Big Data IntelligenceOr Katz, Principal Security Researcher

Tsvika Klein, Security Product Manager

©2013 AKAMAI | FASTER FORWARDTM

August 30 2013Cyber Attack

Origin: syria

target: major US media sitestype: Orchestrated & synced recon

scan & d.d.o.s

outcome: attacks blocked by akamai konaanalysis: further analysis made using

Akamai’s security big data platform...

©2013 AKAMAI | FASTER FORWARDTM

Aug-20 Sep-11Aug-30 Sep-4

Attacks from Syria (Aug-Oct)

Avg. Attacks from Syria (2013)

سوريا (Syria) Google Trends

Attacks from TOR Network

©2013 AKAMAI | FASTER FORWARDTM

The AUG-30 Syrian Attack Deconstructed…

©2013 AKAMAI | FASTER FORWARDTM

Big Data - Introduction

©2013 AKAMAI | FASTER FORWARDTM

Akamai is Big Data

30% of Internet traffic Delivered by Akamai

100K+ Edge servers Collecting data in real time

734 Million IPv4 addresses seen by Akamai (quarterly)

30 Billion Security events logged

260 Terabytes Compressed daily logs

Security Big Data Challenge #1

Security Big Data Challenge #2

©2013 AKAMAI | FASTER FORWARDTM

Rate Triggers

IP Table Logs

WAF Triggers

Akamai’s Big Data Platform – High Level Architecture

Big Data Platform

Geo InfoGeo Info

HTTPHTTP

IPIP

Client Reputatio

n

SARA Client Reputation Threat Reports

©2013 AKAMAI | FASTER FORWARDTM

Security Analytics with SARA

• Interactive Tool to Analyze Kona Events

• Reporting Engine to generate the WAF Analysis Report

©2013 AKAMAI | FASTER FORWARDTM

Client Reputation

Record past behavior and use the data to protect everyone

• Analyze activity over the Internet• We see majority of all Web users over period of one month

• Focus on the source of the attack

• Identify good and bad clients based on past behavior

• Define an attack reputation score for clients

• Filter malicious client based on reputation score

• Distributed to over 100K Edge servers

• Shared across our customers

©2013 AKAMAI | FASTER FORWARDTM

Client Reputation Definition

“To provide security intelligence … a reputation provider must take

action in three phases. It must collect relevant data, it must analyze this

data for security intelligence … and it must distribute the results quickly

and efficiently to security policy enforcement ...”

Source: Gartner, Dec 2012

©2013 AKAMAI | FASTER FORWARDTM

Big Data analysis – Use cases

•

•

•

©2013 AKAMAI | FASTER FORWARDTM

Web LOIC

©2013 AKAMAI | FASTER FORWARDTM

Web LOIC Attack

Attackers!

©2013 AKAMAI | FASTER FORWARDTM

Grow revenue opportunities with fast, personalized

web experiences and manage complexity from peak

demand, mobile devices and data collection.

©2013 AKAMAI | FASTER FORWARDTM

Scraping Bot Net

Attacker - $?$?$

©2013 AKAMAI | FASTER FORWARDTM

Anonymous Networks

• Tor

• Opera mini (cloud browsing)

• Blackberry infrastructure

• Cloud services

©2013 AKAMAI | FASTER FORWARDTM

Big Data - Summary

• Insight like never before

• Helps to address the evolving threat landscape

• Innovative security solutions to protect our customers

©2013 AKAMAI | FASTER FORWARDTM

Glance into the Future

Fraud Prevention

Risk Based Authentication

Adaptive Security Controls

Simplified Configuration