Akamai Security Products

Transcription

1 Akamai Security Products

2 Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security

3 The Akamai EdgePlatform Daily Web traffic of over 4 Tbps 85,000+ Servers 1,700+ Locations 900+ Networks 70+ Countries Compliance/Security: PCI Compliant SSL (Data) Distributed WAF (Apps) Edge Tokenization (Payments)

4 DDoS Attacks on the Rise 74% of surveyed companies experienced one or more DDoS attacks in the past year, with 31% of these attacks resulting in service disruption Forrester July 2009 The Akamai network saw more DDoS attacks in the fourth quarter of 2010 than in the first three quarters of the year combined so as companies continue to push business-critical data and operations into the cloud, the need to protect these assets from the growing number and increasing sophistication of Web attacks increases dramatically. Akamai chief scientist and co-founder, Tom Leighton

5 Holiday Season 2010 Coordinated DDoS Attacked IR ecommerce Web Sites Protected by Akamai Estimated Potential Lost Revenue Impact = $15 million Times Above Normal Customer #1 PROTECTED Peak Attack Time US Customer #1 9,095x 11/30 US Customer #2 5,803x 12/1 US Customer #3 3,115x 11/30 US Customer #4 2,874x 12/1 US Customer #5 1,807x 12/1 Customer #2 Customer #3 Highly distributed DDoS attacks from Asia-Pac, South America and Middle East

6 One Customer, Different DDoS Attacks Attacked Top IR150 ecommerce Web Site Protected by Akamai Estimated Potential Lost Revenue Impact = $350,000 PROTECTED Times Above Normal Pages Time Attack #1 300x Nov 18, 2010 #1 #2 Attack #2 35x Jan 14, 2011 Attack#1 Highly distributed, no recognizable pattern Attack#2 - Highly distributed, concentration from Eastern Europe Russian Federation, Greece, Ukraine, Belarus, Latvia, Kazakhstan Peak DDoS traffic of 300 Mbps #2

7 Korean Gaming Company Multi-Phase, Varying Signature Attack - Protected by Akamai Estimated Unique Customers Impacted = 1,500 Estimated Missed Advertising Impressions = 36,000 PROTECTED Gaming Site Times Above Normal Pages 33x Time Jan #1 #2 Phase#1 repeated requests for non-existing object Phase#2 malformed HTTP requests w/o user-agents Attack traffic directed from South Korea

8 DDoS Mitigation with Akamai Web Site Infrastructure Akamai Site Shield Trusted Connection End User

9 Akamai Unveils New Architecture for DDoS DoS Readiness Customer Support User Validation Global Traffic Management edns w/dnssec Web Application Firewall IP Blocking & Rate Control Site Shield Fee Protection Advanced Caching, NetStorage + Failover DDoS specialists to assess infrastructure and develop a run-time playbook 24/7 support with a response SLA Identification of suspected BOTs from real users to de-prioritize or block Blocking of traffic by geographic region Scalable protection for Domain Name System (DNS) attacks Web application firewalling at Layer 7 (application layer) IP blocking & rate limiting capabilities at network layer Ability to cloak web infrastructure from the Internet Capped exposure to bursting fees related to an attack Akamai s edge absorbs traffic and can failover

10 Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security

11 Application Layer Threats State of Application Security 95% of corporate Web Apps have severe vulnerabilities Average enterprise website has 13 serious security vulnerabilities 1 The average time-to-fix for large organizations is 15-weeks 1 Over 95% of corporate web applications have severe vulnerabilities Why? Competition drives website innovation and complexity Migration of enterprise apps to the Web, outside firewall Introduction of many new technologies for programmers 1 WhiteHat Website Security Statistic Report Fall 2010, 2 Aberdeen Group, 2010

12 Akamai s Web Application Firewall Launched in Jan 10 distributed in the cloud Helping customers comply with Payment Card Industry Data Security Standard (PCI-DSS) Web Application Firewall for PCI Section 6.6 Provides on-demand scalable protection from malicious Web application attacks such as cross site scripting (XSS) and SQL injection style attacks Example: ecommerce customer, 1-week 11 billion requests processed (110K/sec peak) Successfully alerted or blocked more than 8 million rules in a single week

13 Akamai Web Application Firewall Web Application Firewall adds Layer7 & fast IP blocking IP blacklist/whitelist changes in minutes Avoid Layer7 DDoS and injections Akamai WAF addresses PCI DSS 6.6 Compliance

14 Akamai Adds New Protection from Layer7 (Application Layer) Attacks Addition of custom rules at the edge Augments existing core rule set Partnership with Qualys for vulnerability scanning Used by Akamai PS to populate WAF with customer specific rules and virtual patching for web sites Partnering with Akamai was a clear choice for us, especially as more security moves to the cloud. We look forward to helping enterprise customers with our vulnerability solutions in order to increase their defenses against malicious web activity. - Philippe Courtot, CEO of Qualys Configurable IP rate limiting in the cloud Offloads unwanted bandwidth from BOT s and scrapers

15 Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security

16 Edge Tokenization PCI Challenges PCI rules govern any card information stored or processed in the merchant infrastructure. Level 1, Level 2 merchants need to undergo audits, scans Level 3 and Level 4 need to fill in questionnaire Costs for audit can be substantial, costs for breach can put companies out of business. Number of card transactions/year Average PCI Audit Preparation Expense* Level 1 Merchant More than 6 Million Level 2 Merchant 1 Million to 6 Million $2.1M $1.1M *Source: Gartner 2008 numbers exclude PCI assessment costs

17 Akamai s Solution Akamai Operates the First PCI Compliant CDN Secure SSL Delivery Akamai s Dedicated SSL Network Servers placed in PCI compliant facilities Strict access procedures Logs of physical entry and cameras Key Management Infrastructure PII decryption in memory only, never on disk Annual audit to ensure PCI compliance

18 Edge Tokenization How it Works Payment Gateway s Data Vault Payment Gateway Customer Datacenter Merchant Order Management System

19 Benefits Reduces PCI scope for online transactions Leverages Akamai s Level 1 PCI Compliant Network Enables web retailers to transact securely and at scale Tight integration with leading payment gateway providers Preserves Payment Gateway functionality Credit card data is never stored on customer infrastructure Easily integrates into existing workflow Accelerates critical commerce transactions on Akamai s highperformance and highly resilient EdgePlatform

20 Key Areas of Cloud Security for Akamai Protect Web Availability Internet Infrastructure Security Remove Credit Cards Payment Tokenization Web Application Firewall Application Security