by trusted experts is increasing”

It is highly critical that services like Security Operations Centers (SOC) and Computer Emergency Response Teams (CERT) should be delivered in a competitive market.

It becomes necessary that security layers should be developed with trusted parties, cyber security awareness of all computer users to be increased; and cyber security of the entities to be supported by local cyber security centers in order to be a forerunner in the cyber space.

This detailed report published by Labris Networks, aims to increase the awareness of the entire private, government and military entities against the risks. Labris Networks highlights the preventions against security risks cannot be achieved merely with the product but with a unified solution including product, service and know-how.

Read the full report and the infographics from http://labrisnetworks.com/labris-soc-annual-report/


Populer Misconception: IPS can block DDoS attacks!

Posted by:

IPS products provide virtually perfect protection in application segment. Even though it has many capabilities, we cannot ignore the weaknesses of this system. Nowadays, DDOS attacks are composed of packets that are called valid packets. IPS systems filter out these valid packets in signature database and they might let them to pass through because these IPS systems only process packet titles and contents to control them. In this respect, advanced DDOS attacks made with valid packets would succeed.
Despite having some abnormality-based capabilities, IPS system needs comprehensive manual set up from specialists. Signatures in system get optimized by a team of experts. Also, it is evident that existing signatures in IPS systems are inadequate in determining today’s advanced DDOS attacks. When all these characteristics are taken into consideration, an attack that should have been prevented in seconds would not be able to prevented. At the same time, when attack records are analyzed by a team experts, they might be identified much more late or not identified at all.
Another weakness is that these devices physically fall behind against volumetric attacks. Today’s smart hackers know that IPS devices do not have high enough values for volumetric requests in regards to hardware and software architecture or in session tables after low packet requests. When a smart hacker identifies an IPS product, he aims to bring CPU levels of the IPS device to 85-95% by starting a volumetric attack on your other accessible service or sending session requests with low packet requests and make the IPS devices switch into bypass mode in these levels. After these activities, the hacker gets all the information, service or device by disabling the IPS system.


NTP Reflection Attacks

Posted by:

NTP Reflection attacks which began at the end of 2013 have reached 400 Gbps that the highest size of attack has been detected in the world in 2014. After DNS attacks recorded as 300 Gbps in March 2013 and targeting spamhaus, attacks have seen as 400Gbps of traffic size in 2014.

These attacks can reach these high levels by using mirror method. As happened in DNS Reflection flood attack type, mediator innocent public server systems are used as a point of attack in this type of attack.

The attacker is querying NTP servers in an intensive way but gives the IP address of the target system by changing its IP address deliberately while querying. This is because of that the NTP protocol running over port 123 is based on UDP. In this case, NTP servers are responding the queries made to them, but the answer of this query is returning to the target system appears as IP address asking the query. As seen in this type of attack, public NTP servers are used as a mirror.

The key factor in achieving this size of attacks is query type known as “monlist” in NTP protocol. In this query type, NTP server lists the last 600 server connected to it or set in pieces.

Labris Networks Answers to monlist query

Getting an answer to a query containing a large number of IP is possible by making monlist query with a very small package size. At this point, NTP server is making an “upgrade”.  “Amplification” as the English term is taken place. Thus, this type of attack is called as NTP Reflection and is also called as NTP Amplification attacks. Of course, the answering the question with larger packages than query is a golden blessing for attackers. In this way, the attacker takes enough answer to the queries to target IP address by imitating the IP address wanted to attack.

The following points should be noted to protect from this attack or not to be a part of it.

1. If you operate an NTP server, you should do your updates in which the versions of this command are turned off. In addition, as well as “loopinfo” and “iostats”, you should turn off NTP server configuration to “monlist” commands. For the test, you can use the control screen on “http://openntpproject.org/”.

2. You should follow monlist connections to public NTP servers out of your network. You can do this by means of an IPS signature. This may show you a possible zombie on your network.

3. You should try to prevent L3 packet speed with firewall of response packets coming from NTP server or “monlist” answers by checking content with the IPS via your security gateway.

We want to indicate that all of these can be made by Harpp DDOS Mitigator that performs DDOS special examination in L7 level. Thanks to Harrp DDoS product, various measures can be taken against related attacks in systems under L7 specific protection. Protocol Review and Defining Private Rules come at the beginning of these measures. You can determine the number of packages and regions you can get at certain times and in certain proportions in your Special Rules for NTP queries or answers or you can directly prevent this specific queries and answers with L7 review.


Did Facebook and Instagram get hit by DDoS attack?

Posted by:

After the outage of some popular web services including Facebook and Instagram, possibility of a cyber attack is being considered. Labris Networks, which provides cyber security for over 3,500 middle and high level corporations and organizations including military organizations, ministries and privately held companies in more than 20 countries with its product family consisting of HARPP DDoS Mitigator Cyber Warfare Tool, made a statement about the reasons of this latest case and the extent of DDoS threat via company’s CTO Oğuz Yılmaz.

After the outage of some popular web services including Facebook and Instagram, possibility of cyber attack is being considered. Labris Networks, which developed Turkey’s first national firewall in 2003, Turkey’s first native UTM product in 2005 and is capable of instant monitoring and control in its Security Operations Center, made a statement about the latest event. “In our research, we found out that this could be due to a DDoS attack. The hacker group Lizard Squad and DEAS also claimed responsibility for the attack. However, before Facebook issues an official statement, we cannot know for sure that the first source of this situation is related with these DDoS attacks. The outage due to a technical problem could be exploited with a DDoS attack to make Facebook experience more problems,” said Labris Networks CTO Oğuz Yılmaz in his statement.

Pointing out that Lizard Squad that claimed the responsibility for the attack made similar attacks in the past, Labris Networks CTO Oğuz Yılmaz said, “We see that Lizard Squad is involved in Playstation Network attacks throughout the year, as well as PSN and Microsoft Xbox gaming network attacks in Christmas. This group gets paid for making DDoS attacks to third parties via its website. We have been monitoring them and in 2014 they started to create an important attack network (botnet) through some major security flaws. This attack network has been created in the last months of year by exploiting certain vulnerabilities in server systems that have high bandwidth and powerful hardware. And this botnet could have been used for the first time in this attack. Even though their website was hacked and subsequently some of their clients were unveiled and some people were arrested on charges of being their member, the cellular structure of these groups make it hard to wipe out all organization at once.”
Labris Networks – which provides cyber security for over 3,500 middle and high level corporations and organizations including military organizations, ministries and privately held companies in more than 20 countries with its product family consisting of HARPP DDoS Mitigator Cyber Warfare Tool – warns organizations that DDoS attacks (which became well known with 2013 Anonymous and 2013 RedHack attacks) can be repeated in 2015 in great capacities with miscellaneous botnets created by Lizard Squad and similar groups. Stating that the attacks will become more intricate, Labris Networks CTO Oğuz Yılmaz said it was only possible to get protection with smarter systems and skilled professionals.