Big Data Intelligence - Or Katz, Akamai and Tsvika Klein, Akamai
-
Upload
akamai-technologies -
Category
Technology
-
view
2.399 -
download
1
description
Transcript of Big Data Intelligence - Or Katz, Akamai and Tsvika Klein, Akamai
Big Data IntelligenceOr Katz, Principal Security Researcher
Tsvika Klein, Security Product Manager
©2013 AKAMAI | FASTER FORWARDTM
August 30 2013Cyber Attack
Origin: syria
target: major US media sitestype: Orchestrated & synced recon
scan & d.d.o.s
outcome: attacks blocked by akamai konaanalysis: further analysis made using
Akamai’s security big data platform...
©2013 AKAMAI | FASTER FORWARDTM
Aug-20 Sep-11Aug-30 Sep-4
Attacks from Syria (Aug-Oct)
Avg. Attacks from Syria (2013)
سوريا (Syria) Google Trends
Attacks from TOR Network
©2013 AKAMAI | FASTER FORWARDTM
The AUG-30 Syrian Attack Deconstructed…
©2013 AKAMAI | FASTER FORWARDTM
Big Data - Introduction
©2013 AKAMAI | FASTER FORWARDTM
Akamai is Big Data
30% of Internet traffic Delivered by Akamai
100K+ Edge servers Collecting data in real time
734 Million IPv4 addresses seen by Akamai (quarterly)
30 Billion Security events logged
260 Terabytes Compressed daily logs
Security Big Data Challenge #1
Security Big Data Challenge #2
©2013 AKAMAI | FASTER FORWARDTM
Rate Triggers
IP Table Logs
WAF Triggers
Akamai’s Big Data Platform – High Level Architecture
Big Data Platform
Geo InfoGeo Info
HTTPHTTP
IPIP
Client Reputatio
n
SARA Client Reputation Threat Reports
©2013 AKAMAI | FASTER FORWARDTM
Security Analytics with SARA
• Interactive Tool to Analyze Kona Events
• Reporting Engine to generate the WAF Analysis Report
©2013 AKAMAI | FASTER FORWARDTM
Client Reputation
Record past behavior and use the data to protect everyone
• Analyze activity over the Internet• We see majority of all Web users over period of one month
• Focus on the source of the attack
• Identify good and bad clients based on past behavior
• Define an attack reputation score for clients
• Filter malicious client based on reputation score
• Distributed to over 100K Edge servers
• Shared across our customers
©2013 AKAMAI | FASTER FORWARDTM
Client Reputation Definition
“To provide security intelligence … a reputation provider must take
action in three phases. It must collect relevant data, it must analyze this
data for security intelligence … and it must distribute the results quickly
and efficiently to security policy enforcement ...”
Source: Gartner, Dec 2012
©2013 AKAMAI | FASTER FORWARDTM
Big Data analysis – Use cases
•
•
•
©2013 AKAMAI | FASTER FORWARDTM
Web LOIC
©2013 AKAMAI | FASTER FORWARDTM
Web LOIC Attack
Attackers!
©2013 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
©2013 AKAMAI | FASTER FORWARDTM
Scraping Bot Net
Attacker - $?$?$
©2013 AKAMAI | FASTER FORWARDTM
Anonymous Networks
• Tor
• Opera mini (cloud browsing)
• Blackberry infrastructure
• Cloud services
©2013 AKAMAI | FASTER FORWARDTM
Big Data - Summary
• Insight like never before
• Helps to address the evolving threat landscape
• Innovative security solutions to protect our customers
©2013 AKAMAI | FASTER FORWARDTM
Glance into the Future
Fraud Prevention
Risk Based Authentication
Adaptive Security Controls
Simplified Configuration