Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Akamai Customer User Forum 2016 Slide Deck

Zoe Latchford
December 13, 2016
0
170

Akamai Customer User Forum 2016 Slide Deck

Zoe Latchford

December 13, 2016
Tweet

More Decks by Zoe Latchford

See All by Zoe Latchford
Akamai Public Sector Roundtable
zlatchfo
0
54
BT Credential Abuse and Customer Identity and Access Management Event
zlatchfo
0
190
BT and Akamai Beat the Bots Event
zlatchfo
0
270
Designing for Doomsday
zlatchfo
0
57
"Hack Yourself First" Workshop Slide Deck, Feb 2019
zlatchfo
0
110
BT and Akamai Competitive Edge Track Day
zlatchfo
0
36
Akamai Cloud Security Summit_London_June 2018
zlatchfo
0
160
Akamai and CTI Protect and Perform Breakfast Briefing
zlatchfo
0
100
Akamai Williams F1 Experience
zlatchfo
0
200

Featured

See All Featured
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Faster Mobile Websites
deanohume
304
30k
Thoughts on Productivity
jonyablonski
67
4.3k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Adopting Sorbet at Scale
ufuk
73
9k
Into the Great Unknown - MozCon
thekraken
31
1.5k
Facilitating Awesome Meetings
lara
49
6k
Building Adaptive Systems
keathley
38
2.2k
A better future with KSS
kneath
238
17k
Building Your Own Lightsaber
phodgson
102
6.1k
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
Docker and Python
trallard
40
3.1k

Transcript

  1. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Web Customer User Forum UK&I 2016 13th December 2016

  2. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Michael Gooding, Enterprise Web Architect, EMEA, Akamai Technologies Trends in Web Performance

  3. ©2016 AKAMAI | FASTER FORWARDTM Michael Gooding: Performance Specialist 1.

    General Trends i. Pages ii. Traffic & Devices 2. Technical Trends i. HTTP/2 ii. Preconnect & Preload iii. PWA’s iv. Compression

  4. ©2016 AKAMAI | FASTER FORWARDTM 1. General Trends i. Pages

    ii. Traffic iii. Devices

  5. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Total Page Size & Requests 2225 2268 2330 2381 2466 2426 2409 2446 2480 2509 2469 99 100 109 111 117 108 102 103 104 108 105 0 50 100 150 200 250 300 350 400 450 500 1000 1200 1400 1600 1800 2000 2200 2400 2600 2016 Requests Size (KB) http://httparchive.org

  6. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Image Size & Requests 1420 1432 1414 1412 1504 1511 1549 1573 1598 1624 1615 54 54 57 57 60 57 55 56 56 57 56 0 50 100 150 200 250 300 1000 1100 1200 1300 1400 1500 1600 1700 2016 http://httparchive.org Requests Size (KB)

  7. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Image Formats JPG 45% PNG 27% WebP 1% SVG 1% Other 1% GIF 25% http://httparchive.org

  8. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Sites with Fonts 59% 60% 57% 57% 60% 61% 62% 63% 62% 63% 64% 50% 55% 60% 65% 70% 2016 http://httparchive.org % of Sites

  9. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Secure Traffic 25% 26% 27% 27% 27% 28% 29% 30% 32% 35% 37% 20% 22% 24% 26% 28% 30% 32% 34% 36% 38% 40% 2016 http://httparchive.org % of Requests

  10. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. We killed Flash this year!! Use sites with flash 18% 19% 16% 15% 16% 14% 13% 12% 11% 10% 0% -10% 0% 10% 20% 30% 40% 50% 2016 http://httparchive.org % of Sites

  11. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. TCP Connections 40 40 39 39 40 37 35 35 36 36 36 0 5 10 15 20 25 30 35 40 45 50 2016 http://httparchive.org # of Connections

  12. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Domains and max requests per domain 17 17 21 20 21 20 19 19 19 20 20 52 52 50 49 52 50 50 50 50 51 50 0 10 20 30 40 50 60 70 80 90 100 0 5 10 15 20 25 2016 http://httparchive.org Requests Domains

  13. ©2016 AKAMAI | FASTER FORWARDTM 1. General Trends i. Pages

    ii. Traffic & Devices

  14. ©2016 AKAMAI | FASTER FORWARDTM Mobile by Numbers 42% 58%

    42% 58% 52% 48% 57% 43% Mobile

  15. ©2016 AKAMAI | FASTER FORWARDTM American Holidays 53% 47% 6%

    11% 31% 69% Traffic Conversion Sales 156% YoY

  16. ©2016 AKAMAI | FASTER FORWARDTM American Holidays Tablets Android transactions

    down 25% YoY iPad transactions down 12% YoY

  17. ©2016 AKAMAI | FASTER FORWARDTM American Holidays Traffic +59% Transactions

    +58% Traffic +18% Transactions +27%

  18. ©2016 AKAMAI | FASTER FORWARDTM Mobile Network Challenge https://opensignal.com/reports/2016/10/uk/state-of-the-mobile-network/ 60%

    60% 64% 44% 4G Availability Download (Mbps) 43 46 41 48 Latency (ms) 18 16 28 24 83 91 85 86 5 4 6 6 3G

  19. ©2016 AKAMAI | FASTER FORWARDTM Phones sometimes reduce processing

  20. ©2016 AKAMAI | FASTER FORWARDTM ….Sometimes they don’t!

  21. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

  22. ©2016 AKAMAI | FASTER FORWARDTM 18 Feb 2015

  23. 450+ customers using H2 2000+ domains

  24. ©2016 AKAMAI | FASTER FORWARDTM h2 Recap 1. Multiplexing 2.

    Header compression 3. Server push

  25. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Multiplexing H/2 uses binary framing HTTP/1.1

  26. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. HTTP/1.1 H/2 uses HPACK Header Compression

  27. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. HTTP/1.1 H/2 can push resources Server Push

  28. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. HTTP/1.X H/2 Tomorrow H/2 Today Summary

  29. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Is HTTPS a blocker?

  30. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Problems with Push 1. Repeat users i. Objects in cache ii. What to push? 2. Browser Implementation i. Slow to issue RST stream ii. Inconsistent 3. Server side logic i. Content changes ii. Long lists https://tools.ietf.org/html/draft-ietf-httpbis-cache-digest-00

  31. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Tools to help https://canipush.com/ https://shouldipush.com/

  32. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

  33. ©2016 AKAMAI | FASTER FORWARDTM Push alternative – Post HTML

    <link rel=preconnect> <link rel=preload> ü Add “as” for download priority ü Proper accept headers ü Content-security-policy ü Honours Cache ü Can load asynchronously ü Add media queries for responsive loading ü Can load different domains Still requires the HTML to be sent Still requires the HTML to be processed Or maybe not??

  34. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

  35. ©2016 AKAMAI | FASTER FORWARDTM

  36. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. We Apps Easy to launch Nice load screens Work offline (kind of) Can consume space BUT …

  37. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. But we also the web Simple Searchable Sharable Adaptable

  38. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. What is a PWA? PWA = Web + App

  39. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Offline support with service workers ü A built in browser proxy ü JavaScript based ü Decent support (no Safari…yet) ü Bonus of push notifications ü Cache assets on start up ü Use cache when no network ü Error handle when no cache and no network ü And more…..

  40. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Should be fast ü Even in challenging network conditions ü Standard page load timings important ü As well as usability timings ü 60fps rendering ü No Jank ü Responsive touch inputs

  41. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Progressive enhancement

  42. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Secure TLS is a ranking index in it’s own right But TLS opens access to: ü Service workers ü Push notification API ü H2 for performance ü Other API’s ü Web Background sync ü Payment API

  43. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Mobile Friendly ü Adaptive is also OK ü Applies to Tablets as well as mobile ü Viewport <meta> tags ü Correct sized content (think images) ü Big enough buttons ü Manual checks still useful

  44. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Home screen icon and launch screen <link rel="manifest" href="/manifest.json"> { "short_name": “Polymer", "name": “Polymer Starter Kit", "icons": [ { "src": "launcher-icon-1x.png", "type": "image/png", "sizes": "48x48" }, {"src": "launcher-icon-2x.png", "type": "image/png", "sizes": "96x96" } ], "start_url": "index.html?launcher=true" "background_color": “blue" }

  45. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

  46. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Brotli (& Zopfli) v’s GZIP Up to 40% smaller files Time to compress?

  47. ©2016 AKAMAI | FASTER FORWARDTM 2016 Performance Overview 1. Pages

    have continued to grow 2. More traffic moving to mobile 3. 2016 has been a great year for performance 1. H2 adoption 2. Service workers 3. Compression 4. Expect 2017 to be even better

  48. ‡ Welcome Stuart Macleod Site Delivery Team Lead 18th October

    2016

  49. ‡ Who are we? • Trainline is the number 1

    independent retailer of train tickets in Europe • Consumer / B2B platforms, as well as white-labeled products for Train Operators, e.g. Virgin, Greater Anglia, Northern and more • We sell train tickets worldwide, helping our customers travel by rail in and across 24 European countries • 30+ million visits to Trainline apps and websites each month • 100% year on year growth on app transactions • We process more than £2.3 billion in ticket sales annually 14 December 2016 49

  50. ‡ Where we were 24 months ago • Physical datacentre

    • 6-week release schedule • 9 URLs in Luna properties • One engineer managing rare changes 14 December 2016 50

  51. ‡ Where we are now • Fully migrated to AWS

    • 160+ Production releases per week • 80+ hostnames in Luna properties, not including wildcards • Team of engineers managing Luna, as well as all other LB layers 14 December 2016 51

  52. ‡ Our Akamai Environment Primarily Kona Site Defender • Improved

    security and resilience • SSL Offloading • New protocol level features such as HTTP/2 • Decoupled edge changes from our internal network + Caching & origin traffic offload 4 highly available, high transaction environments • UK Primary Websites • Continental Europe platform • UK Train Operating Companies White-lable Websites • Miscellaneous Applications and API’s + Our Testing Infrastructure 14 December 2016 52

  53. ‡ Access Control IP Whitelisting 14 December 2016 53 Find

    property Add the IP to the property (if new) Check you haven’t ruined everything with your simple change Save changes, push to staging and wait.. Push to prod and pray it succeeds and doesn’t break anything

  54. ‡ Fast Activation New feature with huge benefits • Certain

    types of change only – hostname changes out of scope • Reduces time to staging from 15 minutes to 5 minutes - 66% improvement • Reduces time to production from 60 minutes to 15 minutes- 75% improvement • Average of 35 changes per month • Time saved ~3 man days per month • Rolling back changes is much faster 14 December 2016 54

  55. ‡ Akamai {OPEN} API vAbility to go from a manual

    web driven process to a single source commit vMoved valuable engineer time from simple, repetitive tasks to important project work Also gives us • Source control to manage configuration • Coded QA checks • Automated feedback if there are any issues, to aid problem solving • A path to continuous delivery, with greater consistency and auditability 14 December 2016 55

  56. ‡ New Process with API 14 December 2016 56 Clone

    repo, make change in single JSON file Commit and push …that’s pretty much it Automation takes over

  57. ‡ Environments Manager Environment Manager is a platform that enables

    continuous delivery of software components into Windows and Linux AWS environments http://tinyurl.com/envmanager • Blue/Green, Canary and Overwrite deployments • Multi-tenancy support, beyond CodeDeploy limits • Platform agnostic load balancer settings • Fully featured RESTful API • Audit capabilities suitable for a PCI Level 1 organisation. • Best suited to companies with between 100 and 5,000 servers running a mixture of legacy and modern applications. • Granular authenticated security 14 December 2016 57

  58. ‡ What’s in the pipeline • Integration of Akamai API

    and Environment manager to allow developers to manage their deployments end-to-end • Custom reports to each of our development teams for accurate and near time usage and billing / cross charging • Automated certificate management • Cache refresh as a part of some deployment scenarios 14 December 2016 58

  59. ‡ Questions? Feel free to get in touch: Email/Skype for

    Business - [email protected] Trainline Open Source Projects – https://github.com/Trainline 14 December 2016 59

  60. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Luca Collacciani, Senior Director, Web Performance & Security, EMEA, Akamai Technologies From the Internet of information to the Internet of Experiences Web Performance Solutions Product Overview and Roadmap

  61. ©2016 AKAMAI | FASTER FORWARDTM Agenda • Innovation at Akamai

    • Mobile is eating the world • 2017 Vision and Focus Areas

  62. ©2016 AKAMAI | FASTER FORWARDTM What is a connected car?

  63. ©2016 AKAMAI | FASTER FORWARDTM • Key Components become commodities

    • Value moves to Software • Car means something completely different in the future

  64. ©2016 AKAMAI | FASTER FORWARDTM

  65. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. • Security • Delivery of large files, with minimal consumer impact • Inherent Mobility: Vehicles might not always be in-range of good coverage • Tight window – updates can only occur when car is on Run or On • Scale - need to update 1000s of vehicles at the same time Connected cars challenges

  66. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. > 50% of new vehicles in North America receive software updates via Akamai

  67. ©2016 AKAMAI | FASTER FORWARDTM How many colors can the

    human eye distinguish?

  68. ©2016 AKAMAI | FASTER FORWARDTM Between 8 to 10 million

  69. ©2016 AKAMAI | FASTER FORWARDTM Live Demos

  70. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Push Neural Network at the Edge

  71. ©2016 AKAMAI | FASTER FORWARDTM Mobile is eating the world

  72. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

  73. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

  74. ©2016 AKAMAI | FASTER FORWARDTM Three things are infinite: The

    Universe, Human Stupidity & Page Load times on mobile

  75. ©2016 AKAMAI | FASTER FORWARDTM

  76. ©2016 AKAMAI | FASTER FORWARDTM The unpredictability of Performance on

    Mobile • Mobile Networks are flaky • Speeds range from 80Kbps (GPRS/India) to over 10Mbps (LTE/US) • Last mile latency • Routing/peering issues • Frequent disconnects and degradation

  77. ©2016 AKAMAI | FASTER FORWARDTM The Uber approach

  78. ©2016 AKAMAI | FASTER FORWARDTM Uber is creating a global

    network heatmap.

  79. ©2016 AKAMAI | FASTER FORWARDTM

  80. ©2016 AKAMAI | FASTER FORWARDTM Mobile App Performance SDK

  81. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Network Awareness Adapt resources and app behavior based on network quality SureRoute for Cellular HTTP Multipathing to continuously identify the fastest cellular region Contextual Pre-Positioning Instant startup and seamless browsing, even offline Mobile User Analytics App insight through changing network & device conditions

  82. ©2016 AKAMAI | FASTER FORWARDTM

  83. ©2016 AKAMAI | FASTER FORWARDTM Next stop: Browser SDK using

    Service Workers

  84. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Web Vision Provide Instant & Secure Access to All Apps & Sites For Users Everywhere, On All Devices All Web Traffic Websites, Native Mobile Applications, APIs, Images All Networks Cellular, Wi-fi, Wired Broadband All Devices PC, Mobile Phones, IoT

  85. ©2016 AKAMAI | FASTER FORWARDTM Fastest Mobile Performance Optimized Image

    Management Operational Simplicity Expanding the Ecosystem WEB PERFORMANCE FOCUS AREAS

  86. ©2016 AKAMAI | FASTER FORWARDTM We care about your Performance

  87. ©2016 AKAMAI | FASTER FORWARDTM Performance is respect. Respect your

    customers.

  88. ©2016 AKAMAI | FASTER FORWARDTM Performance + Respect = $$$

  89. ©2016 AKAMAI | FASTER FORWARDTM 1 sec delay = 11%

    Fewer Page Views 7% Loss in Conversions 16% Decrease In Customer Satisfaction $1.6B Loss per Year Source: Soasta, Aberdeen Group, Amazon

  90. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. IN Q1 2017 ION 3.0

  91. ©2016 AKAMAI | FASTER FORWARDTM HTTP/1.1 0 40 80 120

    160 200 240 280 320 360 1. Main page loads first 2. Resources load afterwards - parallelism limited by TCP connections 1 2

  92. ©2016 AKAMAI | FASTER FORWARDTM HTTP/2 1. Main page loads

    first 2. Resources load afterwards - multiplexed and compressed headers from HTTP/2 1 2 0 40 80 120 160 200 240 280 320 360

  93. ©2016 AKAMAI | FASTER FORWARDTM HTTP/2 with Server Push 1.

    Main page is requested 2. Resources are pushed immediately (while the main page response is pending) 3. Main page is sent to the user uninterrupted 4. Resources are already at the browser 1 2 3 4 0 40 80 120 160 200 240 280 320 360

  94. ©2016 AKAMAI | FASTER FORWARDTM With Adaptive Acceleration Ion Only

  95. ©2016 AKAMAI | FASTER FORWARDTM Simple on/off configuration

  96. ©2016 AKAMAI | FASTER FORWARDTM

  97. ©2016 AKAMAI | FASTER FORWARDTM

  98. ©2016 AKAMAI | FASTER FORWARDTM

  99. ©2016 AKAMAI | FASTER FORWARDTM Jay Coley, Senior Director, Enterprise

    Security Architects, EMEA, Akamai Technologies The Security Threatscape

  100. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. [SECTION] 1

  101. ©2016 AKAMAI | FASTER FORWARDTM DDoS Activity Overview :: 2015

    vs 2016 DDoS Attacks [Q3 2016 vs Q3 2015] • 71% increase in total DDoS Attacks • 77% increase in infrastructure (Layer 3&4) attacks • 138% increase in attacks > 100Gbps Largest Attack Q3 2016 623 Gbps Q2 2016 363 Gbps Q3 2015 149 Gbps Average Attacks per Target Q3 2016 Q2 2016 Q1 2016 30 27 29

  102. ©2016 AKAMAI | FASTER FORWARDTM Frequency by Industry Gaming •

    Low Hanging Fruit • Extortion • Competitive • Legal Software & Technology • Brand Disruption • Competitive • ‘For the “Lulz”’

  103. ©2016 AKAMAI | FASTER FORWARDTM DDoS Frequency Analysis • 19

    DDoS exceeded 100Gbps • 6 DDoS attacks exceeded 200Gbps Top Target Verticals • Media • Gaming • Software and Technology

  104. ©2016 AKAMAI | FASTER FORWARDTM DDoS Scale/Size Analysis • Frequency

    in overall attacks are decreasing. • Scale and size are increasing • Frequency of mega attacks increasing • Attack size doubling per year.

  105. ©2016 AKAMAI | FASTER FORWARDTM Bandwidth vs Packet per Second

  106. ©2016 AKAMAI | FASTER FORWARDTM DDoS Vector Analysis Bandwidth Utilisation

    • Reflection (UDP, NTP, DNS) • Easy to generate • Attacker overreliance • 98% of overall DDoS attack figures Layer 7 • GET, POST, PUSH Flooding • Traceable • Harder to generate • < 2% of overall DDoS attack figures Overall drop in attack frequency by 8% from Q2 to Q3.

  107. ©2016 AKAMAI | FASTER FORWARDTM Multi-Vector DDoS Review • Numbers

    remain consistent, but the way the attacks are delivered are diversifying. • Large flooding easy to mitigate under certain circumstances. • Attacker are starting to use different tactics • Evade off the shelf appliances and single vendor services.

  108. ©2016 AKAMAI | FASTER FORWARDTM DDoS Source Analysis :: Where

    are they coming from?!

  109. ©2016 AKAMAI | FASTER FORWARDTM DDoS Source Analysis :: Where

    are they coming from?! • China and the US ranks consistently in the top four. • Brasil, Mexico, Turkey ranked unexpectedly • South Korea may occasionally rank due to national infrastructure.

  110. ©2016 AKAMAI | FASTER FORWARDTM KREBS Spotlight • The Washington

    Post • KrebsonSecurity.com • Author of “Spam Nation” • Protected July, 2012 • Pro Bono customer

  111. ©2016 AKAMAI | FASTER FORWARDTM KREBS Spotlight :: 269 Attacks!

  112. ©2016 AKAMAI | FASTER FORWARDTM Biggest Attack Ever Mitigated by

    Akamai

  113. ©2016 AKAMAI | FASTER FORWARDTM Where did it all come

    from? Brazil Vietnam China South Korea Romania Columbia China Vietnam Brazil Russian Federation

  114. ©2016 AKAMAI | FASTER FORWARDTM KREBS Attack Analysis • Two

    attack events between 20 – 21 September • Attack peaked at 623Gbps and 350Mpps • Attack make up - SYN Flood - GET Flood - ACK Flood - POST Flood - GRE Protocol Flood - UDP / NTP Flood

  115. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: When Weaknesses Become

    Vulnerabilities

  116. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: Botnet at a

    glance • Multiple botnets • Internet of Things • Sourcecode released • Default passwords are bad

  117. ©2016 AKAMAI | FASTER FORWARDTM Mirai’s Capabilities • Worm •

    62 Default Usernames/passwords • 11 attacks, 10 functional • Flawed spoofing capabilities • Interesting C2 • Most attacks customizable

  118. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: Recommendations for IoT

    Vendors • Avoid shipping Internet devices with undocumented accounts • Disable SSH, unless absolutely required • Force a change on the factory default password • Disable TCP forwarding • Provide secure processes to users to update sshd config to mitigate future vulnerabilities without needing to wait for a patch

  119. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: Recommendations for IoT

    Users • Change the factory-default passwords! • Disable all SSH unless necessary. • If SSH require add ‘AllowTcpForwarding No’ into the sshd_config • Configure a firewall rule preventing outside ssh access to your devices. • Configure a firewall rule to prevent tunnel establishment.

  120. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. [SECTION] 2

  121. ©2016 AKAMAI | FASTER FORWARDTM Web Application Activity Overview ::

    2015 vs 2016 Web Application Attacks [Q3 2016 vs Q3 2015] • 19% decrease in total Web Application Attacks • 21% increase in SQI Injection Attacks • 67% decrease in Web Application attacks sourcing from the US Largest Attack Q3 2016 623 Gbps Q2 2016 363 Gbps Q3 2015 149 Gbps Average Attacks per Target Q3 2016 Q2 2016 Q1 2016 30 27 29

  122. ©2016 AKAMAI | FASTER FORWARDTM Frequency by Industry Retail /

    Hotel and travel • Low Hanging Fruit • Wealth of data • Varying degrees of Security Financials • Wealth of data • Banking details • Varying degrees of Security High Tech • New Ranking

  123. ©2016 AKAMAI | FASTER FORWARDTM Web Application Vector Analysis •

    SQLi 50% of all Web App attacks in Q3. • Easier/Productive Attacks have higher frequency

  124. ©2016 AKAMAI | FASTER FORWARDTM Web Application Geography :: Source

    • Different regions than DDoS attacks • US, Netherlands and Russia top ranking • US dropped by 13%, but still ‘Top of the Pops’ with 20% of all Web Application attacks sourcing from the US

  125. ©2016 AKAMAI | FASTER FORWARDTM Web Application Geography :: Target

    • 66% of all Web App attacks target the US • Brasil, UK and Germany high ranking. • Brasil saw a drop in attacks and Germany saw an increase.

  126. ©2016 AKAMAI | FASTER FORWARDTM Web Application :: France vs

    Portugal • Akamai correlated WAF triggers to the match. • Compared to a month later from the same locations. • Significant decrease in attack traffic during matches • Shows that even with BOT automation, they are still governed by football loving hackers.

  127. ©2016 AKAMAI | FASTER FORWARDTM Web Application :: Summer Olympics

  128. ©2016 AKAMAI | FASTER FORWARDTM Summary • DDoS attack frequency

    decreased, and size of the attack increased. • Attackers are trying new vectors. • DDoS vs Web attacks have different motivations. • Retail/Financials targets for Web App attacks • Gaming/High Tech targets to DDoS attacks • DDoS attacks now near 1Tbps

  129. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Emmanuel Mace, Director Product Line, Security, EMEA, Akamai Technologies Cloud Security Solutions Product Overview and Roadmap

  130. ©2016 AKAMAI | FASTER FORWARDTM Driving product innovation with security

    intelligence Driving product innovation with security intelligence Simplify application security Web Application Protector 1.0 Improve bot detection Bot Manager 2.0 Improve DDoS mitigation Prolexic Routed / Proxy Improve Web Security Posture Kona Site Defender 5.0

  131. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Driving product innovation with security intelligence Simplify application security Web Application Protector 1.0 Improve bot detection Bot Manager 2.0 Improve DDoS mitigation Prolexic Routed / Proxy Protect APIs Kona Site Defender 5.0 Data TRILLION Internet transactions each day 3

  132. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data THOUSAND servers around the world 200+

  133. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data WAF rule triggers every hour 80 million

  134. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data 600,000 log lines a second

  135. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data new attack data daily 20TB

  136. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. new attack data daily 20TB Research Data Dedicated team of Threat researchers

  137. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Research Data 8,000 queries a day

  138. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Test ü Implement Research Data 8,000 queries a day

  139. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve Web Security Posture Kona Site Defender 5.0 Regular API Kona Site Defender Q3 2016 Beta Q1 2017 v5.0 GA Q4 2016 Q2 2017 Beta Parameter protection Positive / negative security DDoS protection MitM protection API Protection • DDoS protection • Data theft protection Multiple Security Configurations • Workflow separation • Access control separation • Cloning Advanced Detection & Mitigation • Custom Rule builder • CSRF and Clickjacking protection • Advanced actions Reporting, Analysis, & Monitoring • SIEM integration • Application security activity report • DDoS activity report Q2 2016 Q3 2016 Q4 2016 Q1 2017 LEGEND Tech Preview Beta IPv6 Rate Controls GA Multiple Configurations GA Custom Rule Builder GA App Security Activity Report GA DoS Activity Report GA API Protection GA SIEM Support GA CSRF and Clickjacking GA

  140. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Simplify Application Security Web Application Protector 1.0 Yes (98%) No (2%) Have your web applications been compromised in the past 12 months? What best describes your approach to WAF? Not deployed (30%) Combination of in-line and out-of-line (25%) Out-of-line (23%) In-line (20%) Not sure (2%) Web Application Protector Beta Q4 2016 v1.0 GA Q3 2016 Beta Q1 2017 Q2 2017 Intuitive configuration Self-installation wizard Akamai-deployed protections

  141. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve Bot Detection Bot Manager 2.0 Requests 63% Bot Type of Bot 57% Unknown Bandwidth 14% Bot Q2 2016 Q1 2016 v1.0 GA v1.0 LA Bot Manager Beta Q3 2016 v2.0 GA Q4 2016 Q1 2017 Beta Browser validation Automated browsers Enhanced bot response Improved management

  142. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve DDoS Mitigation Prolexic

  143. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data 500+ Prolexic customers

  144. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data attacks every week Over 200

  145. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. attacks every week Over 200 Research Data of every DDoS attack Real-time analysis

  146. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. of every DDoS attack Real-time analysis Implement Research Data 150+ Security Operations Center staff

  147. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. 150+ Security Operations Center staff Test ü Implement Research Data 5000mitigations applied in Q2 Almost

  148. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve DDoS Mitigation Prolexic Q3 2016 Q1 2017 Q4 2016 Q2 2017 Q3 2017 Network Infrastructure Detection Identification Orchestration Mitigation Network Monitoring London Frankfurt Ashburn Tokyo Hong Kong Ft Lauderdale San Jose Sydney Cambridge Krakow Bangalore Tokyo

  149. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Joe DeFelice, Senior Director Enterprise Security & Infrastructure Engineering, Akamai Technologies Christopher Jen, EMEA Sales Manager – Cloud Networking, Akamai Technologies Enterprise Application Access Solution Q&A Session

  150. ©2016 AKAMAI | FASTER FORWARDTM Enterprise Application Access Simple, secure

    access as a service

  151. ©2016 AKAMAI | FASTER FORWARDTM Applications can live anywhere, users

    need access from everywhere Enterprises Are Turning Inside Out …but not everyone should have access to everything

  152. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. What is access? 1. Who is trying to get in? 2. To which application(s)? 3. Is this action allowed?

  153. ©2016 AKAMAI | FASTER FORWARDTM Enterprises Deploy Applications Behind Firewalls

    App 1 Firewalls block inbound connections Firewalls allow outbound connections Firewall Application Access Control User

  154. ©2016 AKAMAI | FASTER FORWARDTM But Is Anyone Left Inside

    The Enterprise? Mobile Cloud 3rd Parties

  155. ©2016 AKAMAI | FASTER FORWARDTM App 1 Firewall Application Access

    Control Traditional Remote Access Is Complex Network Access Control User Client > Hole in the firewall > Complex configuration > Client software

  156. ©2016 AKAMAI | FASTER FORWARDTM Remote Access Is Complex &

    Increases Risk 75% of enterprises 63% of all data breaches touch up to 14 network and app components when providing 3rd party remote access are linked to 3rd parties

  157. ©2016 AKAMAI | FASTER FORWARDTM App 1 Firewall Application Access

    Control Traditional Remote Access Can Increase Risk Network Access Control User Client App 2 Application Access Control App 3 > Hole in the firewall > Complex configuration > Client software > Lateral movement

  158. ©2016 AKAMAI | FASTER FORWARDTM “DMZs and legacy VPNs were

    designed for the networks of the 1990s and have become obsolete because they lack the agility needed to protect digital businesses.” Excerpt from Gartner's It's Time to Isolate Your Services From the Internet Cesspool

  159. ©2016 AKAMAI | FASTER FORWARDTM Simpler, Secure Access To Enterprise

    Apps App 1 Firewall User App 3 App 2 Enterprise Connector App 4 (AWS) Enterprise App Access > No hole in the firewall > No complex configuration > No client software > No lateral movement Active Directory

  160. ©2016 AKAMAI | FASTER FORWARDTM Enterprise Application Access Use Cases

    Secure third party and employee remote enterprise application access Multi-factor authentication for enterprise applications across data centers and IaaS Cloud & access architecture transformation App App App App App App

  161. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Joe DeFelice Sr. Director Enterprise Security & Infrastructure

  162. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Mike Dixon, Senior Service Line Manager, Akamai Technologies Global Services and Support Product Portfolio Overview

  163. Customer wants to do all heavy lifting How do you

    want to be supported? Customer wants guidance to self-service their Akamai solution Customers wants to do some task themselves, wants Akamai assistance for others Customer wants to offload everything to Akamai
  164. None

  165. Additional Services • Integration Services Ø Professional Services Integration on

    Standard (unmanaged) or Manged basis • PS Enterprise Ø Access to Akamai’s Professional Services team for custom requirements on one-off or ongoing basis • PS Security Ø Access to Akamai’s specialised security specialists for customised security requirements • Technical Advisory Service Ø Technical consulting, program management, advocacy and business / operational reviews with a designated technical advisor

  166. Akamai University Classroom Training • Akamai University is a hands-on

    training program led by experienced Akamai technical consultants and professional services members. • London Classroom Training, Q1 2017: • Media Delivery: January Tue 24th, Wed 25th • Web Performance: February Tue 21st, Wed 22nd • Cloud Security: March Tue 21st, Wed 22nd • Full Schedule (including on-line trainings) to be published on Luna portal in next few days

  167. 24x7 Security, Media, Performance Monitoring 1500+ 30+ 5 Internet Experts

    Global Centers Security Operation Centers Global Services and Support

  168. ©2015 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Thank You