Akamai Williams F1 Experience

Transcript

1. Akamai Williams F1 Experience Tuesday 1 May 2018

2. Security Threat Landscape Jay Coley, Senior Director – Security Planning

   and Strategy, Akamai Technologies

3. WHY AKAMAI: The World’s Largest Cloud Security Platform @Akamai

4. How do you deliver on such enormous expectations? You need

   a cloud Security platform. • 100 percent uptime SLA • Resilient, predictable performance • Intelligent routing and acceleration • Layered, cloud-based security • Experience integrity

5. MEDIA DELIVERY Consumers expect flawless multi- channel digital experiences. Our

   next-generation CDN services deliver the highest quality media at scale. The Akamai Intelligent Platform. CLOUD SECURITY Protect against website, web app attacks, malware, phishing, data exfiltration, bots, DNS, and other advanced threats – keeping data safe. EXPERTISE 1,900+ experts ready to support you with strategic expertise, 24/7 proactive monitoring and responsive troubleshooting. WEB PERFORMANCE We give you the expertise and proven technology to provide the customers with consistent, fast, secure web experiences.

6. Single data center API ATTACK SURFACE API Distributed footprint Cloud

   provider Hosted applications Applications Multiple data centers Remote access API API

7. BUSINESS RISK External Attacks 11% 18% 20% 22% 28% 34%

   37% 37% 42% Exploitation of lost/stolen… Mobile malware DNS Strategic web… DDoS Web application (SQL… User interaction… Use of stolen credentials… Software vulnerability… Source: The State of Network Security: 2016-2017, Forrester, January 2017

8. DDoS Attack Trends Q4 2017

9. Compared to Q4 2016 (Year Over Year) 14%é Total DDoS

   attacks 14%é Infrastructure layer (3 & 4) attacks 4%é Reflection-based attacks 22%é Application layer attacks

10. DDoS Attack Frequency by Industry, Q3 & Q4 2017

11. DDoS Attacks Per Target, Q1-Q4 2017 Number of DDoS Attacks

    Faced by Top Target Organization in Q4 512

12. Avoid data theft and downtime by extending the security perimeter

    outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. DNS Water Torture Attack Targeted Vertical - Financial Services (Banking) Attacker Profile - Extortion - Bitcoin (~ $84K USD) - MIRAI based Targeted Systems - authoritative DNS (aDNS) Attack Vector - Randomized DNS lookups forcing a flood towards targeted aDNS. - <randomized>.example.com

13. Avoid data theft and downtime by extending the security perimeter

    outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Mirai Water Torture :: Analysis • Large amounts of randomized but legitimate requests for non-existent domains • All requests sent to authoritative (target) for final resolution.

14. Avoid data theft and downtime by extending the security perimeter

    outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. Mirai Water Torture :: DNS queries

15. Turn it up to 11 :: The amplification Attacker spoofs

    target IP 15 bytes of data Each device amplifies by X amount 1.35Tbps of attack traffic 1. Attacker spoof target requests and makes a memcached request to vulnerable servers. 2. Upon receipt of a memcached get request, each device send requested data over the wire in an uninterrupted stream. 3. Targeted IP address receives all UDP on port 11211 with the attacker requested memcached data

16. Attack Scale

17. Web Application Attack Trends Q4 2017

18. Compared to Q4 2016 (Year Over Year) 10%é Total web

    application attacks 31%é Attacks sourcing from the U.S. (top source country) 10%é SQLi attacks

19. Web Application Attack Frequency, Q4 2017

20. Source Countries for Web Application Attacks, EMEA Q4 2017

21. Top 10 Target Countries for Web Application Attacks, Q4 2017

22. Credential Abuse Q4 2017

23. BUY CREDENTIALS FRAUDSTER VERIFY CREDENTIALS BOTNET Username Password LOGIN Username

    Password LOGIN Username Password LOGIN LOG IN CUSTOMER SITE Shopping Accounts Data FINANCIAL GAIN END USER ASSETS CREDENTIAL ABUSE ACCOUNT TAKEOVER Leaked credentials Abusing Credentials

24. Transactional Endpoints- Two Classes of Bots 1. Scraping Bots 2.

    Transactional Bots Example1 : Price Scraping (Good or Bad) Example2 : Content Scraping (Good or Bad) Example3 : Google Web Crawler (Good)

25. Transactional Endpoints- Two Types 1. Scraping Bots 2. Transactional Bots

    Example 1 : Login Attack :: Credential Abuse (Bad) Example 2 : Fake Account Signup (Bad) Example 3 : Concert Ticket Grabbers (Bad)

26. Credential Abuse Numbers Monthly Attacks Number of Account Targeted Total

    Cost :: $546,000 to $54,000,000 per year

27. Success Rate

28. Consequences Total Cost • $546,000 to $54,000,000 • GDPR violation

29. Credential Abuse attack example Continued attacks throughout the weekend. Detection

    evasion attempts (eg,rate controls).

30. Credential stuffing Protecting customer and employee accounts and minimizing web

    fraud ü ü BUSINESS INITIATIVES Availability Ensuring revenue-generating websites are always available and accessible 24 Cloud Moving business and consumer-facing applications to public or hybrid clouds Agile development Enable development teams to rapidly create, update, and deploy applications Mobile Majority of online transactions today are conducted through mobile devices Brand protection Prevent security incidents that impact brand equity and customer trust ü

31. SECURITY STRATEGY Analytics Granular visibility into DDoS, web attack, and

    bot traffic through a single interface Threat intelligence Prioritize security resources and efforts using Akamai’s visibility into the latest threats SIEM Ingest security data into your SIEM tool for greater awareness across all security solutions Open APIs Better integrate security with your applications and software development lifecycle

32. Akamai cloud delivery PLATFORM Cloud perimeter adapts to your application

    infrastructure and stops attacks in the cloud Extend the application infrastructure with global scalability & resiliency Integrated security solutions on a single global platform Data center Cloud provider Remote office >2400 data centers 70+ Tbps capacity 100% uptime SLA Web security Infrastructure protection Access management

33. Our core capabilities EXPERTISE Support Services Security § 24 x

    365 technical support § Fast-response SLAs § Preventative support § Personalized contacts § Comprehensive training § Global team of technology & industry experts § Proactive monitoring § Alerting & mitigation § Performance optimization § 24 x 365 monitoring and mitigation § 5 global locations staffed by 100+ security experts § 200+ security certifications across team