Absorbing DDoS; Akamais Kona security service

Bob Tarzey, Analyst and Director Feb 2013

Quocirca Comment
Even amongst those outside the IT industry it is popular to speculate where we would be without the internet; what would happen if you could switch if off over night? Those in the know like to point out that fault tolerance, through alternative routing, was one of this reasons for the internets conception back in the 1960s. Anyway how could you make the internet disappear overnight? One way, at least for a regional outage, would be a sudden widespread failure of power supply. This can be caused by adverse weather (e.g. ice storms bringing down power lines), solar storms (which could cause transformers within national power grids to melt) or some other catastrophe such as a tsunami or meteorite impact (the dinosaurs didnt have an internet to worry about!) There is one other less dramatic way the internet could be brought grinding to halt or at least become uselessly slow for many users and that is if Akamai Technologies Inc. closed up shop. Akamai is little known to those outside the IT industry and often forgotten by those within. However, for those interested in the performance of the internet Akamai is one of those brand names that has transmuted from a noun to verb. You will hear said of a web site or on-demand application that has been Akamaised. If you have ever wondered why it is that iPlayer can actually deliver BBC content to you so efficiently wherever you can legally watch it, why pictures appear so quickly when you view profiles on certain social networks or why you down load iTunes content so quickly, it is because all these internet services have been Akamaised. Akamai states publically that its platform delivers around 30% of all web traffic; in private it reckons it is considerably more than this. Akamais platform consists of over 115,000 servers distributed around the globe. It uses these to cache popular content and applications close to those that want to use them. This saves its customers having to do the same; they run their main central servers and Akamai ensures local copies are available in remote places. In the 14 years since it was founded Akamai has made use of its platform to move way beyond pure web content distribution (a service it calls Aqua) and video distribution (Sola). Other services include enterprise application acceleration (Terra), network traffic security (Kona) and a line of managed and licensed content distribution offerings for network operators (Aura). The Kona security service particularly intrigued Quocirca. Having spoken to an Akamai customer, it was clear that it saw Kona as supplementary to other security measures not an alternative to them, but very much a front line defence. Kona protects against two basic types of threat; it can spot attempts to exploit known vulnerabilities such as SQL injection and cross site scripting and it can keep DDoS attacks at bay. In both cases doing so way out in the cloud before attacks get close to home. With DDoS attacks there is an important reason for Akamai customers in particular to look at adding Kona to their other Akamai subscriptions. At one level Akamai helps prevent the impact of a DDoS attack for any of its customers as the sheer scale of its network means the attack can be absorbed. However, it is not part of Akamais remit to detect and stop such an attack, the effect of being Akamaised will be to speed up a DDoS attack. This may not be catastrophic because of Akamais absorbent properties, but it could lead to a hugely increased bill for the underlying Akamai services which are charged for based on traffic volumes. These could double, triple or worse during a DDoS attack. However, for customers that include Kona there is an insurance component; if traffic rises above an average back ground level due to a DDoS attack

Absorbing DDoS; Akamais Kona security service

http://www.quocirca.com

2013 Quocirca Ltd

then Akamai will not charge for the increased traffic but absorb it and then block the attack as part of the service. Akamai provides fundamental services that enable much of the internet as we know it to operate efficiently. Take those services away and there would be big problems. Akamai may like to better known, however, it should be careful about what it wishes for. To Google may make sense to the man or woman on the street, but to Akamaise would not. Lay people do not need to know about such background services, however important. The danger for Akamai is it will become well known one day because some of its services fail. Perhaps it is best to focus on operating competently and unseen in the background rather than seeking the limelight.

This article first appeared Infosecurity Magazine

as

blog

on

http://www.infosecuritymagazine.com/blog/2012/11/7/absorbing-ddosakamais-kona-security-service/684.aspx

Absorbing DDoS; Akamais Kona security service

http://www.quocirca.com

2013 Quocirca Ltd

About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of realworld practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption the personal and political aspects of an organisations environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to advise on the realities of technology adoption, not the promises. Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, but often fails to do so. Quocircas mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time. Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community. Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocircas clients include Oracle, IBM, CA, O2, T-Mobile, HP, Xerox, Ricoh and Symantec, along with other large and medium sized vendors, service providers and more specialist firms.

Full access to all of Quocircas public output (reports, articles, presentations, blogs and videos) can be made at http://www.quocirca.com

Absorbing DDoS; Akamais Kona security service

http://www.quocirca.com

2013 Quocirca Ltd