Application firewalls protect applications at the layer 7 level where most attacks occur. Akamai's application firewall inspects requests and responses for malicious content and patterns to protect against attacks like SQL injections. It can log or block activities against configurable policies and protects organizations against application layer attacks that propagate over HTTP and HTTPS.
3. From Network to Application Layer
Application Layer
Where
increasing
number
of
a2acks
(Layer 7)
are
focused
Target
of
Network Layer Tradi,onal
(Layers 3/4) DDoS
A2acks
4. pplication Firewall Highlights
ates at the network edge – over 100,000 servers
cts requests and responses for malicious content and info le
cts packets to protect against attacks such as SQL Injections
s-Site Scripts
gurable to log or block activities against policy
cts organizations against application layer attacks propagate
P and HTTPS
les compliance with PCI DSS 1.2 section 6.6
des advanced rate controls (behavioral based protections)
agates quickly (~30 minutes)
gured via portal
5. ecurity Solutions 2.0
urity Rule Update
le Set 2.2.6
CRS support
Common Rules
n Akamai’s unique view
% of internet traffic
d Rate Controls
ID; Client-IP+User-Agent
grade Wizard
8. Intelligent Platform™
g Network Layer Attacks at the Edge
ayer attack mitigation Examples of attacks types dropped
otection is “always on” at Akamai Edge
80 (HTTP) or Port 443 (HTTPS) traffic § UDP Fragments
n Platform § ICMP Floods
r traffic dropped at the Akamai Edge § SYN Floods
k traffic never makes it onto Platform
§ ACK Floods
mer not charged for traffic dropped at Edge
s attack requests without requiring identification § RESET Floods
s CNAME onto Akamai Intelligent Platform § UDP Floods
ttacks through massive scale
s average throughput; up to 8Tbps
on of HTTP request traffic across 100,000+
,100+ networks
ting, added latency, or point of failure
9. Rules
plication Firewall
tion The Result
Custom Rules implemented § New rule logic can be built to
mai metadata written by specific use cases for the cus
i Professional Services § Rules can be built that execut
are created and managed in one or more baseline rules or
mer portal control rules match
are then associated with § Output of application vulnerab
l policies and deployed with products can be implemented
n 45 minutes “virtual patches”
§ Advanced piping to user valid
actions can be achieved (prio
10. Rules
plication Firewall
tion The Result
Custom Rules implemented § New rule logic can be built to
mai metadata written by specific use cases for the cus
i Professional Services § Rules can be built that execut
are created and managed in one or more baseline rules or
mer portal control rules match
are then associated with § Output of application vulnerab
l policies and deployed with products can be implemented
n 45 minutes “virtual patches”
§ Advanced piping to user valid
actions can be achieved (prio
11. e Rate Controls
s Behavior Detection
y number of requests per § Statistics collected for 3 reque
d against a given URL o Client Request – Client to Akama
ols requests based on behavior o Forward Request – Akamai Serv
n – not request structure o Forward Response – Origin to A
client IP address, session ID, cookies, etc.
§ Statistics collected allow us to
ure rate categories to
large proxies and pick out a m
request rates against digital
user hiding behind a proxy
ties
te rate-based DDoS attacks § Statistics collected allow for dete
of pathological behavior by a clie
o Request rate is excessive for an
o Requests causing too many Orig
12. e Rate Controls
s Behavior Detection
y number of requests per § Statistics collected for 3 reque
d against a given URL o Client Request – Client to Akama
ols requests based on behavior o Forward Request – Akamai Serv
n – not request structure o Forward Response – Origin to A
client IP address, session ID, cookies, etc.
§ Statistics collected allow us to
ure rate categories to
large proxies and pick out a m
request rates against digital
user hiding behind a proxy
ties
te rate-based DDoS attacks § Statistics collected allow for dete
of pathological behavior by a clie
o Request rate is excessive for an
o Requests causing too many Orig
13. y Monitor (1 of 3)
Timeline of Requests
by Hour
Visual Display of
Requests by
Geography Requests by
WAF Rule ID
Requests Requests
by WAF Message by WAF Tag
14. y Monitor (2 of 3)
Multiple ways
to display
request statistics
15. y Monitor (3 of 3)
Requests by
City
Requests by ARLs being
Client IP address attacked
Editor's Notes
NOTE: You can click on the black bars and adjust the length to fit your text. If your main title goes beyond one line, please remember to move the subtitle bar down a bit in order to keep some space between it and the main title bar. If you do not need a subtitle, you can delete that bar entirely.
Attacks are becoming more sophisticated with multi-vector attacks often hiding the real motivations of attackers. On top of this it has become even easier to carry out different attacks – a quick Google search and anyone with basic tech skills can download these tools and join the fight…
LOIC basically turns your computer's network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server—garbage requests can easily ignored while legit requests for web pages are responded to as normal. But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered. What is HOIC? - High-speed multi-threaded HTTP Flood - Simultaneously flood up to 256 websites at once - Built in scripting system to allow the deployment of 'boosters', scripts designed to thwart DDoS counter measures and increase DoS output. - Easy to use interface - Can be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do - Ability to select the number of threads in an ongoing attack - Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH and its written in a language where you can do a bunch of really nifty things just read the RealBasic manual, ;] also no Dependencies (single executable)
Implemented in 10’000s of Akamai Edge Servers
We still defend against “old school” DdoS as well as we ever did….distributed networks, offload DNS, caching content. But there are new attacks that we must evolve our defenses to defend. \\These are the things you’ll be able to defend against – stealthier attacks, more advanced attacks: How do we do this, new rules: Slow post, Slow loris, LOIC are now, HOIC Replace RTR with DLR in Security Monitor (is this Channel Partner Foundations – Today there are no tools for partners to implement Kona 2.0. Partner Focused Enhancements. They made some foundational tools.. WAF ModSecurity Core Rule Set 2.2.6 Includes anomaly scoring and migration wizard Anomaly scoring – related to the HTTP request. Adding the ability to score HTTP requests, provides a means to better assess the risk. Configurable policy to deny. WAF common rules sets: we see lots of attacks, create new rules for all of them. With 2.0 (free to 1.0 customers) the rule set is available. Getting the rules probabaly requires PS engagement. Advanced Rate Controls: protect against more sophisticated attacks, helps address malicious behavior --- behavioral controls. For example: (John has details)
Close on the brand message – you can use the following sample text to speak to this closing brand slide. (Akamai is making your media more mobile, enabling “Any experience, any device, anywhere.” Our goal is to ultimately help you accelerate your business. [Corey]) (Today's best online experiences have been Akamaized . We’re here to help you reach mobile workforces, and 24/7 consumers with any experience on any device, anywhere. And to ultimately help you accelerate your business. [Ravi]) (Akamai’s Application & Cloud Performance Solutions enable you to control your applications, control your costs, and control your cloud, offering you the agility that you need to accelerate your business. [Willie]) (Akamai offers you solutions to revolutionize your media strategy and engage users with any experience, on any device, anywhere, to grow your audience and grow your business. [Bill]) (Mobilize, optimize, and monetize your business, providing a high performance experience to your 24/7 consumers so that you can accelerate your online retail strategies. [Pedro]) (Block threats, not performance, in this ever-evolving hyperconnected world. Securely reach your users on any device, anywhere so you can accelerate your business. [John]) (Akamai helps you connect to users on any device, anywhere, removing the complexities of privacy, security, and rights management, while also allowing businesses to spend advertising dollars more effectively. [Khan])
Platform provides an additional layer of defense and moves the perimeter of defense out to the Edge of the Internet and then goes into the network layer value of that architecture The Akamai platform automatically (** if you’re buying acceleration…** protects against: SYN flood and other TCP attacks UDP attacks HTTP slow client (“drip feed”) attacks HTTP Request Smuggling attacks HTTP Response Splitting attacks The platform only accepts valid HTTP requests on port 80 and 443!
Implemented in 10’000s of Akamai Edge Servers Requests causing too many Origin errors (404, 5XX)
Implemented in 10’000s of Akamai Edge Servers Requests causing too many Origin errors (404, 5XX)
Close on the brand message – you can use the following sample text to speak to this closing brand slide. (Akamai is making your media more mobile, enabling “Any experience, any device, anywhere.” Our goal is to ultimately help you accelerate your business. [Corey]) (Today's best online experiences have been Akamaized . We’re here to help you reach mobile workforces, and 24/7 consumers with any experience on any device, anywhere. And to ultimately help you accelerate your business. [Ravi]) (Akamai’s Application & Cloud Performance Solutions enable you to control your applications, control your costs, and control your cloud, offering you the agility that you need to accelerate your business. [Willie]) (Akamai offers you solutions to revolutionize your media strategy and engage users with any experience, on any device, anywhere, to grow your audience and grow your business. [Bill]) (Mobilize, optimize, and monetize your business, providing a high performance experience to your 24/7 consumers so that you can accelerate your online retail strategies. [Pedro]) (Block threats, not performance, in this ever-evolving hyperconnected world. Securely reach your users on any device, anywhere so you can accelerate your business. [John]) (Akamai helps you connect to users on any device, anywhere, removing the complexities of privacy, security, and rights management, while also allowing businesses to spend advertising dollars more effectively. [Khan])