SlideShare a Scribd company logo

Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

Akamai Technologies
Akamai Technologies

Application firewalls protect applications at the layer 7 level where most attacks occur. Akamai's application firewall inspects requests and responses for malicious content and patterns to protect against attacks like SQL injections. It can log or block activities against configurable policies and protects organizations against application layer attacks that propagate over HTTP and HTTPS.

Technology
1 of 16
Download to read offline
Application Firewall (WAF) onference 2013
bercrime Landscape in 2013 …and easier t carry ou e re ed...
From Network to Application Layer Application Layer Where  increasing   number  of  a2acks   (Layer 7) are  focused   Target  of   Network Layer Tradi,onal   (Layers 3/4) DDoS   A2acks  
pplication Firewall Highlights ates at the network edge – over 100,000 servers cts requests and responses for malicious content and info le cts packets to protect against attacks such as SQL Injections s-Site Scripts gurable to log or block activities against policy cts organizations against application layer attacks propagate P and HTTPS les compliance with PCI DSS 1.2 section 6.6 des advanced rate controls (behavioral based protections) agates quickly (~30 minutes) gured via portal
ecurity Solutions 2.0 urity Rule Update le Set 2.2.6 CRS support Common Rules n Akamai’s unique view % of internet traffic d Rate Controls ID; Client-IP+User-Agent grade Wizard
Appendix & Details
Intelligent Platform™ g Network Layer Attacks at the Edge ayer attack mitigation Examples of attacks types dropped otection is “always on” at Akamai Edge 80 (HTTP) or Port 443 (HTTPS) traffic §  UDP Fragments n Platform §  ICMP Floods r traffic dropped at the Akamai Edge §  SYN Floods k traffic never makes it onto Platform §  ACK Floods mer not charged for traffic dropped at Edge s attack requests without requiring identification §  RESET Floods s CNAME onto Akamai Intelligent Platform §  UDP Floods ttacks through massive scale s average throughput; up to 8Tbps on of HTTP request traffic across 100,000+ ,100+ networks ting, added latency, or point of failure
Rules plication Firewall tion The Result Custom Rules implemented §  New rule logic can be built to mai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules or mer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
Rules plication Firewall tion The Result Custom Rules implemented §  New rule logic can be built to mai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules or mer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
e Rate Controls s Behavior Detection y number of requests per §  Statistics collected for 3 reque d against a given URL o  Client Request – Client to Akama ols requests based on behavior o  Forward Request – Akamai Serv n – not request structure o  Forward Response – Origin to A client IP address, session ID, cookies, etc. §  Statistics collected allow us to ure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxy ties te rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
e Rate Controls s Behavior Detection y number of requests per §  Statistics collected for 3 reque d against a given URL o  Client Request – Client to Akama ols requests based on behavior o  Forward Request – Akamai Serv n – not request structure o  Forward Response – Origin to A client IP address, session ID, cookies, etc. §  Statistics collected allow us to ure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxy ties te rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
y Monitor (1 of 3) Timeline of Requests by Hour Visual Display of Requests by Geography Requests by WAF Rule ID Requests Requests by WAF Message by WAF Tag
y Monitor (2 of 3) Multiple ways to display request statistics
y Monitor (3 of 3) Requests by City Requests by ARLs being Client IP address attacked
Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

Recommended

Akamai waf
Akamai wafAkamai waf
Akamai wafAysegul Ekinci
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Technologies
 
The Akamai Security Portfolio
The Akamai Security PortfolioThe Akamai Security Portfolio
The Akamai Security PortfolioElisabeth Bitsch-Christensen
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...
Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...
Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...Amazon Web Services
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端Amazon Web Services
 
Fight bad bot on the internet
Fight bad bot on the internetFight bad bot on the internet
Fight bad bot on the internetCloudflare
 

Recommended

Akamai waf
Akamai wafAkamai waf
Akamai wafAysegul Ekinci
 
Akamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Intelligent Edge Security
Akamai Intelligent Edge SecurityAkamai Technologies
 
The Akamai Security Portfolio
The Akamai Security PortfolioThe Akamai Security Portfolio
The Akamai Security PortfolioElisabeth Bitsch-Christensen
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...
Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...
Moving Large Scale Contact Centers to Amazon Connect (BAP324) - AWS re:Invent...Amazon Web Services
 
APIC/DataPower security
APIC/DataPower securityAPIC/DataPower security
APIC/DataPower securityShiu-Fun Poon
 
以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端以AWS Lambda與Amazon API Gateway打造無伺服器後端
以AWS Lambda與Amazon API Gateway打造無伺服器後端Amazon Web Services
 
Fight bad bot on the internet
Fight bad bot on the internetFight bad bot on the internet
Fight bad bot on the internetCloudflare
 
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...confluent
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID AccessMarketingArrowECS_CZ
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Web Services
 
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
실시간 스트리밍 분석 Kinesis Data Analytics Deep DiveAmazon Web Services Korea
 
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...Amazon Web Services Korea
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...Simplilearn
 
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitCertificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitAmazon Web Services
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Email_Security Gateway.pptx
Email_Security Gateway.pptxEmail_Security Gateway.pptx
Email_Security Gateway.pptxssuser651fd4
 
Build a Serverless Web Application
Build a Serverless Web ApplicationBuild a Serverless Web Application
Build a Serverless Web ApplicationAmazon Web Services
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Introduction to AWS Amplify CLI
Introduction to AWS Amplify CLIIntroduction to AWS Amplify CLI
Introduction to AWS Amplify CLIAmazon Web Services
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Evil Twin
Evil TwinEvil Twin
Evil Twinn|u - The Open Security Community
 
Open Banking on AWS
Open Banking on AWSOpen Banking on AWS
Open Banking on AWSAmazon Web Services
 
Cloudflare
CloudflareCloudflare
CloudflareFadi Abdulwahab
 
Megaport Enabled AWS Direct Connect
Megaport Enabled AWS Direct ConnectMegaport Enabled AWS Direct Connect
Megaport Enabled AWS Direct ConnectDavid McCullough
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )Lior Rotkovitch
 
Great Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, AkamaiGreat Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, AkamaiAkamai Technologies
 
RSA and RAD 8.5 Top New Value Features
RSA and RAD 8.5 Top New Value FeaturesRSA and RAD 8.5 Top New Value Features
RSA and RAD 8.5 Top New Value FeaturesRoger Snook
 

More Related Content

What's hot

When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...confluent
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Web Services
 
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
실시간 스트리밍 분석 Kinesis Data Analytics Deep DiveAmazon Web Services Korea
 
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...Amazon Web Services Korea
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...Simplilearn
 
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitCertificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitAmazon Web Services
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Email_Security Gateway.pptx
Email_Security Gateway.pptxEmail_Security Gateway.pptx
Email_Security Gateway.pptxssuser651fd4
 
Build a Serverless Web Application
Build a Serverless Web ApplicationBuild a Serverless Web Application
Build a Serverless Web ApplicationAmazon Web Services
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World42Crunch
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Megaport Enabled AWS Direct Connect
Megaport Enabled AWS Direct ConnectMegaport Enabled AWS Direct Connect
Megaport Enabled AWS Direct ConnectDavid McCullough
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 1042Crunch
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )Lior Rotkovitch
 

What's hot (20)

When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
When Kafka Meets the Scaling and Reliability needs of World's Largest Retaile...
 
RSA SecurID Access
RSA SecurID AccessRSA SecurID Access
RSA SecurID Access
 
Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015Amazon Route 53 - Webinar Presentation 9.16.2015
Amazon Route 53 - Webinar Presentation 9.16.2015
 
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
실시간 스트리밍 분석 Kinesis Data Analytics Deep Dive
 
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
IAM 정책을 잘 알아야 AWS 보안도 쉬워진다. 이것은 꼭 알고 가자! - 신은수 솔루션즈 아키텍트, AWS :: AWS Summit S...
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
 
Certificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS SummitCertificate management concepts in AWS - SEC205 - New York AWS Summit
Certificate management concepts in AWS - SEC205 - New York AWS Summit
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Email_Security Gateway.pptx
Email_Security Gateway.pptxEmail_Security Gateway.pptx
Email_Security Gateway.pptx
 
Build a Serverless Web Application
Build a Serverless Web ApplicationBuild a Serverless Web Application
Build a Serverless Web Application
 
OWASP API Security Top 10 - API World
OWASP API Security Top 10 - API WorldOWASP API Security Top 10 - API World
OWASP API Security Top 10 - API World
 
Introduction to AWS Amplify CLI
Introduction to AWS Amplify CLIIntroduction to AWS Amplify CLI
Introduction to AWS Amplify CLI
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Evil Twin
Evil TwinEvil Twin
Evil Twin
 
Open Banking on AWS
Open Banking on AWSOpen Banking on AWS
Open Banking on AWS
 
Cloudflare
CloudflareCloudflare
Cloudflare
 
Megaport Enabled AWS Direct Connect
Megaport Enabled AWS Direct ConnectMegaport Enabled AWS Direct Connect
Megaport Enabled AWS Direct Connect
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
 
WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10WEBINAR: OWASP API Security Top 10
WEBINAR: OWASP API Security Top 10
 
The WAF book (Web App Firewall )
The WAF book (Web App Firewall )The WAF book (Web App Firewall )
The WAF book (Web App Firewall )
 

Viewers also liked

Great Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, AkamaiGreat Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, AkamaiAkamai Technologies
 
RSA and RAD 8.5 Top New Value Features
RSA and RAD 8.5 Top New Value FeaturesRSA and RAD 8.5 Top New Value Features
RSA and RAD 8.5 Top New Value FeaturesRoger Snook
 
2013 Good Design is Good Business mobile and RSA
2013 Good Design is Good Business mobile and RSA2013 Good Design is Good Business mobile and RSA
2013 Good Design is Good Business mobile and RSARoger Snook
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Wapples brochure v1 4 eng
Wapples brochure v1 4 engWapples brochure v1 4 eng
Wapples brochure v1 4 enghasbro505
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Source Conference
 
How to Protect Against top Web Security Issues With Citrix NetScaler
How to Protect Against top Web Security Issues With Citrix NetScalerHow to Protect Against top Web Security Issues With Citrix NetScaler
How to Protect Against top Web Security Issues With Citrix NetScalerDavid McGeough
 
RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...
RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...
RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...Denim Group
 
Cryptography - RSA and ECDSA
Cryptography - RSA and ECDSACryptography - RSA and ECDSA
Cryptography - RSA and ECDSAAPNIC
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceImperva Incapsula
 
Tripwire IP360 Vulnerability Management Scanning Best Practices
Tripwire IP360 Vulnerability Management Scanning Best PracticesTripwire IP360 Vulnerability Management Scanning Best Practices
Tripwire IP360 Vulnerability Management Scanning Best PracticesTripwire
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Deivid Toledo
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...United Security Providers AG
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmIndra97065
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
Akamai: From Theory to Practice
Akamai: From Theory to PracticeAkamai: From Theory to Practice
Akamai: From Theory to PracticeLiz Bradley
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
Akamai -- Analysis and Recommendation
Akamai -- Analysis and RecommendationAkamai -- Analysis and Recommendation
Akamai -- Analysis and RecommendationRoss Andrew Simons
 

Viewers also liked (20)

Great Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, AkamaiGreat Expectations - Dr. Tom Leighton, Akamai
Great Expectations - Dr. Tom Leighton, Akamai
 
RSA and RAD 8.5 Top New Value Features
RSA and RAD 8.5 Top New Value FeaturesRSA and RAD 8.5 Top New Value Features
RSA and RAD 8.5 Top New Value Features
 
2013 Good Design is Good Business mobile and RSA
2013 Good Design is Good Business mobile and RSA2013 Good Design is Good Business mobile and RSA
2013 Good Design is Good Business mobile and RSA
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
 
Wapples brochure v1 4 eng
Wapples brochure v1 4 engWapples brochure v1 4 eng
Wapples brochure v1 4 eng
 
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
Nazira Omuralieva - Susan Kaufman - Improving Application Security - Vulnerab...
 
How to Protect Against top Web Security Issues With Citrix NetScaler
How to Protect Against top Web Security Issues With Citrix NetScalerHow to Protect Against top Web Security Issues With Citrix NetScaler
How to Protect Against top Web Security Issues With Citrix NetScaler
 
RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...
RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...
RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...
 
Cryptography - RSA and ECDSA
Cryptography - RSA and ECDSACryptography - RSA and ECDSA
Cryptography - RSA and ECDSA
 
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate PerformanceIncapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
Incapsula: How to Increase SaaS Websites’ Uptime and Accelerate Performance
 
Tripwire IP360 Vulnerability Management Scanning Best Practices
Tripwire IP360 Vulnerability Management Scanning Best PracticesTripwire IP360 Vulnerability Management Scanning Best Practices
Tripwire IP360 Vulnerability Management Scanning Best Practices
 
Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)Radware - WAF (Web Application Firewall)
Radware - WAF (Web Application Firewall)
 
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
USP SES and the Location Layer: Geolocation for adaptive Access Control and P...
 
RSA Algorithm
RSA AlgorithmRSA Algorithm
RSA Algorithm
 
Public Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithmPublic Key Cryptography and RSA algorithm
Public Key Cryptography and RSA algorithm
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Akamai: From Theory to Practice
Akamai: From Theory to PracticeAkamai: From Theory to Practice
Akamai: From Theory to Practice
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
Akamai -- Analysis and Recommendation
Akamai -- Analysis and RecommendationAkamai -- Analysis and Recommendation
Akamai -- Analysis and Recommendation
 

Similar to Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentalsCloudflare
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101Cloudflare
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Akamai Technologies
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Finding the needle in the haystack: how Nestle is leveraging big data to defe...Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Finding the needle in the haystack: how Nestle is leveraging big data to defe...Big Data Spain
 
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPROIDEA
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureMarketingArrowECS_CZ
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotServicePilot
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyCloudflare
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Kinamik Cloud Governance
Kinamik Cloud GovernanceKinamik Cloud Governance
Kinamik Cloud GovernanceNbukhari
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cloudflare
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallAli Kapucu
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkHaltdos
 

Similar to Kona Web Application Firewall Overview - Akamai at RSA Conference 2013 (20)

Cyber security fundamentals
Cyber security fundamentalsCyber security fundamentals
Cyber security fundamentals
 
ip pier solution
ip pier solutionip pier solution
ip pier solution
 
Cyber Security 101
Cyber Security 101Cyber Security 101
Cyber Security 101
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
Kona Site Defender Product Brief - Multi-layered defense to protect websites ...
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Finding the needle in the haystack: how Nestle is leveraging big data to defe...Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
 
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr WojciechowskiPLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
PLNOG14: Firewalls In Modern Data Centers - Piotr Wojciechowski
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
Unified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud InfrastructureUnified Protection for Multi-Cloud Infrastructure
Unified Protection for Multi-Cloud Infrastructure
 
Deep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilotDeep Flow Monitoring with ServicePilot
Deep Flow Monitoring with ServicePilot
 
A Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud JourneyA Different Approach to Securing Your Cloud Journey
A Different Approach to Securing Your Cloud Journey
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25Pci multitenancy exalogic at AMIS25
Pci multitenancy exalogic at AMIS25
 
Kinamik Cloud Governance
Kinamik Cloud GovernanceKinamik Cloud Governance
Kinamik Cloud Governance
 
Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)Cyber security fundamentals (Cantonese)
Cyber security fundamentals (Cantonese)
 
Why Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation FirewallWhy Its time to Upgrade a Next-Generation Firewall
Why Its time to Upgrade a Next-Generation Firewall
 
DDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT NetworkDDoS Mitigation Techniques for Your Enterprise IT Network
DDoS Mitigation Techniques for Your Enterprise IT Network
 

More from Akamai Technologies

Replacing recovery with resilience
Replacing recovery with resilienceReplacing recovery with resilience
Replacing recovery with resilienceAkamai Technologies
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationAkamai Technologies
 
3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against MalwareAkamai Technologies
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access ModelAkamai Technologies
 
새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유Akamai Technologies
 
更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由Akamai Technologies
 
应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因Akamai Technologies
 
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと きAkamai Technologies
 
3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remotoAkamai Technologies
 
3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remotoAkamai Technologies
 
3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distanceAkamai Technologies
 
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...Akamai Technologies
 
3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des RemotezugriffsAkamai Technologies
 
Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Akamai Technologies
 
Chicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesChicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesAkamai Technologies
 
Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Akamai Technologies
 
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAEdge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAAkamai Technologies
 
Edge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayEdge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayAkamai Technologies
 
Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study
Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case StudyEdge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study
Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case StudyAkamai Technologies
 

More from Akamai Technologies (20)

Replacing recovery with resilience
Replacing recovery with resilienceReplacing recovery with resilience
Replacing recovery with resilience
 
Competitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven DifferentiationCompetitive EDGE - Data Driven Differentiation
Competitive EDGE - Data Driven Differentiation
 
3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware3 Reasons You Need Proactive Protection Against Malware
3 Reasons You Need Proactive Protection Against Malware
 
3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model3 Reasons It's Time for a New Remote Access Model
3 Reasons It's Time for a New Remote Access Model
 
새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유새로운 원격 접속 모델이 필요한 3가지 이유
새로운 원격 접속 모델이 필요한 3가지 이유
 
更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由更新遠端存取模式的 3 大理由
更新遠端存取模式的 3 大理由
 
应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因应该采用全新远程访问模式的 3 大原因
应该采用全新远程访问模式的 3 大原因
 
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
3 つの理由 今こそ新しいリモート・アク セス・モデルを採用すべきと き
 
3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto3 razões chegou a hora de um novo modelo de acesso remoto
3 razões chegou a hora de um novo modelo de acesso remoto
 
3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto3 motivi per cui è necessario un nuovo modello di accesso remoto
3 motivi per cui è necessario un nuovo modello di accesso remoto
 
3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance3 raisons de changer votre modèle d'accès à distance
3 raisons de changer votre modèle d'accès à distance
 
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
3 motivos por los que ahora es el momento perfecto para adoptar un nuevo mode...
 
3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs3 Gründe für eine neue Art des Remotezugriffs
3 Gründe für eine neue Art des Remotezugriffs
 
Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2Chicago Tech Day Jan 2015: Foundry - HTTP2
Chicago Tech Day Jan 2015: Foundry - HTTP2
 
Chicago Tech Day Jan 2015: RWD
Chicago Tech Day Jan 2015: RWDChicago Tech Day Jan 2015: RWD
Chicago Tech Day Jan 2015: RWD
 
Chicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden FeaturesChicago Tech Day Jan 2015: Hidden Features
Chicago Tech Day Jan 2015: Hidden Features
 
Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015Customer Technology Day Chicago 2015
Customer Technology Day Chicago 2015
 
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEAEdge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
Edge 2014: Maintaining the Balance: Getting the Most of Your CDN with IKEA
 
Edge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBayEdge 2014: Increasing Control with Property Manager with eBay
Edge 2014: Increasing Control with Property Manager with eBay
 
Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study
Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case StudyEdge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study
Edge 2014: Bypass Surgery - Akamai's Heartbleed Response Case Study
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Kona Web Application Firewall Overview - Akamai at RSA Conference 2013

  • 2. bercrime Landscape in 2013 …and easier t carry ou e re ed...
  • 3. From Network to Application Layer Application Layer Where  increasing   number  of  a2acks   (Layer 7) are  focused   Target  of   Network Layer Tradi,onal   (Layers 3/4) DDoS   A2acks  
  • 4. pplication Firewall Highlights ates at the network edge – over 100,000 servers cts requests and responses for malicious content and info le cts packets to protect against attacks such as SQL Injections s-Site Scripts gurable to log or block activities against policy cts organizations against application layer attacks propagate P and HTTPS les compliance with PCI DSS 1.2 section 6.6 des advanced rate controls (behavioral based protections) agates quickly (~30 minutes) gured via portal
  • 5. ecurity Solutions 2.0 urity Rule Update le Set 2.2.6 CRS support Common Rules n Akamai’s unique view % of internet traffic d Rate Controls ID; Client-IP+User-Agent grade Wizard
  • 6.
  • 8. Intelligent Platform™ g Network Layer Attacks at the Edge ayer attack mitigation Examples of attacks types dropped otection is “always on” at Akamai Edge 80 (HTTP) or Port 443 (HTTPS) traffic §  UDP Fragments n Platform §  ICMP Floods r traffic dropped at the Akamai Edge §  SYN Floods k traffic never makes it onto Platform §  ACK Floods mer not charged for traffic dropped at Edge s attack requests without requiring identification §  RESET Floods s CNAME onto Akamai Intelligent Platform §  UDP Floods ttacks through massive scale s average throughput; up to 8Tbps on of HTTP request traffic across 100,000+ ,100+ networks ting, added latency, or point of failure
  • 9. Rules plication Firewall tion The Result Custom Rules implemented §  New rule logic can be built to mai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules or mer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
  • 10. Rules plication Firewall tion The Result Custom Rules implemented §  New rule logic can be built to mai metadata written by specific use cases for the cus i Professional Services §  Rules can be built that execut are created and managed in one or more baseline rules or mer portal control rules match are then associated with §  Output of application vulnerab l policies and deployed with products can be implemented n 45 minutes “virtual patches” §  Advanced piping to user valid actions can be achieved (prio
  • 11. e Rate Controls s Behavior Detection y number of requests per §  Statistics collected for 3 reque d against a given URL o  Client Request – Client to Akama ols requests based on behavior o  Forward Request – Akamai Serv n – not request structure o  Forward Response – Origin to A client IP address, session ID, cookies, etc. §  Statistics collected allow us to ure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxy ties te rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
  • 12. e Rate Controls s Behavior Detection y number of requests per §  Statistics collected for 3 reque d against a given URL o  Client Request – Client to Akama ols requests based on behavior o  Forward Request – Akamai Serv n – not request structure o  Forward Response – Origin to A client IP address, session ID, cookies, etc. §  Statistics collected allow us to ure rate categories to large proxies and pick out a m request rates against digital user hiding behind a proxy ties te rate-based DDoS attacks §  Statistics collected allow for dete of pathological behavior by a clie o  Request rate is excessive for an o  Requests causing too many Orig
  • 13. y Monitor (1 of 3) Timeline of Requests by Hour Visual Display of Requests by Geography Requests by WAF Rule ID Requests Requests by WAF Message by WAF Tag
  • 14. y Monitor (2 of 3) Multiple ways to display request statistics
  • 15. y Monitor (3 of 3) Requests by City Requests by ARLs being Client IP address attacked

Editor's Notes

  1. NOTE: You can click on the black bars and adjust the length to fit your text. If your main title goes beyond one line, please remember to move the subtitle bar down a bit in order to keep some space between it and the main title bar. If you do not need a subtitle, you can delete that bar entirely.
  2. Attacks are becoming more sophisticated with multi-vector attacks often hiding the real motivations of attackers. On top of this it has become even easier to carry out different attacks – a quick Google search and anyone with basic tech skills can download these tools and join the fight…
  3. LOIC basically turns your computer's network connection into a firehose of garbage requests, directed towards a target web server. On its own, one computer rarely generates enough TCP, UDP, or HTTP requests at once to overwhelm a web server—garbage requests can easily ignored while legit requests for web pages are responded to as normal. But when thousands of users run LOIC at once, the wave of requests become overwhelming, often shutting a web server (or one of its connected machines, like a database server) down completely, or preventing legitimate requests from being answered. What is HOIC? - High-speed multi-threaded HTTP Flood - Simultaneously flood up to 256 websites at once - Built in scripting system to allow the deployment of 'boosters', scripts designed to thwart DDoS counter measures and increase DoS output. - Easy to use interface - Can be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do  - Ability to select the number of threads in an ongoing attack - Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH and its written in a language where you can do a bunch of really nifty things just read the RealBasic manual, ;] also no Dependencies (single executable)
  4. Implemented in 10’000s of Akamai Edge Servers
  5. We still defend against “old school” DdoS as well as we ever did….distributed networks, offload DNS, caching content. But there are new attacks that we must evolve our defenses to defend. \\These are the things you’ll be able to defend against – stealthier attacks, more advanced attacks: How do we do this, new rules: Slow post, Slow loris, LOIC are now, HOIC Replace RTR with DLR in Security Monitor (is this Channel Partner Foundations – Today there are no tools for partners to implement Kona 2.0. Partner Focused Enhancements. They made some foundational tools.. WAF ModSecurity Core Rule Set 2.2.6 Includes anomaly scoring and migration wizard Anomaly scoring – related to the HTTP request. Adding the ability to score HTTP requests, provides a means to better assess the risk. Configurable policy to deny. WAF common rules sets: we see lots of attacks, create new rules for all of them. With 2.0 (free to 1.0 customers) the rule set is available. Getting the rules probabaly requires PS engagement. Advanced Rate Controls: protect against more sophisticated attacks, helps address malicious behavior --- behavioral controls. For example: (John has details)
  6. Close on the brand message – you can use the following sample text to speak to this closing brand slide. (Akamai is making your media more mobile, enabling “Any experience, any device, anywhere.” Our goal is to ultimately help you accelerate your business. [Corey]) (Today's best online experiences have been Akamaized . We’re here to help you reach mobile workforces, and 24/7 consumers with any experience on any device, anywhere. And to ultimately help you accelerate your business. [Ravi]) (Akamai’s Application & Cloud Performance Solutions enable you to control your applications, control your costs, and control your cloud, offering you the agility that you need to accelerate your business. [Willie]) (Akamai offers you solutions to revolutionize your media strategy and engage users with any experience, on any device, anywhere, to grow your audience and grow your business. [Bill]) (Mobilize, optimize, and monetize your business, providing a high performance experience to your 24/7 consumers so that you can accelerate your online retail strategies. [Pedro]) (Block threats, not performance, in this ever-evolving hyperconnected world. Securely reach your users on any device, anywhere so you can accelerate your business. [John]) (Akamai helps you connect to users on any device, anywhere, removing the complexities of privacy, security, and rights management, while also allowing businesses to spend advertising dollars more effectively. [Khan])
  7. Platform provides an additional layer of defense and moves the perimeter of defense out to the Edge of the Internet and then goes into the network layer value of that architecture The Akamai platform automatically (** if you’re buying acceleration…** protects against: SYN flood and other TCP attacks UDP attacks HTTP slow client (“drip feed”) attacks HTTP Request Smuggling attacks HTTP Response Splitting attacks The platform only accepts valid HTTP requests on port 80 and 443!
  8. Implemented in 10’000s of Akamai Edge Servers Requests causing too many Origin errors (404, 5XX)
  9. Implemented in 10’000s of Akamai Edge Servers Requests causing too many Origin errors (404, 5XX)
  10. Close on the brand message – you can use the following sample text to speak to this closing brand slide. (Akamai is making your media more mobile, enabling “Any experience, any device, anywhere.” Our goal is to ultimately help you accelerate your business. [Corey]) (Today's best online experiences have been Akamaized . We’re here to help you reach mobile workforces, and 24/7 consumers with any experience on any device, anywhere. And to ultimately help you accelerate your business. [Ravi]) (Akamai’s Application & Cloud Performance Solutions enable you to control your applications, control your costs, and control your cloud, offering you the agility that you need to accelerate your business. [Willie]) (Akamai offers you solutions to revolutionize your media strategy and engage users with any experience, on any device, anywhere, to grow your audience and grow your business. [Bill]) (Mobilize, optimize, and monetize your business, providing a high performance experience to your 24/7 consumers so that you can accelerate your online retail strategies. [Pedro]) (Block threats, not performance, in this ever-evolving hyperconnected world. Securely reach your users on any device, anywhere so you can accelerate your business. [John]) (Akamai helps you connect to users on any device, anywhere, removing the complexities of privacy, security, and rights management, while also allowing businesses to spend advertising dollars more effectively. [Khan])