Akamai Technologies has unveiled a new suite of cloud defence solutions aimed at protecting companies from increasingly sophisticated and costly Web attacks. With cyber crime costing global businesses approximately one trillion dollars each year , Akamai is introducing new capabilities for enterprises and cloud computing service providers to further solidify the perimeter defense around their network infrastructure for dynamic web sites and mission-critical business applications.
“The Akamai network saw more distributed denial of service (DDoS) attacks against our customers' Web sites in the fourth quarter of 2010 than in the first three quarters of the year combined,” said Tom Leighton, chief scientist and co-founder, Akamai. “Companies understand the benefits of the Cloud and continue to push business-critical data and operations there; however, the need to protect these assets from the growing frequency and sophistication of Web attacks increases dramatically as a result.”
“Hackers are increasingly targeting companies and web sites with more sophisticated and coordinated attacks" said Bruno Hourdel, Product Line Director for International, Akamai. "Akamai’s highly distributed, multi-network platform makes it possible for enterprises to combat today’s Internet threats in a unique, innovative way that no centralized solution can offer."
A recent Forrester survey showed that 74% of surveyed companies experienced one or more DDoS attacks in the past year, with 31% of these attacks resulting in service disruption. To combat these attacks launched by botnets and other malicious clients and sources, companies need a multi-layered defense architecture that keeps attacks away from their infrastructure. Having deployed more than 84,000 servers, Akamai operates the world’s largest distributed computing network and provides its customers with comprehensive cloud security services.
Akamai's new DDoS defense architecture helps customers to prepare for, monitor, manage and mitigate the impacts of malicious DDoS attacks. In addition to the Akamai network’s ability to absorb large-scale attacks and offer fail-over service, Akamai’s cloud-based solutions include:
• Ability to cloak web infrastructure from the public Internet
• IP blocking and rate limiting capabilities at the network layer
• Web application firewalling at Layer 7 (application layer)
• Scalable protection from Domain Name System (DNS) attacks and DNSSEC
• Blocking of traffic by geographic region
• Identification of suspected BOTs from real users to de-prioritize or block
• DDoS specialists to assess infrastructure and develop a run-time attack playbook
• 24/7 support with a response Service Level Agreement (SLA)
• Capped exposure to bursting fees related to an attack
Akamai is also announcing the bolstering of its Web Application Firewall service, which helps customers comply with Payment Card Industry Data Security Standard (PCI-DSS) and provides on-demand scalability for the detection and blocking of malicious Web application attacks such as Cross-Site Scripting (XSS) and SQL injection style attacks. Akamai’s Web Application Firewall service now offers fast IP blocking and IP rate limiting to further offload unwanted requests and bandwidth outside the data-center.
Akamai also announced today that it has begun working with Qualys, a leading provider of on-demand IT security risk and compliance solutions, to explore ways in which advanced application layer protection can be enhanced through vulnerability scans and generation of customized rules for Akamai’s Web Application Firewall solution.
“It is becoming clear that in order to effectively combat cyber attacks, vendors must collaborate to build enabling technologies that can boost defenses against these threats,” said Philippe Courtot, chairman and CEO of Qualys. “We look forward to working with Akamai to explore how Qualys’ security-as-as-service vulnerability scanning and threat intelligence capabilities can work with Akamai's comprehensive cloud defense initiatives.”
These enhancements to Akamai’s offerings are expected to be made broadly available during the second quarter of the year.
In December of last year, Akamai observed high volumes of coordinated attacks against five independent Internet Retailer Top 500 customers from Tuesday, November 30th through Thursday, December 2nd. The attacks, causing some Web sites to experience up to 10,000 times their normal daily traffic, were thwarted by the Akamai network. Akamai estimates the attacks could have cost the retailers more than $15 million dollars in lost revenue during the three- day period, had they not been protected.
In addition to its retail customers, Akamai has recently helped other companies that came under attack.
- Asian Gaming Company: In January 2011, an Asia-based gaming company experienced a multi-phase, varying signature attack directed from South Korea. The attack used malformed HTTP requests without user-agents, and could have caused the company as much as 36,000 missed advertising impressions had it not been thwarted by Akamai.
- International Government Web site: In December 2010, a government Web site experienced an in-country, opt-in attack using the freely available attack application Low Orbit Ion Cannon (LOIC) requests for abnormally long URL query strings. The peak DDoS traffic reached 550 Mbps and, without Akamai, would have impacted thousands of citizens trying to access the site.
- Fortune 1000 Electronics Manufacturer: In January 2011, a Fortune 1000 electronics manufacturer had three of its Web sites targeted for more than 48 hours by a series of highly distributed DDoS attacks from South America (Brazil & Mexico) and Asia-Pac (Thailand); Akamai estimates the attacks could have cost the customer $140,000 in lost revenues during the two- day period, had the sites not been protected by Akamai. Additionally, based on average unique visitors to one of the Web sites targeted, the attacks could have potentially denied access to up to 375,000 customers.
- IR150 Retailer: In January 2011 an Internet Retailer 150 (IR 150) eCommerce Web site protected by Akamai was attacked a second time, following an initial attack during the holiday season. The source of the second attack was concentrated in Eastern Europe with peak DDoS traffic of up to 300 Mbps. Akamai estimates the attack could have cost the customer $350,000 in lost revenues during the twenty-four hour period, had it not been prevented by Akamai.