Akamai CSO Details Cyber-Security Challenges and Improvements

Akamai Technologies operates one of the world's largest content delivery networks (CDNs), as well as providing organizations with security services including distributed denial-of-service (DDoS) protection and web application firewall (WAF) capabilities.

In a video interview with eWEEK, Akamai's Chief Security Officer Andy Ellis provides insight into security challenges old and new that face Akamai and its customers.

One of the challenges that Akamai deals with is the increasing volume of DDoS attacks that are over 100G bps of bandwidth. Defending against large-scale DDoS requires a combination of increased bandwidth and improved mitigation techniques.

"At the front end you always have to be able to absorb attack connections that come in," Ellis said. "If someone is throwing a 10T-bps attack and you don't have 10T bps of bandwidth to your front door, you are going to lose."

There are, however, techniques to make attacks more expensive for attackers. For Akamai's own infrastructure, it isn't making extensive use of virtualization to minimize DDoS attacks; rather, Ellis said Akamai flexibly load balances capacity across services.

"When you're moving around 30T bps of normal traffic, you have to be able to spin up capacity in one place and minimize needs in other places," Ellis said. "We try not to do that virtually, since we run our services fairly hot in general and overhead of virtualization historically was always reasonably high."

While DDoS attacks remain a concern, there are other interesting attacks that Ellis has seen. Among them is an attack that occurred against an Akamai customer's unused IP address space. Hackers hijacked the unused space and then launched attacks from the IP addresses. When complaints about the offending IP addresses were made, they came back to the original organization that actually owned the previously unused addresses.

Providing support for internet of things (IoT) devices over an extended period of time is also seen as a growing cyber-security challenge.

"There is a lot of concern about devices that get deployed and will remain deployed and how the companies that are responsible for managing devices persist with them over the long haul," Ellis said.

Watch the full video interview with Andy Ellis, chief security officer at Akamai Technologies, above.