Akamai Diversity

The Akamai Blog

WAF: Threat Intelligence, the brain behind the machine

First time I jumped into a plane I was around 10 or 12 years old. The crew, moved by my innocent face and my dazzle, gave me a great gift: they allowed me to enter into the cabin where the pilot was commanding the flight. This is what I saw:

WAF- Threat Intelligence, the brain behind the machine IMG1.png

OK. I didn't take the photo. Credit goes to Naddsy [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons

I guess that it was very difficult for me to hide how amazed I was by that overwhelming set of lights, knobs and monitors. Before my delighted face, the pilot asked me: 

"Do you know what is the most important thing inside this cockpit?"
"The 'insert coin' slot to get extra lives?" I answered (I maybe had too much Pac-Man and flight simulator at that time).
After laughing at my comment, and pointing to the co-pilot, he said "Him and me."

Since then, I haven't received any other invitation to fly in the cockpit, despite my efforts to pretend my best angelical face when the crew walks around, but from that day, even more than how overwhelming was this technological prodigy, what stuck in my head is: the most important think of the technology is who manages it.

This assessment remains true after many years. People are behind technology, since people design, code or build technology. But most times people are also in front of technology, as we are the users, the ones who interpret and get conclusions from it.

A few years ago, while interviewing a candidate who was applying for a job at Akamai, I was asked what makes Akamai different. My answer was: "three things: the products, the platform and the people...and probably, in the reverse order."

Akamai has been developing a cloud-based product strategy since it was founded in 1998. And when we extended this approach to security products, especially for the WAF, not everybody agreed it was the right thing to do. However, time proved us right. The ubiquity of the Akamai platform is key to providing such high security standards but here, like in the airplane 30 years ago, the most important thing is who designs and manages the technology. And this human factor becomes critical when it comes to security.

It is not only critical that the product concept, design and development are excellent, but once the product is commercially available, the services provided over the product are essential to foster the success. So, as well as evaluating the product itself, a company thinking about different security providers should make these questions:

  • What are the human resources my future provider has?
  • What is their experience when it comes to tackle security problems that will affect me?
  • Who else trusted these people?
  • What are the routines they have to keep the team up and running and trained in the newest threats?
  • What processes do they follow to detect and investigate and how they handle and share their conclusions?
  • How proactive will my provider be when I am under attack?
  • Which cases support their experience?

Ultimately, it can all be boiled down to "how will they help me day after day and, in particular, when I am under attack?"

Akamai has 4 different dedicated and specific teams covering security events:

  • Security Professional Services: This team is comprised of Solution Architects that are typically assigned to customers and help managing security products, from the initial WAF or DDoS mitigation set up, to continuously evaluating customer needs and updating WAF rules or eventual interventions and training
  • Security Incident Response Team: This team, with different professionals specialized in network layer attacks, application layer attacks and other kind of attacks that have some relationship with Akamai scope, analyzes data searching for patterns that lead to think that an attack is taking place. This team performs an on-going and exhaustive research using internal and external data and correlating data from one or more sources. The outcome of this research is regularly published, as long as it doesn't compromise the security of any customer, in www.stateoftheinternet.com. The State of the Internet Security Report, published quarterly, is arguably one of the most important pieces of documentation produced by this team, which also publishes Threat Advisories for individual threats.
  • Threat Intelligence Team: This team's main task is analyzing all the information relative to security events happening in the Akamai platform. This information, called Cloud Security Intelligence (that adds up to more than 20 TB daily nowadays) is set under a deep scrutiny performed by this Big Data scientists. The conclusions are used to refine and improve our security tools and products. They are also used as one of the main sources for the State Of The Internet Security Report.
  • Security Operation Center (SOC): This is the team in charge to deal and respond to attacks. It is distributed in 5 locations (Fort Lauderdale in Florida, Cambridge in Massachusetts, Krakow in Poland, Bangalore in India and Tokyo in Japan). The team receives the alerts and manages them in real time, proactively reaching out to customers that have this service included and managing the defense strategy against threats and attacks.

These 4 teams, which are comprised of several hundreds of Internet security experts, work in coordination, so the services offered to organizations working with us is tackled from different perspectives, in a continuous feedback cycle. Ultimately, it leads to excellence in service.

It seems that both the pilot 30 years ago and myself in that interview, were right in giving the most credit to the human factor in every technological project.