1.
Application Firewall (WAF)onference 2013

2.
bercrime Landscape in 2013 …and easier t carry ou ereed...

3.
From Network to Application Layer Application Layer Where increasing number of a2acks (Layer 7) are focused Target of Network Layer Tradi,onal (Layers 3/4) DDoS A2acks

4.
pplication Firewall Highlightsates at the network edge – over 100,000 servers cts requests and responses for malicious content and info le cts packets to protect against attacks such as SQL Injectionss-Site Scripts gurable to log or block activities against policy cts organizations against application layer attacks propagateP and HTTPS les compliance with PCI DSS 1.2 section 6.6 des advanced rate controls (behavioral based protections)agates quickly (~30 minutes) gured via portal

5.
ecurity Solutions 2.0urity Rule Updatele Set 2.2.6CRS supportCommon Rulesn Akamai’s unique view% of internet traffic d Rate Controls ID; Client-IP+User-Agentgrade Wizard

6.
Appendix & Details

7.
Intelligent Platform™g Network Layer Attacks at the Edgeayer attack mitigation Examples of attacks types droppedotection is “always on” at Akamai Edge80 (HTTP) or Port 443 (HTTPS) traffic § UDP Fragmentsn Platform § ICMP Floodsr traffic dropped at the Akamai Edge § SYN Floodsk traffic never makes it onto Platform § ACK Floods mer not charged for traffic dropped at Edges attack requests without requiring identification § RESET Floods s CNAME onto Akamai Intelligent Platform § UDP Floodsttacks through massive scales average throughput; up to 8Tbpson of HTTP request traffic across 100,000+ ,100+ networks ting, added latency, or point of failure

8.
Rulesplication Firewall tion The ResultCustom Rules implemented § New rule logic can be built tomai metadata written by specific use cases for the cus i Professional Services § Rules can be built that execut are created and managed in one or more baseline rules ormer portal control rules match are then associated with § Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” § Advanced piping to user valid actions can be achieved (prio

9.
Rulesplication Firewall tion The ResultCustom Rules implemented § New rule logic can be built tomai metadata written by specific use cases for the cus i Professional Services § Rules can be built that execut are created and managed in one or more baseline rules ormer portal control rules match are then associated with § Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” § Advanced piping to user valid actions can be achieved (prio

10.
e Rate Controlss Behavior Detectiony number of requests per § Statistics collected for 3 requed against a given URL o Client Request – Client to Akamaols requests based on behavior o Forward Request – Akamai Servn – not request structure o Forward Response – Origin to Aclient IP address, session ID, cookies, etc. § Statistics collected allow us toure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxytieste rate-based DDoS attacks § Statistics collected allow for dete of pathological behavior by a clie o Request rate is excessive for an o Requests causing too many Orig

11.
e Rate Controlss Behavior Detectiony number of requests per § Statistics collected for 3 requed against a given URL o Client Request – Client to Akamaols requests based on behavior o Forward Request – Akamai Servn – not request structure o Forward Response – Origin to Aclient IP address, session ID, cookies, etc. § Statistics collected allow us toure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxytieste rate-based DDoS attacks § Statistics collected allow for dete of pathological behavior by a clie o Request rate is excessive for an o Requests causing too many Orig

12.
y Monitor (1 of 3) Timeline of Requests by Hour Visual Display of Requests by Geography Requests by WAF Rule ID Requests Requests by WAF Message by WAF Tag

13.
y Monitor (2 of 3) Multiple ways to display request statistics

14.
y Monitor (3 of 3) Requests by City Requests by ARLs being Client IP address attacked