Protect Online Gaming: Cyber Criminals Don't Play Fair
Online gaming is big business. Many millions of people engage in Internet gambling from poker to bingo, and play video games such as first-person action shooters and wildly popular role-playing fantasy games on platforms including PCs, Xbox, Wii and PlayStation.
The stakes are high:
- The global online gambling industry grew by 12% during 2010 to $29.3 billion, according to a report by Global Betting and Gaming Consultants.
- According to the Online Gaming Association, 20 million Microsoft Xbox users have spent 17 billion hours online; there are 40 million Sony PlayStation Network accounts.
DDoS: Online Gaming's Biggest Security Threat
Performance and availability are critical to the success of online gaming businesses. Distributed denial-of-service (DDoS) attacks can undermine the business in a hurry. If a gambling site goes down, all bets are off: The business can suffer huge losses in a short time; a prolonged outage or very slow response can be catastrophic, both in actual dollars and business reputation - people will take their money elsewhere.
So too with online video gamers. Players expect their games to always be available at their convenience. They expect the game environment to be responsive, or they will seek entertainment elsewhere - a competitor's game or some other pastime. A slow game is no game. For many gamers, video play is as much about social networking as entertainment, and they count on site availability to interact with friends and digital acquaintances.
Online gaming companies can lose thousands, even millions of dollars if service is slowed and customers lose patience, or the site goes down.
Service interruptions caused by infrastructure failure, application issues, etc. - unintentional problems - are bad enough, but the online gaming industry, perhaps more than any other, has to contend with the constant threat of intentional attacks designed to disrupt the Internet services that are the business. DDoS attacks, often launched by malicious competitors or disgruntled gamblers, bring online gaming sites to a crawl or to a halt.
Video game companies, in particular, are concerned that an unscrupulous competitor will hit their site with a DDoS attack either during beta testing to disrupt the launch schedule for a game, or to ruin gaming sessions to drive customer traffic to their own game sites. Online gambling sites have similar issues, not only with possible illegal competitive behavior, but by gamblers who DDoS the site if they are about to lose considerable money - for example, if they are dealt a bad poker hand. As a result, the gaming company loses the money bet by all current players.
There's more. Recently, groups such as Anonymous and LulzSec (or any capable splinter groups or individuals) launch DDoS attacks over a political position, what they deem unfair or unethical business practices or whatever perceived affront may motivate them. Anonymous, for example, directed DDoS attacks against the Sony PlayStation Network as part of their "Operation Sony" attacks in protest of the entertainment giant's decision to sue the person who published code that lets users "jailbreak" the PlayStation 3. And some DDoS attackers target a site for the malicious pleasure of showing they can do it.
Other recent DDoS attacks have hit Amazon, PayPal, Visa and MasterCard, among others.
Among the most prevalent contemporary DDoS attacks are application layer, or connection-based attacks. Unlike the more familiar network layer flooding attacks, such as SYN Floods, application layer attacks are insidious: They appear to be normal requests to the website and don't overwhelm network devices, firewalls and servers with conspicuously huge volumes of traffic.
Information Breach: Customer Records at Risk
In addition to the DDoS threat, online gaming companies, like other businesses that engage in eCommerce, are custodians of thousands, often millions of customer records, including account credentials, credit cardholder data and personally identifiable information. Companies doing business online are bound by compliance mandates, such as PCI DSS and state data breach notification laws, and their obligations to their customers and partners to protect these records against unauthorized access.
The average total cost of a single data breach was more than $7.2 million dollars in 2010, according to a survey by the Ponemon Institute. The 2011 Verizon Data Breach Report, which analyzes some 800 breach investigations by Verizon and the U.S. Secret Service, found that nine out of 10 breaches involved external agents and half the attacks involved some type of malware.
In addition to the DDoS attack, attackers stole account information of as many as 77 million users on the Sony PlayStation Network. More recently, Steam, one of the largest online gaming platforms, reported a breach of its 35 million-member customer database.
Online companies are victimized by both mass, automated attacks that exploit targets of opportunity, and intentional targeted attacks exploiting unpatched or, in some spectacular cases, previously unknown or zero-day vulnerabilities. Smaller companies are being targeted on the assumption that their security is weaker, and the risk small compared to the reward.
Corero Network Security Solutions
Corero Network Security provides superior solutions that protect online gaming companies against DDoS attacks, as well intrusions aimed at stealing customer information.
DDoS Defense System
Corero DDoS Defense System (DDS), leveraging Corero's award-winning technology, delivers nondisruptive protection against attacks that disrupt the servers that keep online gambling and video gaming up and running for many millions of customers. DDS provides maximum protection for critical IT assets, detecting and blocking malicious traffic while allowing full access to legitimate users and applications. DDS keeps online gaming up and available at full service levels.
Corero's DDS delivers unmatched DDoS attack detection and mitigation against both the well-known network layer flooding attacks and the more insidious application layer attacks that are nearly impossible to detect without patented Corero technology. DDS delivers on-premises protection that traditional network security technologies, such as firewalls and other vendors' IPS cannot. And Corero provides a level of security that goes beyond dealing with DDoS by simply buying more bandwidth, which is expensive and useless against application attacks. "Clean pipe" and "black hole routing" techniques that may be used by your ISP or cloud anti-DDoS provider are not as effective as dedicated Corero on-premise solutions and are blind to application layer attacks.
In concert with DDS, SecureWatch PLUS DDoS defense configuration/implementation, 24/7 monitoring and incident response services provide the most comprehensive DDoS defense available on the market.
Intrusion Prevention System
Corero Intrusion Prevention System (IPS) solutions provide continuous, comprehensive protection against external attack, leveraging unique technology that discerns between legitimate and malicious traffic, providing more accurate detection and fewer false positives than other IPS products.
Corero solutions provide a high level of visibility into network activity, and helps meet internal audit and regulatory compliance requirements through its Network Security Analyzer (NSA), a security information and event management tool. NSA provides robust and highly flexible logging, reporting and forensics capabilities.
Corero’s First Line of Defense® is an organization’s new perimeter. It stops the latest breed of cyber-attacks, including DDoS attacks, zero-day exploits, remote exploit insertions, server targeted threats and access attempts from malicious IP addresses and unwanted geo-locations, all of which easily bypass traditional network security defenses and compromise enterprise networks.
Online gaming companies can deploy both the Corero DDS and IPS solutions inline in full confidence that they will maintain full levels of performance and service, which are absolutely critical to successful online business operations. Corero appliances offer the lowest latency and highest reliability of any security products available on the market today. Corero's Core Platform, built on the purpose-built Tilera multicore processor architecture and CoreOS, provides real-world protection at real-world performance levels.