Akamai Edge Day 3: Cloud Security Solutions Roadmap and lessons learned from a DDoS attack
The third day of Bas at Akamai Edge was also an interesting one. This day was more focused on practical experiences, including roadmap sessions and panel discussions. The time between the sessions left room to have good conversations and discussions with customers, partners and contacts. The DevOps zone always has a prominent place on Akamai Edge, but this year they had a surprisingly big place. This was very fortunate, since connecting out DevOps with Akamai’s roadmap will certainly be a good addition to further improve our hosting infrastructure.
Cloud Security Solutions Roadmap
Last year, several new functionalities in Cloud Security were introduced, for example to address problems around credential abuse, API protection and security management. Akamai’s VP of Product Management Josh Shaul discussed all innovations that were introduced in 2017. He also gave a short preview of what can be expected from Akamai in 2018.
Since Akamai Edge 2016, almost 9000 attacks and over 1 billion exploits were stopped by Akamai. Akamai already operates Bot Manager, but as mentioned in my previous blog, Bot Manager Premium is now available. The Premium version makes use of bio metric protection.
The two cloud security solutions most used by Akamai are Kona and Web Application Protector (WAP). It was already of great importance to have well organized protection. With the GDPR regulations, this has become even more important. Both KONA and WAP reduce the risks of downtime, data theft and compromised websites. But if that’s the case, then what sets them apart?
Kona provides fully integrated protection against everything Akamai can mitigate of. It can be fully customized for corporate website usage.
WAP offers powerful and simple configuration regarding website protection. In my personal opinion, this solution is better suited for companies whom do not have a highly sophisticated website, but do want their application protected against threats. Furthermore, WAP offers no customizations. Akamai updates newly provided rules automatically.
When it comes to becoming GDPR compliant, I recommend the use of a web application firewall to better protect your website. As for the 2018 roadmap, I predict that KONA Site Defender and WAP will be further integrated, with WAP being the entry level web application firewall.
Lessons learned from a DDoS attack
The experience of living through a DDoS attack is very different from the stories you read in the news. Lisa Beegle from Akamai’s Security Incident and Response Team walked us through a set of war stories with lessons that everybody can learn from, as well as best practices to prepare your organization.
It was interesting to hear the practical experiences with DDoS attacks from Akamai’s point of view. Lisa Beegle explained what Akamai does when a DDoS attack occurs, and how this has changed over the years, starting from when DDoS attacks were rare, and their bandwidth was limited compared to today’s attacks of about 60 Gbps.
Some practical things I learned during this session are that you always need to have a (DDoS) Mitigation Playbook available when managing a platform. Furthermore, you need to make sure the departments within your company are well trained so that everybody knows what to do in case a real threat occurs.
Finally, these are the most important lessons learnt during this session:
- Always be pro-active
- Know whom within your organization you need to involve
- Understand your infrastructure
- Be aware of what kind of and how much traffic you use on an average day
In the playbook I mentioned earlier, all these points and other questions are described and maintained, specified to the characteristics of a company.
ABOUT PERFORMANCE CLOUD
Performance cloud is part of TRIMM. Our story started 25 years ago when TRIMM started pioneering the internet including offering its own dedicated hosting solutions. Industry developed over the years, and TRIMM extends its knowledge offering cloud and performance solutions: Performance cloud. We accelerate and protect cloud solutions. We are able to bring together a solid basis of hosting and combine this with fast and secure cloud solutions, for our domestic and international clients like Signify, Nexperia, Dorel and Grolsch. We offer over 10 years of experience in Cloud Performance. Over the years we have created valuable partnerships with Akamai, Microsoft Azure, Amazon Web Services and Jelastic, and we’ve developed a broad range of services to meet your business goals.