Protection against sophisticated DDoS attacks

Published on: March 28, 2018
Author: Bas Greevink

Protection against sophisticated DDoS attacks

The security landscape in our industry has changed significantly over the last year. Public cloud is common these days, and security is more important than performance. Recent DDoS attacks on Dutch banks help us to be more aware of these changes.

Protection of your application and your brand is very important, and a web application firewall is a way to implement extra protection against attacks.

With Akamai's Web Application Firewall, Kona Site Defender, we are able to protect websites and APIs from sophisticated attacks. These are attacks that are coordinated in organized groups with the backing of resources not available in the common criminal underworld. In some cases, the found attack signatures suggest the attackers’ knowledge of DDoS mitigation technology.

Performance Cloud can not only protect your website from these DDoS attacks but are also able to protect your websites & API’s against web-application and direct-to origin attacks.

Which risks does your platform face?

When an attack is executed, it is possible that your online platform becomes unreachable, or maybe even that your application is hacked. Unreachable means the site is no longer accessible from the Internet; Hacked as in 'bad actor' is able to access your server.

There can be a plethora of consequences involved with a hack of your website. To be more specific, you can think of the following issues that can appear:

  • The outage of your online platform;

  • Loss of productivity, for example, an online portal;

  • The turnover decline, if it concerns a webshop;

  • Reputation damage to the brand of your company;

  • Data theft.

The Akamai Web Application Firewall is deployed at the edges of the network, far away from your platforms and sites residing in your cloud. It is at the edges of the platform where the software for the services are deployed, which for example are software for Content Delivery, SSL, and Web Application Firewall.

Akamai WAF versus a classic (hardware) WAF in a datacenter

The web application firewall of Akamai comes with another advantage: It is a cloud solution, and a big benefit over hardware-based firewalls is, that with our solution we are able to protect all your clouds and datacenters!

We are able to protect your public cloud applications, while at the same time we can protect your on-premise datacenter. This is perhaps the biggest benefit of all: With this solution, we are able to help reduce your total cost of ownership (TCO) of your platform by replacing the classic, sometimes hardware-based WAF solutions with a single centrally managed and cloud-based WAF.

Is it hard to configure?

For setting up your WAF, it is necessary that your website is connected to the internet. Naturally, we will use the https protocol instead of HTTP. Https is a secured version of HTTP: Communication between the end-user and the website is encrypted. It helps prevent intruders from tampering with the communication between the end-users browsers and the website. Every site that is not protected with https can reveal information about the identity and behavior of end-users.

We configure a website preferably with a Domain Validated SSL-certificate. We also need support from your DNS administrator to CNAME your website to the Akamai platform. Let us prepare the basic configuration in the Akamai platform with the certified professionals at our hosting team. Once this is done, we are ready to go.

It is at the edges of the Akamai platform where the logic takes place: when we have configured the firewall, traffic is re-routed via the DNS change and we will let the web application firewall learn for the first weeks to come. We call this alert-mode: The firewall is not active, but it will report on what it sees.

TRIMM protection against sophisticated DDoS attacks

On a daily basis we will check configurations, and only if we are sure that we can enable the firewall without impacting the customers’ business, we will activate the firewall: we call this deny-mode. Once activated we have good reporting available on our dashboard, with a possibility to send out logs and reports.

CDN and WAF combined

Performance is important, but security is even more important.
We can deliver a combination both of these products, so that we can protect your website and make it fast, worldwide. Offering this attractive combination can help you solve performance and security questions. We do this by delivering a combination package of a web application firewall and a Content Delivery Network (CDN).

What does the premium web application firewall of Akamai provide?

It provides comprehensive capabilities to protect against application-layer attacks.

  • Automatic updates offer security rules to be up-to-date with the latest known threats by Akamai. As a result, you are always protected against the latest threats known by Akamai.
  • Adaptive rate controls automatically protect against application-layer DDoS and other volumetric attacks by monitoring and controlling the rate of requests against applications.
  • Application-layer controls offer pre-defined, configurable WAF rules that govern Request Limit Violations, Protocol Violations, HTTP Policy Violations and more.
  • Network-layer controls automatically deflect network-layer DDoS attacks at the network edge and define and enforce IP whitelists and blacklists to restrict requests from certain IP addresses or geographical regions.
  • Security monitor provides real-time visibility into security events and enables administrators to drill down into attack alerts.
  • Logging features enable you to integrate WAF and event logs with security information and event management to increase your threat posture awareness. Connection to a SIEM is also possible.
  • 100% availability and uptime The WAF platform is highly resilient and self-healing. The included Site Failover can help you to keep your platform up - even if your servers are down.

What to do?

It is important to take the right technical measures to protect your digital platform against attacks. Invest in a good Web Application Firewall (WAF). We have extensive experience with protecting online platforms, in collaboration with Akamai.

If you want a quick start, contact us. If you are under attack? We can help quickly, without doing the paperwork first. Let’s first make sure that your business is safe! If you have any questions feel free to contact our consultant Hosting & Security Bas Greevink.