state of the internet: security | ddos and application ......title: state of the internet: security...
TRANSCRIPT
1Executive Summary: [state of the internet] / security: Volume 5, Issue 1
Editor’s NotesHappy 2019! It’s a new year, and what better time to look back at 2018 to fully
prepare for what is heading our way? Looking at things that occurred, and how your
team reacted to them, should be something to have an open and honest conversation
about. What are your short-term and long-term goals for your business and your
security teams?
This kind of foresight and goal setting is what will hopefully set your business up for
a successful year. Since security professionals are in the business of trying to predict
and protect, stress is — anecdotally speaking — a concern in our careers. Conferences
have started to create specific tracks on stress and burnout within this industry.
Amanda Berlin of Mental Health Hackers is our guest author for this edition, and she
tackles the issue head on.
The DDoS Attack That Wasn’tSometimes an “attack” isn’t exactly that. What at first looked like a massive DDoS
attack turned out to be a warranty tool gone haywire.
1.4E+09
1.2E+09
1E+09
800000000
600000000
400000000
200000000
012:00 AM 4:48 AM 9:36 AM 2:24 PM 7:12 PM 12:00 AM 4:48 AM 9:36 AM
Reqs
2Executive Summary: [state of the internet] / security: Volume 5, Issue 1
Traffic volume reached 875,000 requests per second at one point. Originally, the
traffic from earlier visits to the customer’s domain were a mix of GET and POST
requests, but during the incident, that traffic turned to an unrelenting stream of POST
requests that almost crashed the database Akamai uses to log such things.
More Bots, More ProblemsBot defense systems aim to accomplish one goal: Block bad bot traffic, while allowing
both humans and good bots to access the website. However, when a majority of the
traffic to your online business presence comes from bots, there can be a profound
ripple effect. This ripple effect spreads across multiple risks associated with bot traffic,
including performance issues (e.g., slow websites and frustrated customers) and
increases in IT expenses.
If that’s not enough, you’ve also got to deal with the bots responsible for DDoS
attacks, ad fraud, SEO spam, and credential stuffing, to name a few. And those
bad bots? They’ll try anything they can to avoid detection. Bots are big money for
attackers, and they’re constantly evolving to circumvent new defenses.
User Behavior Analysis
Browser Fingerprinting
HTTP Anomaly Detection
Rate Limiting
SophisticatedSimple
IP Blocking
SingleIP
MultipleIPs Low
RequestRate
RandomizedUser Agent
BrowserImpersonation
SessionReplay
FullCookieSupport
JavascriptSupport
BrowserFingerprintSpoofing
RecordedHuman
Behavior
EVOLVING BOT LANDSCAPE
DETECTION
3Executive Summary: [state of the internet] / security: Volume 5, Issue 1
As the world’s largest and most trusted cloud delivery platform, Akamai makes it easier for its customers to provide the best and
most secure digital experiences on any device, anytime, anywhere. Akamai’s massively distributed platform is unparalleled in scale,
giving customers superior performance and threat protection. Akamai’s portfolio of web and mobile performance, cloud security,
enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7/365 monitoring. To learn
why the top financial institutions, online retail leaders, media and entertainment providers, and government organizations trust
Akamai, please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. Published 01/19.
Looking ForwardYou can’t understand when something unusual is happening if you don’t have a
baseline understanding of the norm on the network. This becomes more difficult
almost every day as new tools, new technologies, and massive changes happen
on the network to meet the needs of the enterprise, but that doesn’t mean any
organization can stop trying. As we continue on into 2019, we expect to see attackers
utilizing the new tools, technologies, and techniques to try to circumvent the
protections we put in place.
If you are interested in learning more about the methodologies that were used to
curate the data in the report, we have included a whole section that delves a little
deeper.
For a more in-depth look at these stories, please download the State of the Internet / Security: DDoS and Application Attacks report, Volume 5, Issue 1.