Josh Shaul is the Vice President for web security at Akamai. He and his team are responsible for Akamai’s web security products, and they build the products that Akamai uses to protect their customers from attacks on the internet.
Akamai’s Josh Shaul Talks about leveraging deep visibility into the internet to deliver targeted security solutions
Enterprise Threat Protector
My team came up with the concept and the idea is based on the fact that we all use a DNS service constantly on the internet to translate host names into IP addresses. Akamai has been in the DNS business for a number of years and we realized there was an opportunity for us to add more value to the process of resolving host names into IP addresses by checking to see if our visibility into the internet is giving us an indication that the IP address that we are about to visit, or the host name that we are about to resolve is one with a bad reputation due to malware, or involvement in command-and-control from malware-infested systems.
Since we have a really good idea of which pages have malware on them, and which servers are running the command-and-control systems for the bad guys, it’s easy for us to analyze each DNS resolution from an enterprise and alert them to the bad reputation of the place they are about to go.
The concept of using DNS to make security decisions in not unique to Akamai since other organizations have similar approaches to solving security problems. The unique thing that Akamai brings to the table is internet visibility—we have a special vantage point on the internet since we deliver 15 to 20 percent of the traffic on the internet, on any given day.
There are different motivations for DDoS attacks, but the main driver is monetary gain, where the attackers demand for ransom. Once in a while you will see DDoS for other reasons, such as in the gaming space where someone will use DDoS to gain an advantage over other gamers by slowing down their internet connection.
DDoS has evolved over the years. Attackers have moved to leveraging things into armies they can direct to do their bidding. The Mirai botnet has received an enormous amount of publicity, but it’s not the biggest botnet. It got a lot of publicity because they put the source code where it could be accessed by the general public. It is unusual for cybercriminals to give away their tools and techniques.
Mirai takes advantage of poorly secured devices on the internet, mostly closed-circuit camera systems and the DVRs that they feed data into. They happen to be pervasive and poorly secured. It was easy for the attackers to log into the systems, load their own software and take over. When they first used Mirai as a weapon, it had a lot of power because the first attacker who went live with it was able to find all of the systems that were connected, accessible and easy to compromise. Others were not aware of how this could be done and there was one group that capitalized on this. They attacked the security Blogger Brain Krebs’ website, which was hosted on Akamai’s platform.
We witnessed over 600 gigabytes of traffic—which was the biggest amount of traffic we have ever seen for that sort of attack. We also noticed that our carriers were having trouble delivering traffic to us, so it was probably even bigger than that on the internet as whole since a part of the internet was chocking up from that attack. In the following days, a few other companies saw very large attacks from the same networks. When the source code was released, it changed the nature of the game because more people became aware of the availability of these devices, and also how to compromise them.
It became a race where different threat actors were competing for the available resources on the internet, trying to get to the systems that were compromisable. The malware continues to evolve, as different people took the code and tweaked it to suit their purposes. Today, we see fairly fragmented groups out there who are attacking at much lower volume, but much higher frequency.
More IoT Devices – With No Security
There is an overwhelming number of new devices that are coming online which have been built with the lowest costs. Most of the devices are not necessary, but they still have a powerful machine inside that can take pictures and upload them to the internet. They are connected to the internet, but have been manufactured at the lowest cost possible. There is very little security at the developmental stage because this involves hiring security professionals and paying them to test the products.
We will see more of these consumer devices come out, with no inbuilt security. In any kind of development project, it is better to have security baked in at the start since it will cost you much more to tack it on later. For big software companies, they have security added to their products from the start, because their customers demand it. For IoT device manufacturers, it is not strictly necessary since most of the consumers don’t even care.
We need to think about protecting ourselves, as entities on the internet from these devices in a different way. We can’t count on these devices to secure themselves, not unless there is some sort of global legislative event that happens where governments collaborate and decide IoT device manufacturers must pass security tests before they can sell their products.
Speaker: Josh Shaul, Vice President, Web Security at Akamai Technologies
Josh Shaul leads Akamai’s web security product management organization and is responsible for driving security product strategy, roadmap and revenue growth. Akamai’s web security products include Kona Site Defender, a cloud-based application security platform, Prolexic DDoS defense, a cloud-based network security platform, Fast-DNS, a cloud-based secure DNS platform, and several other vertical market specific security products and services that leverage Akamai’s unique distributed computing platform to provide a layer of defense that scales across the globe on demand, and in real time. Shaul has nearly 20 years of experience in the information security industry, joining Akamai in 2016.
Akamai is the global leader in Content Delivery Network (CDN) services, making the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere.