Akamai Customer User Forum 2016 Slide Deck

Transcript

1. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

   personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Web Customer User Forum UK&I 2016 13th December 2016

2. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

   personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Michael Gooding, Enterprise Web Architect, EMEA, Akamai Technologies Trends in Web Performance

3. ©2016 AKAMAI | FASTER FORWARDTM Michael Gooding: Performance Specialist 1.

   General Trends i. Pages ii. Traffic & Devices 2. Technical Trends i. HTTP/2 ii. Preconnect & Preload iii. PWA’s iv. Compression

4. ©2016 AKAMAI | FASTER FORWARDTM 1. General Trends i. Pages

   ii. Traffic iii. Devices

5. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

   by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Total Page Size & Requests 2225 2268 2330 2381 2466 2426 2409 2446 2480 2509 2469 99 100 109 111 117 108 102 103 104 108 105 0 50 100 150 200 250 300 350 400 450 500 1000 1200 1400 1600 1800 2000 2200 2400 2600 2016 Requests Size (KB) http://httparchive.org

6. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

   by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Image Size & Requests 1420 1432 1414 1412 1504 1511 1549 1573 1598 1624 1615 54 54 57 57 60 57 55 56 56 57 56 0 50 100 150 200 250 300 1000 1100 1200 1300 1400 1500 1600 1700 2016 http://httparchive.org Requests Size (KB)

7. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

   by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Image Formats JPG 45% PNG 27% WebP 1% SVG 1% Other 1% GIF 25% http://httparchive.org

8. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

   by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Sites with Fonts 59% 60% 57% 57% 60% 61% 62% 63% 62% 63% 64% 50% 55% 60% 65% 70% 2016 http://httparchive.org % of Sites

9. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

   by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Secure Traffic 25% 26% 27% 27% 27% 28% 29% 30% 32% 35% 37% 20% 22% 24% 26% 28% 30% 32% 34% 36% 38% 40% 2016 http://httparchive.org % of Requests

10. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. We killed Flash this year!! Use sites with flash 18% 19% 16% 15% 16% 14% 13% 12% 11% 10% 0% -10% 0% 10% 20% 30% 40% 50% 2016 http://httparchive.org % of Sites

11. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. TCP Connections 40 40 39 39 40 37 35 35 36 36 36 0 5 10 15 20 25 30 35 40 45 50 2016 http://httparchive.org # of Connections

12. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Domains and max requests per domain 17 17 21 20 21 20 19 19 19 20 20 52 52 50 49 52 50 50 50 50 51 50 0 10 20 30 40 50 60 70 80 90 100 0 5 10 15 20 25 2016 http://httparchive.org Requests Domains

13. ©2016 AKAMAI | FASTER FORWARDTM 1. General Trends i. Pages

    ii. Traffic & Devices

14. ©2016 AKAMAI | FASTER FORWARDTM Mobile by Numbers 42% 58%

    42% 58% 52% 48% 57% 43% Mobile

15. ©2016 AKAMAI | FASTER FORWARDTM American Holidays 53% 47% 6%

    11% 31% 69% Traffic Conversion Sales 156% YoY

16. ©2016 AKAMAI | FASTER FORWARDTM American Holidays Tablets Android transactions

    down 25% YoY iPad transactions down 12% YoY

17. ©2016 AKAMAI | FASTER FORWARDTM American Holidays Traffic +59% Transactions

    +58% Traffic +18% Transactions +27%

18. ©2016 AKAMAI | FASTER FORWARDTM Mobile Network Challenge https://opensignal.com/reports/2016/10/uk/state-of-the-mobile-network/ 60%

    60% 64% 44% 4G Availability Download (Mbps) 43 46 41 48 Latency (ms) 18 16 28 24 83 91 85 86 5 4 6 6 3G

19. ©2016 AKAMAI | FASTER FORWARDTM Phones sometimes reduce processing

20. ©2016 AKAMAI | FASTER FORWARDTM ….Sometimes they don’t!

21. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

22. ©2016 AKAMAI | FASTER FORWARDTM 18 Feb 2015

23. 450+ customers using H2 2000+ domains

24. ©2016 AKAMAI | FASTER FORWARDTM h2 Recap 1. Multiplexing 2.

    Header compression 3. Server push

25. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Multiplexing H/2 uses binary framing HTTP/1.1

26. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. HTTP/1.1 H/2 uses HPACK Header Compression

27. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. HTTP/1.1 H/2 can push resources Server Push

28. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. HTTP/1.X H/2 Tomorrow H/2 Today Summary

29. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Is HTTPS a blocker?

30. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Problems with Push 1. Repeat users i. Objects in cache ii. What to push? 2. Browser Implementation i. Slow to issue RST stream ii. Inconsistent 3. Server side logic i. Content changes ii. Long lists https://tools.ietf.org/html/draft-ietf-httpbis-cache-digest-00

31. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Tools to help https://canipush.com/ https://shouldipush.com/

32. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

33. ©2016 AKAMAI | FASTER FORWARDTM Push alternative – Post HTML

    <link rel=preconnect> <link rel=preload> ü Add “as” for download priority ü Proper accept headers ü Content-security-policy ü Honours Cache ü Can load asynchronously ü Add media queries for responsive loading ü Can load different domains Still requires the HTML to be sent Still requires the HTML to be processed Or maybe not??

34. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

35. ©2016 AKAMAI | FASTER FORWARDTM

36. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. We Apps Easy to launch Nice load screens Work offline (kind of) Can consume space BUT …

37. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. But we also the web Simple Searchable Sharable Adaptable

38. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. What is a PWA? PWA = Web + App

39. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Offline support with service workers ü A built in browser proxy ü JavaScript based ü Decent support (no Safari…yet) ü Bonus of push notifications ü Cache assets on start up ü Use cache when no network ü Error handle when no cache and no network ü And more…..

40. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Should be fast ü Even in challenging network conditions ü Standard page load timings important ü As well as usability timings ü 60fps rendering ü No Jank ü Responsive touch inputs

41. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Progressive enhancement

42. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Secure TLS is a ranking index in it’s own right But TLS opens access to: ü Service workers ü Push notification API ü H2 for performance ü Other API’s ü Web Background sync ü Payment API

43. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Mobile Friendly ü Adaptive is also OK ü Applies to Tablets as well as mobile ü Viewport <meta> tags ü Correct sized content (think images) ü Big enough buttons ü Manual checks still useful

44. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Home screen icon and launch screen <link rel="manifest" href="/manifest.json"> { "short_name": “Polymer", "name": “Polymer Starter Kit", "icons": [ { "src": "launcher-icon-1x.png", "type": "image/png", "sizes": "48x48" }, {"src": "launcher-icon-2x.png", "type": "image/png", "sizes": "96x96" } ], "start_url": "index.html?launcher=true" "background_color": “blue" }

45. ©2016 AKAMAI | FASTER FORWARDTM 2. Technical Trends i. HTTP/2

    ii. Preconnect & Preload iii. PWA’s iv. Compression

46. ©2016 AKAMAI | FASTER FORWARDTM Avoid data theft and downtime

    by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Brotli (& Zopfli) v’s GZIP Up to 40% smaller files Time to compress?

47. ©2016 AKAMAI | FASTER FORWARDTM 2016 Performance Overview 1. Pages

    have continued to grow 2. More traffic moving to mobile 3. 2016 has been a great year for performance 1. H2 adoption 2. Service workers 3. Compression 4. Expect 2017 to be even better

48. ‡ Welcome Stuart Macleod Site Delivery Team Lead 18th October

    2016

49. ‡ Who are we? • Trainline is the number 1

    independent retailer of train tickets in Europe • Consumer / B2B platforms, as well as white-labeled products for Train Operators, e.g. Virgin, Greater Anglia, Northern and more • We sell train tickets worldwide, helping our customers travel by rail in and across 24 European countries • 30+ million visits to Trainline apps and websites each month • 100% year on year growth on app transactions • We process more than £2.3 billion in ticket sales annually 14 December 2016 49

50. ‡ Where we were 24 months ago • Physical datacentre

    • 6-week release schedule • 9 URLs in Luna properties • One engineer managing rare changes 14 December 2016 50

51. ‡ Where we are now • Fully migrated to AWS

    • 160+ Production releases per week • 80+ hostnames in Luna properties, not including wildcards • Team of engineers managing Luna, as well as all other LB layers 14 December 2016 51

52. ‡ Our Akamai Environment Primarily Kona Site Defender • Improved

    security and resilience • SSL Offloading • New protocol level features such as HTTP/2 • Decoupled edge changes from our internal network + Caching & origin traffic offload 4 highly available, high transaction environments • UK Primary Websites • Continental Europe platform • UK Train Operating Companies White-lable Websites • Miscellaneous Applications and API’s + Our Testing Infrastructure 14 December 2016 52

53. ‡ Access Control IP Whitelisting 14 December 2016 53 Find

    property Add the IP to the property (if new) Check you haven’t ruined everything with your simple change Save changes, push to staging and wait.. Push to prod and pray it succeeds and doesn’t break anything

54. ‡ Fast Activation New feature with huge benefits • Certain

    types of change only – hostname changes out of scope • Reduces time to staging from 15 minutes to 5 minutes - 66% improvement • Reduces time to production from 60 minutes to 15 minutes- 75% improvement • Average of 35 changes per month • Time saved ~3 man days per month • Rolling back changes is much faster 14 December 2016 54

55. ‡ Akamai {OPEN} API vAbility to go from a manual

    web driven process to a single source commit vMoved valuable engineer time from simple, repetitive tasks to important project work Also gives us • Source control to manage configuration • Coded QA checks • Automated feedback if there are any issues, to aid problem solving • A path to continuous delivery, with greater consistency and auditability 14 December 2016 55

56. ‡ New Process with API 14 December 2016 56 Clone

    repo, make change in single JSON file Commit and push …that’s pretty much it Automation takes over

57. ‡ Environments Manager Environment Manager is a platform that enables

    continuous delivery of software components into Windows and Linux AWS environments http://tinyurl.com/envmanager • Blue/Green, Canary and Overwrite deployments • Multi-tenancy support, beyond CodeDeploy limits • Platform agnostic load balancer settings • Fully featured RESTful API • Audit capabilities suitable for a PCI Level 1 organisation. • Best suited to companies with between 100 and 5,000 servers running a mixture of legacy and modern applications. • Granular authenticated security 14 December 2016 57

58. ‡ What’s in the pipeline • Integration of Akamai API

    and Environment manager to allow developers to manage their deployments end-to-end • Custom reports to each of our development teams for accurate and near time usage and billing / cross charging • Automated certificate management • Cache refresh as a part of some deployment scenarios 14 December 2016 58

59. ‡ Questions? Feel free to get in touch: Email/Skype for

    Business - [email protected] Trainline Open Source Projects – https://github.com/Trainline 14 December 2016 59

60. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Luca Collacciani, Senior Director, Web Performance & Security, EMEA, Akamai Technologies From the Internet of information to the Internet of Experiences Web Performance Solutions Product Overview and Roadmap

61. ©2016 AKAMAI | FASTER FORWARDTM Agenda • Innovation at Akamai

    • Mobile is eating the world • 2017 Vision and Focus Areas

62. ©2016 AKAMAI | FASTER FORWARDTM What is a connected car?

63. ©2016 AKAMAI | FASTER FORWARDTM • Key Components become commodities

    • Value moves to Software • Car means something completely different in the future

64. ©2016 AKAMAI | FASTER FORWARDTM

65. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. • Security • Delivery of large files, with minimal consumer impact • Inherent Mobility: Vehicles might not always be in-range of good coverage • Tight window – updates can only occur when car is on Run or On • Scale - need to update 1000s of vehicles at the same time Connected cars challenges

66. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. > 50% of new vehicles in North America receive software updates via Akamai

67. ©2016 AKAMAI | FASTER FORWARDTM How many colors can the

    human eye distinguish?

68. ©2016 AKAMAI | FASTER FORWARDTM Between 8 to 10 million

69. ©2016 AKAMAI | FASTER FORWARDTM Live Demos

70. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Push Neural Network at the Edge

71. ©2016 AKAMAI | FASTER FORWARDTM Mobile is eating the world

72. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

73. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection.

74. ©2016 AKAMAI | FASTER FORWARDTM Three things are infinite: The

    Universe, Human Stupidity & Page Load times on mobile

75. ©2016 AKAMAI | FASTER FORWARDTM

76. ©2016 AKAMAI | FASTER FORWARDTM The unpredictability of Performance on

    Mobile • Mobile Networks are flaky • Speeds range from 80Kbps (GPRS/India) to over 10Mbps (LTE/US) • Last mile latency • Routing/peering issues • Frequent disconnects and degradation

77. ©2016 AKAMAI | FASTER FORWARDTM The Uber approach

78. ©2016 AKAMAI | FASTER FORWARDTM Uber is creating a global

    network heatmap.

79. ©2016 AKAMAI | FASTER FORWARDTM

80. ©2016 AKAMAI | FASTER FORWARDTM Mobile App Performance SDK

81. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Network Awareness Adapt resources and app behavior based on network quality SureRoute for Cellular HTTP Multipathing to continuously identify the fastest cellular region Contextual Pre-Positioning Instant startup and seamless browsing, even offline Mobile User Analytics App insight through changing network & device conditions

82. ©2016 AKAMAI | FASTER FORWARDTM

83. ©2016 AKAMAI | FASTER FORWARDTM Next stop: Browser SDK using

    Service Workers

84. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Web Vision Provide Instant & Secure Access to All Apps & Sites For Users Everywhere, On All Devices All Web Traffic Websites, Native Mobile Applications, APIs, Images All Networks Cellular, Wi-fi, Wired Broadband All Devices PC, Mobile Phones, IoT

85. ©2016 AKAMAI | FASTER FORWARDTM Fastest Mobile Performance Optimized Image

    Management Operational Simplicity Expanding the Ecosystem WEB PERFORMANCE FOCUS AREAS

86. ©2016 AKAMAI | FASTER FORWARDTM We care about your Performance

87. ©2016 AKAMAI | FASTER FORWARDTM Performance is respect. Respect your

    customers.

88. ©2016 AKAMAI | FASTER FORWARDTM Performance + Respect = $$$

89. ©2016 AKAMAI | FASTER FORWARDTM 1 sec delay = 11%

    Fewer Page Views 7% Loss in Conversions 16% Decrease In Customer Satisfaction $1.6B Loss per Year Source: Soasta, Aberdeen Group, Amazon

90. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

    personalized web experiences and manage complexity from peak demand, mobile devices and data collection. IN Q1 2017 ION 3.0

91. ©2016 AKAMAI | FASTER FORWARDTM HTTP/1.1 0 40 80 120

    160 200 240 280 320 360 1. Main page loads first 2. Resources load afterwards - parallelism limited by TCP connections 1 2

92. ©2016 AKAMAI | FASTER FORWARDTM HTTP/2 1. Main page loads

    first 2. Resources load afterwards - multiplexed and compressed headers from HTTP/2 1 2 0 40 80 120 160 200 240 280 320 360

93. ©2016 AKAMAI | FASTER FORWARDTM HTTP/2 with Server Push 1.

    Main page is requested 2. Resources are pushed immediately (while the main page response is pending) 3. Main page is sent to the user uninterrupted 4. Resources are already at the browser 1 2 3 4 0 40 80 120 160 200 240 280 320 360

94. ©2016 AKAMAI | FASTER FORWARDTM With Adaptive Acceleration Ion Only

95. ©2016 AKAMAI | FASTER FORWARDTM Simple on/off configuration

96. ©2016 AKAMAI | FASTER FORWARDTM

97. ©2016 AKAMAI | FASTER FORWARDTM

98. ©2016 AKAMAI | FASTER FORWARDTM

99. ©2016 AKAMAI | FASTER FORWARDTM Jay Coley, Senior Director, Enterprise

    Security Architects, EMEA, Akamai Technologies The Security Threatscape

100. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. [SECTION] 1

101. ©2016 AKAMAI | FASTER FORWARDTM DDoS Activity Overview :: 2015

     vs 2016 DDoS Attacks [Q3 2016 vs Q3 2015] • 71% increase in total DDoS Attacks • 77% increase in infrastructure (Layer 3&4) attacks • 138% increase in attacks > 100Gbps Largest Attack Q3 2016 623 Gbps Q2 2016 363 Gbps Q3 2015 149 Gbps Average Attacks per Target Q3 2016 Q2 2016 Q1 2016 30 27 29

102. ©2016 AKAMAI | FASTER FORWARDTM Frequency by Industry Gaming •

     Low Hanging Fruit • Extortion • Competitive • Legal Software & Technology • Brand Disruption • Competitive • ‘For the “Lulz”’

103. ©2016 AKAMAI | FASTER FORWARDTM DDoS Frequency Analysis • 19

     DDoS exceeded 100Gbps • 6 DDoS attacks exceeded 200Gbps Top Target Verticals • Media • Gaming • Software and Technology

104. ©2016 AKAMAI | FASTER FORWARDTM DDoS Scale/Size Analysis • Frequency

     in overall attacks are decreasing. • Scale and size are increasing • Frequency of mega attacks increasing • Attack size doubling per year.

105. ©2016 AKAMAI | FASTER FORWARDTM Bandwidth vs Packet per Second

106. ©2016 AKAMAI | FASTER FORWARDTM DDoS Vector Analysis Bandwidth Utilisation

     • Reflection (UDP, NTP, DNS) • Easy to generate • Attacker overreliance • 98% of overall DDoS attack figures Layer 7 • GET, POST, PUSH Flooding • Traceable • Harder to generate • < 2% of overall DDoS attack figures Overall drop in attack frequency by 8% from Q2 to Q3.

107. ©2016 AKAMAI | FASTER FORWARDTM Multi-Vector DDoS Review • Numbers

     remain consistent, but the way the attacks are delivered are diversifying. • Large flooding easy to mitigate under certain circumstances. • Attacker are starting to use different tactics • Evade off the shelf appliances and single vendor services.

108. ©2016 AKAMAI | FASTER FORWARDTM DDoS Source Analysis :: Where

     are they coming from?!

109. ©2016 AKAMAI | FASTER FORWARDTM DDoS Source Analysis :: Where

     are they coming from?! • China and the US ranks consistently in the top four. • Brasil, Mexico, Turkey ranked unexpectedly • South Korea may occasionally rank due to national infrastructure.

110. ©2016 AKAMAI | FASTER FORWARDTM KREBS Spotlight • The Washington

     Post • KrebsonSecurity.com • Author of “Spam Nation” • Protected July, 2012 • Pro Bono customer

111. ©2016 AKAMAI | FASTER FORWARDTM KREBS Spotlight :: 269 Attacks!

112. ©2016 AKAMAI | FASTER FORWARDTM Biggest Attack Ever Mitigated by

     Akamai

113. ©2016 AKAMAI | FASTER FORWARDTM Where did it all come

     from? Brazil Vietnam China South Korea Romania Columbia China Vietnam Brazil Russian Federation

114. ©2016 AKAMAI | FASTER FORWARDTM KREBS Attack Analysis • Two

     attack events between 20 – 21 September • Attack peaked at 623Gbps and 350Mpps • Attack make up - SYN Flood - GET Flood - ACK Flood - POST Flood - GRE Protocol Flood - UDP / NTP Flood

115. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: When Weaknesses Become

     Vulnerabilities

116. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: Botnet at a

     glance • Multiple botnets • Internet of Things • Sourcecode released • Default passwords are bad

117. ©2016 AKAMAI | FASTER FORWARDTM Mirai’s Capabilities • Worm •

     62 Default Usernames/passwords • 11 attacks, 10 functional • Flawed spoofing capabilities • Interesting C2 • Most attacks customizable

118. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: Recommendations for IoT

     Vendors • Avoid shipping Internet devices with undocumented accounts • Disable SSH, unless absolutely required • Force a change on the factory default password • Disable TCP forwarding • Provide secure processes to users to update sshd config to mitigate future vulnerabilities without needing to wait for a patch

119. ©2016 AKAMAI | FASTER FORWARDTM Mirai :: Recommendations for IoT

     Users • Change the factory-default passwords! • Disable all SSH unless necessary. • If SSH require add ‘AllowTcpForwarding No’ into the sshd_config • Configure a firewall rule preventing outside ssh access to your devices. • Configure a firewall rule to prevent tunnel establishment.

120. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. [SECTION] 2

121. ©2016 AKAMAI | FASTER FORWARDTM Web Application Activity Overview ::

     2015 vs 2016 Web Application Attacks [Q3 2016 vs Q3 2015] • 19% decrease in total Web Application Attacks • 21% increase in SQI Injection Attacks • 67% decrease in Web Application attacks sourcing from the US Largest Attack Q3 2016 623 Gbps Q2 2016 363 Gbps Q3 2015 149 Gbps Average Attacks per Target Q3 2016 Q2 2016 Q1 2016 30 27 29

122. ©2016 AKAMAI | FASTER FORWARDTM Frequency by Industry Retail /

     Hotel and travel • Low Hanging Fruit • Wealth of data • Varying degrees of Security Financials • Wealth of data • Banking details • Varying degrees of Security High Tech • New Ranking

123. ©2016 AKAMAI | FASTER FORWARDTM Web Application Vector Analysis •

     SQLi 50% of all Web App attacks in Q3. • Easier/Productive Attacks have higher frequency

124. ©2016 AKAMAI | FASTER FORWARDTM Web Application Geography :: Source

     • Different regions than DDoS attacks • US, Netherlands and Russia top ranking • US dropped by 13%, but still ‘Top of the Pops’ with 20% of all Web Application attacks sourcing from the US

125. ©2016 AKAMAI | FASTER FORWARDTM Web Application Geography :: Target

     • 66% of all Web App attacks target the US • Brasil, UK and Germany high ranking. • Brasil saw a drop in attacks and Germany saw an increase.

126. ©2016 AKAMAI | FASTER FORWARDTM Web Application :: France vs

     Portugal • Akamai correlated WAF triggers to the match. • Compared to a month later from the same locations. • Significant decrease in attack traffic during matches • Shows that even with BOT automation, they are still governed by football loving hackers.

127. ©2016 AKAMAI | FASTER FORWARDTM Web Application :: Summer Olympics

128. ©2016 AKAMAI | FASTER FORWARDTM Summary • DDoS attack frequency

     decreased, and size of the attack increased. • Attackers are trying new vectors. • DDoS vs Web attacks have different motivations. • Retail/Financials targets for Web App attacks • Gaming/High Tech targets to DDoS attacks • DDoS attacks now near 1Tbps

129. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Emmanuel Mace, Director Product Line, Security, EMEA, Akamai Technologies Cloud Security Solutions Product Overview and Roadmap

130. ©2016 AKAMAI | FASTER FORWARDTM Driving product innovation with security

     intelligence Driving product innovation with security intelligence Simplify application security Web Application Protector 1.0 Improve bot detection Bot Manager 2.0 Improve DDoS mitigation Prolexic Routed / Proxy Improve Web Security Posture Kona Site Defender 5.0

131. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Driving product innovation with security intelligence Simplify application security Web Application Protector 1.0 Improve bot detection Bot Manager 2.0 Improve DDoS mitigation Prolexic Routed / Proxy Protect APIs Kona Site Defender 5.0 Data TRILLION Internet transactions each day 3

132. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data THOUSAND servers around the world 200+

133. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data WAF rule triggers every hour 80 million

134. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data 600,000 log lines a second

135. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data new attack data daily 20TB

136. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. new attack data daily 20TB Research Data Dedicated team of Threat researchers

137. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Research Data 8,000 queries a day

138. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Test ü Implement Research Data 8,000 queries a day

139. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve Web Security Posture Kona Site Defender 5.0 Regular API Kona Site Defender Q3 2016 Beta Q1 2017 v5.0 GA Q4 2016 Q2 2017 Beta Parameter protection Positive / negative security DDoS protection MitM protection API Protection • DDoS protection • Data theft protection Multiple Security Configurations • Workflow separation • Access control separation • Cloning Advanced Detection & Mitigation • Custom Rule builder • CSRF and Clickjacking protection • Advanced actions Reporting, Analysis, & Monitoring • SIEM integration • Application security activity report • DDoS activity report Q2 2016 Q3 2016 Q4 2016 Q1 2017 LEGEND Tech Preview Beta IPv6 Rate Controls GA Multiple Configurations GA Custom Rule Builder GA App Security Activity Report GA DoS Activity Report GA API Protection GA SIEM Support GA CSRF and Clickjacking GA

140. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Simplify Application Security Web Application Protector 1.0 Yes (98%) No (2%) Have your web applications been compromised in the past 12 months? What best describes your approach to WAF? Not deployed (30%) Combination of in-line and out-of-line (25%) Out-of-line (23%) In-line (20%) Not sure (2%) Web Application Protector Beta Q4 2016 v1.0 GA Q3 2016 Beta Q1 2017 Q2 2017 Intuitive configuration Self-installation wizard Akamai-deployed protections

141. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve Bot Detection Bot Manager 2.0 Requests 63% Bot Type of Bot 57% Unknown Bandwidth 14% Bot Q2 2016 Q1 2016 v1.0 GA v1.0 LA Bot Manager Beta Q3 2016 v2.0 GA Q4 2016 Q1 2017 Beta Browser validation Automated browsers Enhanced bot response Improved management

142. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve DDoS Mitigation Prolexic

143. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data 500+ Prolexic customers

144. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Data attacks every week Over 200

145. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. attacks every week Over 200 Research Data of every DDoS attack Real-time analysis

146. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. of every DDoS attack Real-time analysis Implement Research Data 150+ Security Operations Center staff

147. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. 150+ Security Operations Center staff Test ü Implement Research Data 5000mitigations applied in Q2 Almost

148. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Improve DDoS Mitigation Prolexic Q3 2016 Q1 2017 Q4 2016 Q2 2017 Q3 2017 Network Infrastructure Detection Identification Orchestration Mitigation Network Monitoring London Frankfurt Ashburn Tokyo Hong Kong Ft Lauderdale San Jose Sydney Cambridge Krakow Bangalore Tokyo

149. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Joe DeFelice, Senior Director Enterprise Security & Infrastructure Engineering, Akamai Technologies Christopher Jen, EMEA Sales Manager – Cloud Networking, Akamai Technologies Enterprise Application Access Solution Q&A Session

150. ©2016 AKAMAI | FASTER FORWARDTM Enterprise Application Access Simple, secure

     access as a service

151. ©2016 AKAMAI | FASTER FORWARDTM Applications can live anywhere, users

     need access from everywhere Enterprises Are Turning Inside Out …but not everyone should have access to everything

152. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. What is access? 1. Who is trying to get in? 2. To which application(s)? 3. Is this action allowed?

153. ©2016 AKAMAI | FASTER FORWARDTM Enterprises Deploy Applications Behind Firewalls

     App 1 Firewalls block inbound connections Firewalls allow outbound connections Firewall Application Access Control User

154. ©2016 AKAMAI | FASTER FORWARDTM But Is Anyone Left Inside

     The Enterprise? Mobile Cloud 3rd Parties

155. ©2016 AKAMAI | FASTER FORWARDTM App 1 Firewall Application Access

     Control Traditional Remote Access Is Complex Network Access Control User Client > Hole in the firewall > Complex configuration > Client software

156. ©2016 AKAMAI | FASTER FORWARDTM Remote Access Is Complex &

     Increases Risk 75% of enterprises 63% of all data breaches touch up to 14 network and app components when providing 3rd party remote access are linked to 3rd parties

157. ©2016 AKAMAI | FASTER FORWARDTM App 1 Firewall Application Access

     Control Traditional Remote Access Can Increase Risk Network Access Control User Client App 2 Application Access Control App 3 > Hole in the firewall > Complex configuration > Client software > Lateral movement

158. ©2016 AKAMAI | FASTER FORWARDTM “DMZs and legacy VPNs were

     designed for the networks of the 1990s and have become obsolete because they lack the agility needed to protect digital businesses.” Excerpt from Gartner's It's Time to Isolate Your Services From the Internet Cesspool

159. ©2016 AKAMAI | FASTER FORWARDTM Simpler, Secure Access To Enterprise

     Apps App 1 Firewall User App 3 App 2 Enterprise Connector App 4 (AWS) Enterprise App Access > No hole in the firewall > No complex configuration > No client software > No lateral movement Active Directory

160. ©2016 AKAMAI | FASTER FORWARDTM Enterprise Application Access Use Cases

     Secure third party and employee remote enterprise application access Multi-factor authentication for enterprise applications across data centers and IaaS Cloud & access architecture transformation App App App App App App

161. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Joe DeFelice Sr. Director Enterprise Security & Infrastructure

162. ©2016 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Mike Dixon, Senior Service Line Manager, Akamai Technologies Global Services and Support Product Portfolio Overview

163. Customer wants to do all heavy lifting How do you

     want to be supported? Customer wants guidance to self-service their Akamai solution Customers wants to do some task themselves, wants Akamai assistance for others Customer wants to offload everything to Akamai
164. None

165. Additional Services • Integration Services Ø Professional Services Integration on

     Standard (unmanaged) or Manged basis • PS Enterprise Ø Access to Akamai’s Professional Services team for custom requirements on one-off or ongoing basis • PS Security Ø Access to Akamai’s specialised security specialists for customised security requirements • Technical Advisory Service Ø Technical consulting, program management, advocacy and business / operational reviews with a designated technical advisor

166. Akamai University Classroom Training • Akamai University is a hands-on

     training program led by experienced Akamai technical consultants and professional services members. • London Classroom Training, Q1 2017: • Media Delivery: January Tue 24th, Wed 25th • Web Performance: February Tue 21st, Wed 22nd • Cloud Security: March Tue 21st, Wed 22nd • Full Schedule (including on-line trainings) to be published on Luna portal in next few days

167. 24x7 Security, Media, Performance Monitoring 1500+ 30+ 5 Internet Experts

     Global Centers Security Operation Centers Global Services and Support

168. ©2015 AKAMAI | FASTER FORWARDTM Grow revenue opportunities with fast,

     personalized web experiences and manage complexity from peak demand, mobile devices and data collection. Thank You