DDoS, or distributed denial of service, is a type of cyberattack that tries to make a website or network resource unavailable by flooding it with malicious traffic so that it is unable to operate.

DDoS attack meaning

In a distributed denial-of-service (DDoS) attack, an attacker overwhelms its target with unwanted internet traffic so that normal traffic can’t reach its intended destination.

From a high level, a DDoS or DoS attack is like an unexpected traffic jam caused by hundreds of bogus ride-share requests. The requests appear to be legitimate to ride-share services, and they dispatch drivers for pickup that inevitably clog up the city streets. This prevents regular legitimate traffic from arriving at its destination.

During a DDoS attack, attackers use large numbers of exploited machines and connected devices across the internet — including Internet of Things (IoT) devices, smartphones, personal computers, and network servers — to send a flood of traffic to targets.

A DDoS or DoS attack is like a traffic jam

A DDoS attack on a company’s website, web application, APIs, network, or data center infrastructure can cause downtime and prevent legitimate users from buying products, using a service, getting information, or any other access.

How does a DDoS attack work?

DDoS attacks exploit networks of internet-connected devices to cut off users from a server or network resource, such as a website or application they may frequently access.

To launch a DDoS attack, attackers use malware or take advantage of security vulnerabilities to maliciously infect and gain control over machines and devices. Each computer or infected device, called a “bot” or “zombie,” becomes capable of spreading the malware further and participating in DDoS attacks. These bots form bot armies called “botnets” that leverage their strength in numbers and amplify the size of an attack. And because the infection of IoT devices often goes unnoticed — just like that pesky B-movie zombie that you didn’t realize was infected — legitimate device owners become secondary victims or unknowing participants, while attackers remain hard to identify by the victimized organization.

Once an attacker has built a botnet, they are able to send remote instructions to each bot, directing a DDoS attack on the target system. When a botnet attacks a network or server, the attacker instructs individual bots to send requests to the victim’s IP address. Just as we humans have one-of-a-kind fingerprints, our devices have a unique address that identifies them on the internet or local network. The overwhelming traffic leads to a denial of service, preventing normal traffic from accessing the website, web application, API, or network.

Sometimes botnets, with their networks of compromised devices, are rented out for other potential attacks through “attack-for-hire” services. This allows people with malicious intent but no training or experience to easily launch DDoS attacks on their own.

Types of DDoS attacks

There are many different types of DDoS attacks, and attackers often use more than one type to wreak havoc on their targets. Three key types are volumetric, protocol, and application-layer attacks. The purpose of all attacks is to severely slow down or stop legitimate traffic from reaching its intended destination. For example, this could mean stopping a user from accessing a website, buying a product or service, watching a video, or interacting on social media. Additionally, by making resources unavailable or diminishing performance, DDoS can cause business to grind to a halt. This can result in preventing employees from accessing email or web applications, or conducting business as usual.

To further understand how DDoS attacks work, let’s break down the different pathways attackers can take. The Open Systems Interconnection (OSI) model is a layered framework for various networking standards and contains seven different layers. Each layer of the OSI model has a unique purpose, like the floors of an office building where different functions of a business take place on each floor. Attackers target different layers depending on what type of web or internet-facing asset they’d like to disrupt.

Volumetric DDoS Attacks

 

Protocol DDoS Attack

 

Application-Layer DDoS Attacks

 

What is a volumetric DDoS attack?

The intent of a volume-based DDoS attack is to overwhelm a network with massive amounts of traffic by saturating the bandwidth of the intended victim resource. The large quantities of attack traffic block legitimate users from accessing the application or service, preventing traffic from flowing in or out. Depending on the target, stopping legitimate traffic could mean a bank customer may be unable to pay a bill on time, ecommerce shoppers are unable to complete online transactions, a hospital patient could be barred from their medical records, or a citizen could find themselves unable to view their tax records from a government agency. No matter the organization, blocking people from a service they expect to use online has a negative impact.

Volumetric attacks use botnets created with armies of individual malware-infected systems and devices. Controlled by an attacker, bots are used to cause congestion between a target and the internet at large with malicious traffic that saturates all available bandwidth.

An unforeseen onslaught of bot traffic can significantly slow down or prevent access to a web resource or internet-facing service. Since bots take over legitimate devices to amplify bandwidth-intensive DDoS assaults, often unknowingly to the user, the malicious traffic is difficult for the victimized organization to detect.

There are a variety of volumetric DDoS attack vectors used by threat actors. Many leverage reflection and amplification attack techniques to overwhelm a target network or service.

What is a UDP flood DDoS attack?

UDP floods are frequently chosen for larger-bandwidth DDoS attacks. Attackers attempt to overwhelm ports on the targeted host with IP packets containing the stateless UDP protocol. The victim host then looks for applications that are associated with the UDP packets, and when not found, sends a “Destination Unreachable” back to the sender. The IP addresses are often spoofed to anonymize the attacker, and once the targeted host becomes inundated with attack traffic, the system becomes unresponsive and unavailable to legitimate users.

What is a Domain Name System (DNS) reflection/amplification DDoS attack?

Domain Name System or DNS reflection attacks are a common type of attack vector where cybercriminals or hackers spoof the IP address of their target to send large amounts of requests to open DNS servers. In response, these DNS servers respond back to the malicious requests by the spoofed IP address, thereby creating an attack on the intended target through a flood of DNS replies. Very quickly, the large volume of traffic created from the DNS replies overwhelms the victim organization’s services, making them unavailable and preventing legitimate traffic from reaching its intended destination.

What is an ICMP flood DDoS attack?

Internet Control Message Protocol (ICMP) is primarily used for error messaging and typically does not exchange data between systems. ICMP packets may accompany Transmission Control Protocol (TCP) packets that enable application programs and computing devices to exchange messages over a network, when connecting to a server. An ICMP flood is a Layer 3 infrastructure DDoS attack method that uses ICMP messages to overload the targeted network’s bandwidth.

What is a protocol DDoS attack?

Protocol attacks attempt to consume and exhaust compute capacity of various network infrastructure resources like servers or firewalls via malicious connection requests that exploit protocol communications. Synchronization (SYN) floods and Smurf DDoS are two common types of protocol-based DDoS attacks. Protocol attacks can be measured in packets per second (pps) as well as bits per second (bps).

What is a SYN flood DDoS attack?

One of the main ways people connect to internet applications is through the Transmission Control Protocol (TCP). This connection requires a three-way handshake from a TCP service — like a web server — and involves sending a SYN (synchronization) packet from where the user connects to the server, which then returns a SYN-ACK (synchronization acknowledgement) packet, which is ultimately answered with a final ACK (acknowledgement) communication back to complete the TCP handshake.

During a SYN flood attack, a malicious client sends a large volume of SYN packets (part one of the usual handshake) but never sends the acknowledgement to complete the handshake. This leaves the server waiting for a response to these half-open TCP connections that eventually run out of capacity to accept new connections for services that track connection states. 

A SYN flood attack is like a terrible prank by the entire graduating class of a really big high school, where each student calls the same pizza restaurant and orders a pie during the same time frame. Then, when the delivery person goes to pack up, she realizes that there are too many pizzas to fit in her car and there are no addresses on the orders — so all delivery stops.

What is a Smurf DDoS attack?

The name of this DDoS attack is based on the concept that numerous tiny attackers can overwhelm a much larger opponent by sheer volume, just like the fictional colony of small blue humanoids that are its namesake.

In a Smurf distributed denial-of-service attack, large numbers of Internet Control Message Protocol (ICMP) packets with an intended target’s spoofed source IP are broadcast to a computer network using an IP broadcast address. By default, most devices on a network will respond by sending a reply to the source IP address. Depending on the number of machines on the network, the victim’s computer may be slowed down to a crawl from being flooded with traffic.

What is an application-layer DDoS attack?

Example: HTTP flood attack

Conducted by flooding applications with malicious requests, application-layer attacks are measured in requests per second (RPS). Also called Layer 7 DDoS attacks, these attacks target and disrupt specific web applications, not entire networks. While difficult to prevent and mitigate, they are among the easier DDoS attacks to launch.

In comparison, it’s easy to startle a herd of horses into a stampede but almost impossible to get them under control again. Application-layer attacks are like that: easy to implement, hard to slow down or stop, and specific to a target.

How to defend against DDoS attacks

With a strong DDoS strategy and runbook in place, organizations can protect against and limit disruption from DDoS attacks. The high-capacity, high-performance, and always-on anti-DDoS protection of cloud-based solutions can prevent malicious traffic from reaching a website or interfering with web API communications. A cloud-based scrubbing service can quickly mitigate attacks that target non-web assets, like network infrastructure, at scale.

DDoS protection

In a constantly evolving attack landscape, DDoS protection through a mitigation provider that takes a defense-in-depth approach can keep organizations and end users safe. A DDoS mitigation service will detect and block DDoS attacks as quickly as possible, ideally in zero or a few seconds from the time that the attack traffic reaches the mitigation provider’s scrubbing centers. Because attack vectors keep changing and attack sizes keep getting bigger, to achieve the best DDoS protection, a provider must continually invest in defense capacity. To keep up with large, complex attacks, the right technologies are needed to detect malicious traffic and begin robust defensive countermeasures to mitigate attacks quickly.

DDoS mitigation providers filter out malicious traffic to prevent it from reaching the intended targeted asset. Attack traffic is blocked by a DDoS scrubbing service, a cloud-based DNS service, or a CDN-based web protection service. Cloud-based mitigation removes attack traffic before it reaches the target.

What is DDoS cloud scrubbing?

DDoS scrubbing can keep your online service or business up and running, even during an attack. Unlike CDN-based mitigation, a DDoS scrubbing service can protect across all ports, protocols, and applications in the data center, including web- and IP-based services. 

Organizations direct their network traffic in one of two ways: via a Border Gateway Protocol (BGP) route advertisement change or DNS redirection (A record or CNAME) to the mitigation provider’s scrubbing infrastructure. Traffic is monitored and inspected for malicious activity, and mitigation is applied if DDoS attacks are identified. Typically, this service can be available in both on-demand and always-on configurations, depending on an organization’s preferred security posture — although more organizations than ever before are moving to an always-on deployment model for the fastest defensive response.

What is a CDN-based DDoS defense?

A properly configured advanced content delivery network (CDN) can help defend against DDoS attacks. When a website protection service provider uses its CDN to specifically accelerate traffic using HTTP and HTTPS protocols, all DDoS attacks targeting that URL can then be dropped at the network edge. 

This means that Layer 3 and Layer 4 DDoS attacks are instantly mitigated, as this type of traffic is not destined for web ports 80 and 443. As a cloud-based proxy, the network sits in front of a customer’s IT infrastructure and delivers traffic from end users to the websites and applications. Because these solutions operate in-line, web-facing assets are protected at all times without human interaction from network-layer DDoS attacks. 

For application layer–specific defense, organizations should look to deploy a web application firewall to combat advanced attacks, including certain types of DDoS attacks like http requests, HTTP GET, and HTTP POST floods, which aim to disrupt Layer 7 application processes of the OSI model.

What are the benefits of a DDoS mitigation service?

Organizations can reduce their attack surface while also reducing risk of business-impacting downtime and disruption by deploying DDoS-specific cybersecurity controls. This type of defense can thwart an attack while allowing legitimate visitors to access your organization online as they normally would. DDoS protection prevents malicious traffic from reaching its target, limiting the impact of the attack, while allowing normal traffic to get through for business as usual.

How can you stop a DDoS attack?

During mitigation, your DDoS protection provider will deploy a sequence of countermeasures aimed at stopping and diminishing the impact of a distributed denial-of-service attack. As modern attacks become more advanced, cloud-based DDoS mitigation protection helps to provide defense-in-depth security at scale, keeping back-end infrastructure and internet-facing services available and performing in an optimal manner.

Through DDoS attack protection services, organizations can:

• Reduce the attack surface and business risk associated with DDoS attacks
• Prevent business-impacting downtime
• Guard against web pages from going offline
• Increase speed to respond to a DDoS event and optimize incident response resources
• Shorten the time to understand and investigate a service disruption
• Prevent loss of employee productivity
• More quickly deploy countermeasures to defend against a DDoS attack
• Prevent damage to brand reputation and bottom line
• Maintain application uptime and performance across digital estates
• Minimize costs associated with web security
• Defend against extortion, ransomware, and other new evolving threats

Learn how Akamai can help protect your web and internet-facing services from DDoS attacks

Akamai provides in-depth DDoS defense through a transparent mesh of dedicated edge, distributed DNS, and cloud scrubbing defenses. These purpose-built cloud services are designed to strengthen DDoS security postures while reducing attack surfaces, improving the quality of mitigation, and reducing false positives, while increasing resiliency against the largest and most complex attacks.

Moreover, the solutions can be fine-tuned to the specific requirements of your web applications and internet-based services.

Edge defense

Akamai architected its globally distributed intelligent edge platform as a reverse proxy to only accept traffic via ports 80 and 443. All network-layer DDoS attacks are instantly dropped at the edge with a zero-second SLA. That means that attackers launching network-layer DDoS attacks don’t stand a chance.

For application-layer DDoS attacks, including those launched via APIs, Kona Site Defender detects and mitigates the attacks while simultaneously granting access to legitimate users.

DNS defense

Akamai’s authoritative DNS service, Edge DNS, also filters traffic at the edge. Unlike other DNS solutions, Akamai specifically architected Edge DNS for availability and resiliency against DDoS attacks. Edge DNS also delivers superior performance, with architectural redundancies at multiple levels, including name servers, points of presence, networks, and even segmented IP anycast clouds.

Cloud scrubbing defense

Prolexic protects entire data centers and hybrid infrastructures from DDoS attacks, across all ports and protocols, with 20 global scrubbing centers and more than 10 Tbps of dedicated DDoS defense. This capacity is designed to keep internet-facing assets available — a cornerstone of any information security program.

As a fully managed service, Prolexic can build both positive and negative security models. The service combines automated defenses with expert mitigation from Akamai’s global team of 225+ frontline SOCC responders. Prolexic also offers an industry-leading zero-second mitigation SLA via proactive defensive controls to keep data center infrastructure and internet-based services protected and highly available.

The post What Is a DDoS Attack? first appeared on Techcity Company Limited.

By now most people have heard about cloud computing services, but what does cloud mean? While cloud services may vary in their particulars, a cloud computing definition identifies the core features and benefits that are common across all clouds.

From the perspective of service users, cloud computing services have these main features:

• Hosted and maintained by the provider. The cloud hosting provider purchases, hosts, and maintains the necessary hardware and software in their own facility. Service users avoid the capital expenditures and maintenance headaches that they would have if they developed the service themselves on-premise.
• Self-service through a web interface. Service users can initiate specific service functions, and increase or decrease their service usage level, though a web interface with little or no interaction with the service provider.
• Pay for use. Service users pay only for the amount of service that they use. This can result in substantial cost savings compared to the traditional approach of developing on-site IT capacities geared toward maximum usage scenarios, and then having that capacity be under-utilized much of the time.
• Near-limitless scalability. Cloud computing services providers typically have the infrastructure to deliver their service at massive scale. For cloud service users, that means that the cloud can easily accommodate business growth or periodic spikes in service usage.

Cloud Computing Services Types

The wide range of services offered by cloud computing companies can be categorized into three basic types:

• Infrastructure as a Service (IaaS). IaaS provides users access to raw computing resources such processing power, data storage capacity, and networking, in the context of a secure data center.
• Platform as a Service (PaaS). Geared toward software development teams, PaaS offerings provide computing and storage infrastructure and also a development platform layer, with components such as web servers, database management systems, and software development kits (SDKs) for various programming languages.
• Software as a Service (SaaS). SaaS providers offer application-level services tailored to a wide variety of business needs, such as customer relationship management (CRM), marketing automation, or business analytics.

Cloud Computing Services Acceleration

Whatever type of cloud computing services you use, one thing is certain: large quantities of data will move back and forth between your end users and the cloud provider’s data centers, over the internet.

That’s why whatever type of cloud services you use, Akamai can help your organization have a better cloud experience and reap greater benefits from your cloud services investment.

Leveraging our own global cloud network consisting of more than 216,000 application acceleration servers in over 120 countries, Akamai enables our customers to experience consistent high performance from the IaaS, PaaS, and SaaS services that they use, thereby boosting adoption rates and user productivity. In support of mobile cloud computing, we also offer services for automated content transformation and optimization, so your end users can tap into the cloud from any device, from anywhere, at any time.

The post Cloud Computing Services first appeared on Techcity Company Limited.

You could think of a CDN like an ATM. Having a cash machine on practically every corner makes it fast and efficient to get money. There’s no wait time in long bank lines, and the ATMs are placed in many convenient locations for immediate access.

CDN services were created to solve the problem of network congestion caused by delivering rich web content, such as graphics and video over the internet — much like a traffic jam. Getting content from centrally located servers to individual users simply took too long. CDNs have now grown to include everything from text, graphics, scripts, and media files to software downloads, documents, portals, ecommerce, live streaming media, on-demand video streaming media, and social media sites.

CDNs can also provide websites with increased protection against malicious actors and security concerns like distributed denial-of-service (DDoS) attacks.

What is an example of a CDN?

A large portion of all internet content is delivered through CDNs. Here is a simple example:

If you were in New York and wanted to view the website of your favorite store in London that’s hosted on a server in the UK, you would experience slow content load times if the request had to travel all the way across the Atlantic Ocean. To remedy this, a CDN would store a cached version of the London website content in multiple geographical locations around the world, also called “points of presence” (PoPs). These PoPs contain their own caching servers and are responsible for delivering that content close to where you’re located in New York.

Content delivered from a server closest to your physical location gives you a faster, high-performance web experience.

Download Delivery

High-performance delivery of file based content from Akamai’s globally distributed content delivery network (CDN).

Read now

How does a CDN work?

The mission of a CDN is to reduce latency. Latency is that annoying delay you experience when trying to access a web page or video stream before it fully loads on your device. Although measured in milliseconds, it can feel like forever, and may even result in a load error or time-out. Some content delivery networks alleviate latency by reducing the physical distance that the content needs to travel to reach you. Therefore, larger, more widely distributed CDNs are able to deliver web content more quickly and reliably by putting the content as close to the end user as possible.

Let’s say it’s the weekend and you want to kick back and stream the latest Hollywood movie release — the CDN finds an optimal server on its network to serve up that video. Usually, that will be the server closest to your physical location. The media files will be cached and remain on that content delivery network server for other user requests in the same geographic area. If the content you requested is unavailable or outdated, the CDN service will store the newly fetched content to serve any future requests.

While the delivery of website content is a common use for CDNs, it’s not their only function. In fact, CDNs deliver a wide variety of content that includes: 4K and HD-quality video, audio streams, software downloads such as apps, games, and OS updates, and much more. Potentially any data that can be digitized can be delivered through a content delivery network.

What is a CDN host?

Although CDNs aren’t web hosts and don’t deliver items over the last mile to consumers, content delivery network servers are geographically distributed to cache content closer to users and their ISPs wherever they are in the world. This temporary content storage at the network edge makes it possible to reduce latency and deliver the same content to multiple users for more efficient access.

For network operators, also known as wireless service providers or mobile network carriers, that are struggling to keep up with the never-ending demand for online video, a CDN hosting platform can be a highly effective and cost-efficient solution to stay competitive. A content delivery network can enable operators to provide a fast, secure, reliable online experience with the consistent quality that people expect on every web-enabled device.

Why is a CDN needed?

For over 20 years, CDNs have formed the unseen backbone of the internet — delivering online content for shopping, banking, healthcare, and other businesses quickly and at scale.

Without CDNs, with their ability to replicate and store information from origin servers and then bring digital content close to where users access the web, the internet might be slowed to a crawl.

You may not realize it, but if you’ve done almost anything online, a CDN has probably helped provide you with a fast, reliable, and consistent experience. Here’s a simple example of how content delivery networks manage traffic behind the scenes to make that happen:

A CDN balances overall traffic to give everyone accessing internet content the best web experience possible. Think about it like routing traffic in the real world. There may be one route that’s usually the fastest from point A to point B if no other cars take it — but if it starts getting congested, it’s better for everyone if the traffic gets spread out over a few different routes. That may mean that you get sent on a roadway that’s a few minutes longer (or microseconds, when scaled to internet speeds) but you don’t get stuck in the traffic jam that’s forming on the route that is typically the fastest. It may also mean that you get sent on that fastest regular route, but without getting bogged down in traffic, because other cars are being sent on longer paths. So, it’s not a matter of slowing down, it’s about load-balancing and fully using all available resources.

The fact is, without CDNs, we’d all be stuck in traffic jams a lot more often when surfing the web. 

Who uses CDNs?

Almost everyone that accesses the web uses a CDN. They were created to provide a faster and more reliable experience for people accessing the internet. They are used by the content and application owners and network service providers that supply those benefits to their customers.

CDNs for End Users

Websites and web applications delivered through a CDN experience faster page loads, faster transactions, and a more consistent online experience. However, people may have no idea they are connecting through a content delivery network as they enjoy its benefits, because the technology works behind the scenes. They simply receive what they requested from their ISP or mobile provider.

CDNs for content owners

Content and application owners — including ecommerce sites, media properties, and cloud computing companies — use CDNs to improve customer experiences, lower abandonment rates, increase ad impressions, improve conversion rates, and strengthen customer loyalty. Using a content delivery network can also improve web security, for instance by helping to absorb and mitigate a distributed denial-of-service (DDoS) attack.

CDNs for Network Service Providers

With the explosive growth of online streaming and other rich media services and higher user expectations about web performance across multiple device types, many of today’s network service providers are finding it necessary to deploy their own content distribution networks. For network operators, deploying a content delivery network can reduce subscriber churn, facilitate the development of value-added services, reduce traffic on the core network, and enable operators to sell CDN services to enterprises and third-party content owners.

One of the biggest benefits of a CDN is offload. By responding to a request for web content with a cached version in closer physical and network proximity to the end user — instead of from the server where the content originates — a CDN offloads traffic from content servers and improves the web experience. This means that content can stay within the network operator’s network and reduce the need to engage in peering with other networks or navigating the broader internet to deliver information.

What are the benefits of a CDN?

CDNs carry a large portion of the world’s internet traffic. They help solve the toughest challenges of delivering content over the internet. Businesses from small and medium content providers to the world’s large corporations use content delivery networks to provide a seamless web experience to their customers.

Because the internet was not originally designed to handle the demands of massive amounts of data, live high-definition video, flash sales, and large downloads, CDNs were built to make the internet work better. They help to securely deliver media at scale and enable all of the connected experiences that are part of daily life for most of us today. 

By providing solutions for performance, availability, security, and intelligence, CDNs help the world’s top companies and organizations do business successfully online

Performance

Performance is the difference between a click giving you immediate access to new content and a click followed by a seven-second wait while a page loads or a video buffers. Buffering is that wait time, symbolized by a familiar swirling circle icon on screen, that happens when the internet connection provided by an ISP can’t supply data fast enough.

How does it work? When requested content is cached (pre-saved) by a CDN’s servers, an end user’s ISP or mobile provider gets that content by connecting to a server on the CDN’s network, rather than waiting for their request to go directly to the origin. An origin server, where the content you are trying to access lives, may be far away from your physical location. If so, a CDN will bring that content closer to you, improving speed and performance. For example, let’s say that Fashion House X (FHX) from Milan, Italy, releases its new lineup for online orders. Fashion lovers in New York, Paris, Rio De Janeiro, and Tokyo all go online to make their orders. If FHX isn’t using a cloud content management system, the request from each end user must go all the way to Milan and back. However, if FHX uses a CDN and has preloaded its content across the CDN, each user can access the new content from servers directly in their city, saving their data hundreds or thousands of miles in round-trip time. 

If the content isn’t already pre-saved, the CDN uses its programmed knowledge of the necessary connections to overcome any challenges. Advanced CDNs use additional technologies that resolve any issues in the delivery of dynamic, or uncacheable, content and to determine the appropriate type of content to deliver to different devices. 

All of this means that, when using a CDN, content providers can deliver fast, quality web experiences to all their end users; no matter what location, browser, device, or network they’re connecting from. Web pages render more quickly, video buffering time is reduced, and users stay more engaged.

Availability

Availability means that content remains accessible to end users even during periods of excessive user traffic when many people are accessing content at the same time or if there are server outages in some parts of the internet. 

When traffic loads peak at millions of requests per second, even the most powerful servers are put to the test. Without a content delivery network, all this traffic must be absorbed by a content provider’s infrastructure. This can cause failures and poor end user experiences. The widely distributed server infrastructure offered by CDNs is designed to alleviate these issues. Advanced CDNs, with their highly distributed architecture and massive server platforms, can absorb tens of Tbps of traffic and make it possible for content providers to stay available to even larger user bases.

As an example, let’s return to FHX in Milan. Its brand is beloved by millions of fashion lovers, and its new lineup generates a lot of excitement. At the moment of launch, fashion lovers from all over the world go online to FHX’s website at the same moment. If FHX is not using a CDN, all of those users would hit its origin server at the same time, causing it to fail. However, if FHX is using a CDN, all of that traffic will be served across the CDN’s hundreds of thousands of servers, keeping FHX’s origin from failing and delivering a quality experience to fashion lovers across the globe. 

Security

As the volume of high-value data and transactions on the internet continues to grow, so do the forces of attackers looking to exploit it. Attacks by malicious actors can cost organizations big money. Along with crimes committed by malicious insiders, DDoS and web-based attacks have been found to be the costliest. 

Denial-of-service attacks and web-based exploits (SQL injection, cross-site scripting, and local or remote file-inclusion attacks) are becoming more common. These attacks are increasingly launched in conjunction using a DDoS attack to divert attention while causing more serious damage with other exploits. In both types of attacks, it is often difficult to distinguish bad traffic from legitimate traffic, and attack strategies continue to evolve rapidly over time, requiring significant dedicated security resources in order to stay up to date on mitigation strategies. 

Given the increasing volatility of the internet threat landscape, helping to secure websites is a critical CDN requirement. Today’s most advanced content delivery networks have made information security a core competency, providing unique cloud-based solutions. CDNs should protect content providers and users by mitigating against a wide array of attacks without malicious entities ever compromising delivery and availability.

Intelligence

As carriers of nearly half of the world’s internet traffic, CDN providers generate vast amounts of data about end-user connectivity, device types, and browsing experiences across the globe. They can use this data to help their customers, giving them critical, actionable insights, and intelligence into their user base. These services may include real-user monitoring and media analytics to measure end-user engagement with web content and cloud security intelligence to keep track of online threats.

Cloud versus CDN

The modern digital experience has expanded how companies deploy their content. CDNs and cloud computing were developed to address challenges the demand for web content and applications create in terms of performance and scalability. But how are they different?

Cloud

Cloud computing environments store information on internet servers instead of on your computer’s hard drive. For end users, this can be a convenient and reliable means for things like web-based email, file storage, file sharing, and backing up data. It’s also how people readily access web applications like social media platforms. Cloud environments consist of hundreds of PoPs with servers centralized in regional locations.

For businesses, the cloud offers lower upfront costs and the ability to scale application infrastructure as needed, expand into new geographies without having to invest in costly new infrastructure, and take advantage of related cloud services to build the latest digital experiences or enterprise applications. 

While the cloud can offer many benefits, organizations often experience unexpected costs when building applications in or migrating applications to the cloud. The dynamic nature of cloud migration projects can make it difficult to maintain performance and availability of digital experiences. 

CDN

A CDN is a network of servers that distributes content from an “origin” server throughout the world by caching content close to where each end user is accessing the internet via a web-enabled device. The content they request is first stored on the origin server and is then replicated and stored elsewhere as needed. By caching content physically close to where a user is and reducing the distance it has to travel, latency is reduced. This process also decreases stress on origin servers by distributing the load geographically across multiple servers.

Some people refer to content delivery networks as “the edge.” The edge is where the physical and digital world meet and interact at the network perimeter. With thousands of PoPs widely distributed around the globe and unmatched capacity and scale, CDNs provide closer proximity to end users. 

This means wherever you are in the world — using your mobile phone, tablet, computer, or other internet-enabled device — the content you want to access will load more quickly. You could be watching a video at home on the couch or checking in to your flight on another continent, and get the same seamless digital experience because of a content delivery network.

CDN Solutions from Akamai, the latest in edge delivery

Akamai’s CDN services were born from a challenge posed by internet founder Tim Berners-Lee, to solve what came to be known as the “world wide wait.” We pioneered edge computing more than 20 years ago by developing sophisticated new techniques to route web traffic, getting content from centrally located servers to early internet users faster. Today, the world’s biggest brands trust Akamai’s solutions and expertise to protect and deliver their digital experiences.

No matter the type of content — from websites, apps, APIs, video, or software — our comprehensive set of content delivery solutions is designed to deliver amazing digital experiences for every user, regardless of location, device, or network. 

Akamai has an unmatched global network capacity of 300+ Tbps and is unparalleled at scale with over 4,200 locations and upwards of 1,400 networks that span 135 countries. With the largest edge delivery platform, we see more of what’s happening on the internet. This means we can deftly avoid bottlenecks and defend at the edge. 

Automated acceleration to deliver the best website and mobile app experiences imaginable

Today’s users demand visually engaging, personalized experiences that are fast on every device, all the time. To deliver on customer expectations, digital businesses craft increasingly complex applications that are loaded with high-res images, videos, personalization, and other third-party content. The outcome can be very costly to optimize, operate, and maintain. The Akamai Ion intelligent performance automation and controls continuously analyze, optimize, and accelerate web and mobile app experiences.

High-quality video playback experiences to any screen

Online audiences may not know, or care, about the challenges you face when it comes to delivering online video. They expect fantastic video playback at all times, despite the many online content delivery challenges that stand in your way. Adaptive Media Delivery is optimized to provide consistent, high-quality video playback experiences across any screen to growing online audiences.

Seamless download delivery

End users expect frictionless download experiences, combining fast downloads and nearly instant updates. An effective and reliable content distribution and download strategy is a key factor in maximizing download completion rates, customer satisfaction, and revenue — whether they are downloading software, an application, a game, or a security patch across the device landscape. Download Delivery is a reliable, high-performance solution optimized to deliver large, file-based content over the internet. 

API Acceleration

APIs play a critical role in today’s fast-paced digital environment where connection speeds are measured in milliseconds. It’s becoming increasingly challenging to meet user expectations as the number of API requests are growing at a relentless pace and with frequent and sudden spikes in demand. When public-facing APIs aren’t delivered quickly, this can lead to poor user experiences, revenue loss, and downtime. Working with a partner that can take concerns about reliability, scalability, and performance out of the equation is a necessity.

API Acceleration is optimized for API delivery and other small payload traffic to enable fast and engaging user experiences across apps and sites. The solution offloads requests from origin infrastructures and provides predictable high performance for large volumes of XML, JSON, and other small transactional and programmatic traffic types critical to application success.

The post What is a CDN first appeared on Techcity Company Limited.

Lateral movement is the set of techniques that attackers use to gain access to additional assets after they have initially penetrated network defenses. After initial access and landing within a datacenter or IT environment, cybercriminals use stolen login credentials (obtained via credential theft or phishing attacks) to impersonate legitimate users, moving more deeply into systems to access sensitive data, intellectual property and other high-value assets.

Why is lateral movement dangerous?

When attackers use lateral movement effectively, it can be very difficult for IT teams to detect. Lateral movement often blends in with the large volume of legitimate east-west traffic within a datacenter, making it harder for endpoint security technology to recognize.

This diagram illustrates how microsegmentation techniques are used to divide a network into secure units to prevent lateral movement (or east-west traffic)

The danger of lateral movement attacks

As the landscape of cyber threats continues to evolve, IT cybersecurity teams remain focused on preventing breaches from penetrating network defenses. But many teams also recognize that not all breaches can be prevented. In fact, when it comes to experiencing a cyberattack, it’s more a matter of “when” rather than “if.” 

That’s why savvy organizations today are also focused on detecting breaches quickly and minimizing the damage they can cause. In some ways, this is a bigger challenge, since it requires network security teams to monitor the vast amount of east-west traffic within a network, looking for signs of lateral movement that indicate potential malicious activity. Most organizations, however, have little visibility into east-west network traffic, especially if they are relying on traditional technologies like legacy firewalls for application control and application allowlisting.

Zero Trust Security Transformation

See 7 key requirements for implementing a Zero Trust security framework that protects applications and users from advanced threats on the internet.

Download now

Akamai can help. Our solution provides tools for deep visibility, microsegmentation and threat intelligence that can help you quickly detect lateral movement, reduce your attack surface and minimize the impact of cyberattacks and advanced persistent threats.

How do lateral movement attacks work?

Lateral movement is the series of steps taken by attackers who have already gained access to a trusted environment and who are looking for high-value assets. Once inside the network, attackers identify the most vulnerable or valuable assets and take steps to reach them by expanding their level of access. 

This type of lateral movement usually starts with infecting or compromising a datacenter or cloud node using stolen credentials. From that point, attackers use a variety of techniques to probe the network, nodes and applications, looking for vulnerabilities to exploit and misconfigurations that allow them to move successfully to their next target, often with stolen credentials obtained through phishing emails or credential dumping.

When done effectively, lateral movement can be extremely difficult for IT teams to detect, as the activity blends in with large volumes of legitimate east-west traffic. As attackers learn more about how legitimate traffic flows within the environment, they have an easier time masquerading their lateral movement as sanctioned activities. This difficulty in detecting lateral movement allows security breaches to escalate quickly to devastating proportions.

To stop lateral movement attacks, cybersecurity teams need three critical capabilities. They must be able to visualize east-west traffic in real time and on a historical basis, allowing them to identify potential malicious activity more easily. They can also use microsegmentation security solutions to apply network hierarchies, workload- and process-level security controls to critical assets, blocking attempts at lateral movement. And they can use deception technology to redirect suspicious behavior to high-interaction deception engines where IT teams can learn more about the lateral movement attack for threat hunting and how to craft better security policies to prevent it.

Visualizing east-west traffic

Organizations seeking more proactive lateral movement security can begin by visualizing the east-west traffic in their environment. Once a clear baseline of sanctioned east-west traffic is established and viewable on a real-time and historical basis, it becomes much easier to identify unsanctioned lateral movement attempts.

This is one of the flagship capabilities of Akamai’s solution. Guardicore Centra technology uses network and host-based sensors to collect detailed information about assets and flows in data center, cloud, and hybrid environments, combines this information with available naming labeling (naming conventions) information from orchestration tools, and displays a visual representation of east-west traffic in the environment.

5-Step Ransomware Defense Ebook

Discover how to strengthen your defenses beyond the perimeter.

Download now

How does lateral movement control fit within a Zero Trust security strategy?

Rather than a technology or product, Zero Trust is a framework for understanding security. It provides CISOs and other security leaders with a strategic, architectural approach to a more rigorous security strategy posture that helps prepare their organizations for a landscape of escalating risk.

A Zero Trust architecture abandons the idea of a trusted network within a defined perimeter. The goal is to minimize the attack surface and prevent the kind of lateral movement throughout a network that so many cyberattacks rely on. When a breach or data exfiltration occurs, a Zero Trust architecture will prevent intruders from moving laterally to easily access other systems or sensitive data. This approach supports new business and operational models that require speed and flexibility. And it facilitates compliance with regulations that require stronger protection of consumer data and separation of critical and non-critical assets.

To progress on your Zero Trust journey, safeguarding users, applications — and the future of your business — we suggest you:

To successfully implement a Zero Trust model, security teams need two fundamental capabilities: total visibility into their internal network environments, and segmentation capabilities that let them quickly and efficiently create microperimeters around critical assets. Comprehensive visibility is essential to developing the understanding of application dependencies and traffic flows on which security policies should be based. And fast and efficient segmentation capabilities are required to adapt to changing business requirements and complex, dynamic, hybrid data center environments. Traditional security approaches that are primarily focused on external threats fall short on both of these capabilities.

Detecting lateral movement with Akamai Guardicore technology

Our solution delivers a single, scalable platform that provides all the capabilities you need to detect lateral movement and neutralize attacks like ransomware and advanced persistent threats. With real-time threat detection and response capabilities, our solution makes it easy to detect lateral movement techniques and minimize dwell time throughout the entire cyberattack kill chain.

Our solution is a software-based network segmentation solution that lets you achieve higher levels of security faster, easier and more cost-effective. Unlike legacy firewalls and VLANs, our solution provides deep visibility into application dependencies and flows so you can understand more easily what’s happening in your environment. Because our technology is decoupled from the physical network, you can swiftly apply microsegmentation and privileged access policies to protect critical IT assets from lateral movement no matter where they reside – on premises, in the cloud, or in hybrid infrastructure.

Stop the Impact of Ransomware White Paper

Protect your enterprise and contain the lateral movement in your network.

Download now

Addressing Lateral Movement

Akamai offers significant advantages over other security technology when it comes to detecting and stopping lateral movement.

Achieve greater visibility

With process-level enforcement of microsegmentation policies, Akamai can easily detect, alert and block unauthorized processes from accessing critical IT assets. The result is a much smaller attack surface that limits lateral movement

Minimize dwell time

Our solution discovers malicious activity earlier in the kill chain to prevent attackers from using lateral movement to spread throughout an environment. Akamai delivers details on threat actors, apps, brute force attempts and attackers’ tools and techniques that can help incident response teams to prioritize investigation and reduce dwell time.

Accelerate incident response

Our solution can automatically export indicators of compromise to security gateways and SIEM. Our platform provides a single-click update to segmentation policies to remediate traffic violations. And security teams can trigger actions on VMs to prevent the spread of damage from ransomware attacks.

Improve threat intelligence

Our solution provides intelligence into threats so security teams can refine segmentation policy. Centra collects the entire attack footprint, including files and tools being used and uploaded. Deep forensics help expose user credentials, attack methods, propagation tactics and more.

Disrupt attackers with deception

High-interaction deception on the solution platform can disrupt attackers and capture attack details. Centra uses reputation analysis to detect suspicious domain names, IP addresses and file hashes within traffic flows.

Why choose Akamai?

Customers choose Akamai to simplify segmentation and stop lateral movement for several key reasons.

Segmentation without downtime

With Akamai, you can implement microsegmentation policies to stop lateral movement with no changes to networks or applications and no downtime

Faster risk reduction

Isolate critical applications up to 20x faster than with legacy firewalls and other solutions

Cost savings

Reduce the cost of protecting your IT environment by as much as 85% over using firewalls

Consistent enforcement

Use the same level of granular, process-level rules on different operating systems and throughout your environment

Coverage everywhere

Protect critical IT assets in any environment – on-premises, in the cloud, on virtual servers, endpoints, on bare metal or in containers

Centralized management

View assets and dependencies, manage segmentation, detect threats, malware, phishing attempts and respond to incidents from a single pane

Streamlined compliance

Automatic validation of network-related compliance policies let you reduce the cost and effort required for compliance

The post Lateral Movement Explained first appeared on Techcity Company Limited.

Microsegmentation is an emerging security best practice that offers several advantages over more established approaches like network segmentation and application segmentation. The traditional methods rely heavily on network-based controls that are coarse and often cumbersome to manage. However, the software-based segmentation element of microsegmentation separates security controls from the underlying infrastructure and allows organizations the flexibility to extend protection and visibility anywhere.

The added granularity that microsegmentation offers is essential at a time when many organizations are adopting cloud services and new deployment options like containers that make traditional perimeter security less relevant. 

Infrastructure visualization plays an essential role in the development of a sound microsegmentation strategy. When it’s done well, visualization makes both sanctioned and unsanctioned activity in the environment easier for IT teams to identify and understand.

This diagram illustrates how microsegmentation techniques are used to divide a network into logical and secure units.

This added visibility enables IT teams to define and fine-tune microsegmentation policies that can both alert on and block unsanctioned activity. Microsegmentation policies can take many forms, including controls based on environment type, regulatory scope, application, and infrastructure tier. Microsegmentation also makes it possible to apply the principle of least privilege more extensively in data center and cloud environments, providing a more effective defense posture than traditional network-layer controls alone.

Can microsegmentation be implemented across cloud providers?

It’s important to select a microsegmentation approach that works consistently across cloud providers. By decoupling security from the cloud infrastructure provider, organizations can prevent vendor lock-in from driving costs up and avoid unnecessary complexity when mergers and acquisitions create mixed cloud environments.

Akamai + Guardicore = A Leader in Microsegmentation

Learn why Forrester named Akamai a Leader in this recent analyst report.

Download now

Will microsegmentation reduce costs?

Many organizations calculate firewall costs for a segmentation project and find that high licensing expenses, lengthy timelines and the necessary downtime come with a hefty price tag. However, a software-based microsegmentation solution can be rolled out quickly and with far less capital expenditure (CapEx) than is required when purchasing firewall appliances and additional hardware. In addition, the reduced maintenance and management effort needed results in far lower operating expenses (OpEx) over time in the form of labor and resource savings.

Microsegmentation is a new concept to many, but it is becoming an increasingly important tool for IT teams challenged with keeping security policies and compliance in step with the rapid rate of change in today’s dynamic data center, cloud, and hybrid cloud environments.

What is application segmentation?

As cloud usage expands and the pace of application deployments and updates accelerates, many security teams are increasing their focus on application segmentation. There are multiple approaches to application segmentation, which can lead to confusion as security teams compare traditional application segmentation techniques with newer approaches like microsegmentation.

Application segmentation often includes a blend of intra-application segmentation and isolation of application clusters from the rest of the IT infrastructure. Both techniques provide security value in different ways. However, traditional application segmentation approaches rely primarily on Layer 4 controls, which are becoming less effective and more difficult to manage as environments and application deployment processes become more dynamic.

Microsegmentation technologies offer security teams a more effective approach to application segmentation by providing a detailed visual representation of the environment, along with a more granular set of policy controls. The most effective microsegmentation technologies take an application-centric approach that extends to Layer 7. Visibility and control at the individual process level makes application segmentation more effective and easier to manage. Sanctioned activity can be governed with highly specific policies that are not affected by IP address spoofing or attempts to execute attacks over allowed ports.

As hybrid-cloud environments and fast-moving DevOps processes become the norm, application segmentation is more important — and more challenging — than ever. Using application-centric microsegmentation to perform application segmentation ensures that security visibility and policy controls keep pace with rapid changes to both the environment and the applications running in it.

A Blueprint for Zero Trust Architecture White Paper

Get in-depth guidance on scoping, configuring, deploying, and managing your Zero Trust framework.

Download now

How do network policies work with microsegmentation?

Network policy enforcement is the set of rules that you place over your IT environment to ensure you have control over access and communication. This could be as simple as keeping production and development separate from one another to avoid human error. More specific policy enforcement rules can help with compliance needs, such as keeping your CDE isolated so that the rest of your network remains out of scope for PCI DSS compliance.

Data center policy engines have traditionally been inflexible, relying on strict, all-or-nothing approaches, or global deny lists without the ability to form exceptions. As workloads become increasingly dynamic, and more and more businesses are embracing the hybrid cloud, flexible policy engines are a must-have. These allow for autoscaling, policies that follow the workloads, and policy creation that is not platform-dependent.

The process of policy creation begins with having strong awareness of both your business and your security objectives. There’s a balance to be found with microsegmentation policy. Too strong, and you might end up with an inflexible environment that makes it tough for staff to work freely and with autonomy. Too weak, and you’re left with an attack surface that’s dangerously large.

Accessing a full real-time map of your IT environment can give you insight into how and where segmentation policy should be placed. Choosing a solution that can enforce policy up to Layer 7, not the traditional Layer 4, can give you even greater security benefits. Even if your perimeter is breached, the right policies in place can stop or divert an attacker, who will be unable to make lateral moves across your network.

Microsegmentation and application discovery — gaining context for accurate action

The infrastructure and techniques used to deliver applications are undergoing a significant transformation, which is making it more challenging than ever for IT and cybersecurity teams to maintain both point-in-time and historical awareness of all application activity. Achieving the best possible security protection, compliance posture, and application performance levels is only possible through an application discovery process that spans all of an organization’s environments and application delivery technologies.

An effective application discovery process includes four essential elements.

The first element is data collection. A variety of agent- and network-based techniques can be used to collect detailed information about application activity across both on-premises and cloud environments. Both provide significant value, but agent-based collection is particularly critical, as it enables the collection of richer Layer 7 detail.

Raw data on its own is of limited value without context, so the second key element of application discovery is organization and labeling. Solutions like Akamai Guardicore Centra streamline this process by interfacing with existing data sources and employing other methods of automation.

The third step to effective application discovery is visualization. Visualization brings the contextualized data together into an adaptable, visual interface that is relevant to the security team and other application stakeholders. Real-time and historical views of application activity each serve distinct purposes, so it’s important to implement a visualization approach that can support both types of data.

The fourth and final critical element of an application discovery approach is a clear and intuitive method of taking action based on the insights gained through greater application visibility. This is the strategic point of intersection between application discovery and microsegmentation.

Attacking a Macro Security Problem with Micro-segmentation

The shift of workloads to the cloud and employees to work-from-home models has only expanded the attack surface.

Download now

What are the benefits of microsegmentation?

As IT infrastructure becomes more dynamic and new deployment approaches like cloud infrastructure and containers assume more prominent roles, the value of traditional perimeter-focused security is greatly diminished. Instead, there is a growing need for IT teams to enhance their ability to detect and prevent lateral movement among heterogeneous data center and cloud assets. Microsegmentation with Layer 7 granularity provides several key benefits to organizations facing this challenge.

Implementing microsegmentation greatly reduces the attack surface in environments with a diverse set of deployment models and a high rate of change. Even as DevOps-style application development and deployment processes bring frequent changes, a microsegmentation platform can provide ongoing visibility and ensure that security policies keep pace as applications are added and updated.

Even with proactive measures in place to reduce the attack surface, occasional breaches are inevitable. Fortunately, microsegmentation also significantly improves organizations’ ability to detect and contain breaches quickly. This includes the ability to generate real-time alerts when policy violations are detected and actively block attempts to use compromised assets as launch points for lateral movement.

Another key benefit of microsegmentation is that it helps organizations strengthen their regulatory compliance posture, even as they begin using cloud services more broadly. Segments of the infrastructure containing regulated data can be isolated, compliant usage can be tightly enforced, and audits are greatly simplified.

The benefits of microsegmentation are maximized when the approach is integrated with an organization’s broader infrastructure, such as orchestration tools. It’s also essential to select a microsegmentation approach that works across physical servers, virtual machines, and multiple cloud providers for maximum effectiveness and flexibility.

Lateral movement security

While IT security teams often devote significant attention to perimeter protection, east-west traffic is outgrowing north-south traffic in both volume and strategic importance. This is driven by such factors as changes in data center scaling approaches, new big data analysis needs, and growing use of cloud services with a less defined perimeter. It’s more important than ever for IT security teams to develop their capabilities to prevent lateral movement in these types of environments.

Lateral movement is the set of steps that attackers who have gained a foothold in a trusted environment take to expand their level of access, move to additional trusted assets, and further advance in the direction of their ultimate target. It’s difficult to detect, as it often blends in with the large volume of similar legitimate east-west traffic in the environment.

There are also more sophisticated techniques that organizations can implement to improve lateral movement security. For example, our solution can provide ongoing and historical visibility of all east-west traffic and empower IT teams to use this insight to create proactive policies to prevent lateral movement.

Reduce attack surface

While the shift from traditional on-premises data centers to cloud, multi-cloud and hybrid cloud models has unlocked many new business benefits, it has also significantly increased the size of the attack surface that security teams must defend. This challenge is compounded by accelerating the pace of infrastructure change and the more dynamic application deployment models that many organizations are adopting.

While many existing attack surface reduction techniques, such as system hardening, vulnerability management, access controls, and network segmentation, remain relevant as cloud platforms usage grows, security teams seeking to reduce attack surface can benefit from greater visibility and more granular policy controls that can be applied consistently from the data center to the cloud.

Visualizing the attack surface in detail makes it much more practical to develop strategies for reducing its size. A detailed visual representation of all applications and their dependencies, along the underlying infrastructure that supports them, makes it easier for security teams to assess their level of exposure and uncover indicators of compromise.

These insights can then be used to develop microsegmentation policies that govern application activity with process-level granularity. This level of control makes it possible to align security policies with application logic and implement a Zero Trust security environment in which only sanctioned application activity can successfully execute.

As the transition to hybrid cloud models progresses, it is easy for organizations to overlook the extent to which this change magnifies the size of their attack surface. New physical environments, platforms, and application deployment methods create many new areas of potential exposure. To effectively reduce attack surface in hybrid cloud environments, a microsegmentation solution must apply policies consistently across disparate data center and cloud environments and a mix of operating systems and deployment models.

Secure critical applications

Today’s information security teams face two major trends that make it more challenging than ever to secure critical applications. The first is that IT infrastructure is evolving rapidly and continuously. The second is that attackers are growing more targeted and sophisticated over time. 

Implementing a sound microsegmentation approach is one of the best steps that security teams can take to gain greater infrastructure visibility and secure critical applications, as it:

• Delivers process-level granularity that aligns security policies with application logic
• Enables security policies to be implemented consistently from the data center to the cloud
• Provides consistent security across different underlying platforms               

This power and flexibility is helpful to any organization considering how to best protect high-value targets like domain controllers, privileged access management systems, and jump servers. It’s also invaluable as organizations adopt cloud security services and new application deployment approaches like containers.

Microsegmentation can also play an important role in securing key vertical-specific applications, including healthcare applications containing protected health information (PHI), financial services applications that are subject to PCI DSS and other regulations, legal applications with client confidentiality implications, and many others. The additional policy granularity that microsegmentation provides makes it easier to create security boundaries around sensitive or regulated data, even when it spans multiple environments and platforms. The added visibility that microsegmentation provides is also extremely valuable during the regulatory audit process.

While IT infrastructure evolution creates new challenges for security teams, decoupling security visibility and policy controls from the underlying infrastructure ensures that critical applications can be secured effectively in heterogeneous environments with a high rate of change.

What are the best microsegmentation methods?

Microsegmentation is an essential capability for organizations tasked with securing fast-evolving data center, cloud, and hybrid cloud IT infrastructure. However, the power and flexibility that microsegmentation offers can make it challenging to identify the optimal mix of techniques to get started with. Upfront consideration of frequently used microsegmentation methods can help organizations design a phased approach that aligns with their unique security and compliance requirements.

Many organizations are familiar with the use of VLANs and other forms of network segmentation. While network segmentation does offer security value, microsegmentation offers much more granularity of control and is much more efficient to deploy and manage at scale. Microsegmentation is also much more practical to extend beyond the data center to cloud infrastructure than VLANs.

A good first step in microsegmentation policy development is to identify applications and services in the environment that require broad access to many resources. Log management systems, monitoring tools, and domain controllers are a few examples. These types of systems can be granted broad access, but microsegmentation policies can be used to enforce their use only for sanctioned purposes.

There are a number of other methods that organizations can draw from when designing their microsegmentation approach, including:

• Microsegmentation by environment
• Creating regulatory boundaries
• Microsegmentation by application type
• Microsegmentation by tier

The best way for organizations to get started with microsegmentation is to identify the methods that best align with their security and policy objectives, start with focused policies, and gradually layer additional microsegmentation techniques over time through step-by-step iteration.

How to get started with microsegmentation

Microsegmentation is clearly the way forward in protecting networks. Not only is it the answer to the eroding perimeter, it’s cost and manpower effective too. But a successful microsegmentation deployment cannot be slapped together. It requires deliberate and detailed forethought in order to get it all right — the first time around.

There are some things you need to consider thoroughly to establish the groundwork for a successful microsegmentation deployment.

Initially, you need to understand what needs to be segmented. Your microsegmentation deployment will reflect your needs — so determine if you’re segmenting for general risk reduction or for compliance reasons. Next, tackle short-term goals, and then deal with long-term goals one you have a microsegmentation baseline protecting your assets.

Once that’s complete, get a thorough picture of your environment but know that your initial picture is incomplete. You can (and should) add on more as you learn more about your connections. Know that proper labeling of assets is critical. Also, flexibility in the labeling process is key, as labels need to reflect your environment as closely as possible. Finally, identify your information sources and plan a way to extract information from them.

These steps will ensure that you’re on your way to a solid and fruitful microsegmentation deployment that will succeed.

What are microsegmentation security best practices?

The rise in hybrid-cloud data centers, SaaS and IaaS, and virtualization has led to a complex IT infrastructure which is difficult to secure. In response, microsegmentation is fast becoming security best practice for businesses working in these kinds of dynamic environments. The value this technology provides is varied, from zone segmentation, to application isolation or service restriction.

One important point to consider is whether to choose an approach that is network-centric or application-centric. While a network-centric approach manages traffic by network choke points, third-party controls or network enforcement, an application-centric approach deploys agents onto the workload itself. The latter approach gives advantages such as better visibility, increased opportunity to scale, and is an entirely infrastructure agnostic technology. In order to be future-ready, the right choice will provide coverage for any environment, from legacy systems, bare metal servers and virtualized environments, to containers and the public cloud.

The unparalleled visibility you gain with an application-centric model is what will ensure that you don’t fall into the most common trap when it comes to microsegmentation — oversegmenting your applications. Best practice is to start with what we call “early wins.” These will have obvious business needs at their core, and be simple segmentation policies that can be put into place and create immediate value. Examples could be as simple as separating environments such as production and development, or meeting compliance regulations by securing critical data or applications.

Finally, best practice involves looking outside of microsegmentation alone to see where complementary controls can strengthen your security posture overall. Breach detection and incident response are two great examples that can work seamlessly with microsegmentation and are powerful to utilize in an all-in-one package. Without these, your business is left attempting to force third-party solutions to work in harmony without gaps or increased risk — a truly tall order, and an administrative hassle that you don’t need to settle for.

Thinking about these microsegmentation best practices at the outset of your project can lighten the load of implementing this game-changing technology, ensuring that the common stumbling blocks are taken care of from the beginning.

Can microsegmentation work as a firewall alternative?

Traditional perimeter firewalls designed for north-south traffic can’t deliver the control and performance needed to protect today’s applications and dynamic workloads. Organizations can technically use firewalls inside the perimeter to implement a layered security model, but it’s simply impractical for most businesses due to the expense and amount of time needed to configure and manage the necessary policies. As a result, today’s enterprises need a better way to defend large volumes of east-west network traffic against cyber attacks.

With a relatively flat network, any port or server can communicate with any other. This means that if a server firewall gets breached, a bad actor can move easily to any number of others in the network. 

Preventing lateral movement within the data center provides a strong defense against attackers who overcome perimeter security measures. A microsegmentation firewall alternative can help businesses enforce increasingly granular policy controls to control east-west activity and limit the impact of a successful breach.

Enforcing segmentation policies at the application layer (Layer 7) effectively prevents lateral movement since Layer 7 is where network services integrate with the operating system. The latest advances in microsegmentation at this level allow IT security to visualize and control activity at Layer 7, as well as use the traditional Layer 4 approach. This means that, instead of relying on IP addresses and ports, organizations can use specific processes to define segmentation policies for inside the data center. It also allows administrators to fulfill specific security and compliance requirements by defining policies based on attributes like processes, user identity or fully qualified domain names.

Microsegmentation also offers several advantages over traditional methods, making it ideal as an internal segmentation firewall for the data center. Rather than introducing choke points in the infrastructure, it runs agents on each system that can organize with each other to create and enforce software-defined segmentation policies. Because of this, microsegmentation provides many more points of visibility from which to discover and contextualize activity in your environments, regardless of what the underlying infrastructure is today and wherever your evolving IT strategy takes you. This also makes it possible to create and manage policies without infrastructure changes or downtime. Not only is this much faster and easier, but it also leaves you with one set of controls that IT security teams can extend anywhere. With a microsegmentation firewall alternative, if you move a workload from the data center to the cloud, its policies will migrate with it automatically.

How does microsegmentation fit in with a Zero Trust strategy?

Initially introduced by Forrester, Zero Trust is an alternative to the traditional “moat and castle” security strategy. While popular in the past,  perimeter-focused defenses are no longer as effective today. With threats increasingly lurking in east-west traffic, enterprises need new layered security approaches to ensure a strong security posture.

The Zero Trust framework assumes that every user, device, system or connection is already compromised by default, whether it originates from inside or outside the network. The involved part comes in building an architecture that supports this principle while allowing legitimate business activities to continue without interruption or latency. This new framework has resonated with network security professionals from its beginnings. However, it’s taken both vendors and enterprises years to figure out how to realize it in environments without drowning in infrastructure complexity.

Today, the Forrester Zero Trust framework and technologies that enable it, such as microsegmentation, have matured to the point where it is practical to implement at scale in any size organization. While there is no single security vendor that addresses every aspect of Forrester’s Zero Trust framework, microsegmentation can help network security teams significantly advance the maturity of their Zero Trust initiatives.

The first step toward realizing Zero Trust is gaining a complete understanding of your environment and the critical assets you are trying to protect. A good microsegmentation solution can help you collect detailed information from workloads, endpoints and networks. This will help you understand the relationships and dependencies between your workloads and endpoints, along with their normal communication patterns.

You can then use this data to build the foundation of your Zero Trust program, starting with your highest-priority assets. Using granular segmentation controls, you can create microperimeters around specific applications and environments that only allow activities your teams explicitly authorize. Zero Trust is primarily about implementing policies that deny all actions that aren’t expressly allowed and verified. However, software-defined microsegmentation also gives IT security teams the agility to modify policies quickly to meet new security use cases or changing business requirements. 

In addition to serving as your visibility and policy foundation for Zero Trust, a microsegmentation solution should also continuously monitor your environments for possible threats and violations of your Zero Trust policies. This will ensure that your Zero Trust posture remains solid even as your applications, systems and environments change over time.

Can microsegmentation help with regulatory compliance?

When it comes to meeting regulatory compliance, companies are struggling with the increasingly dynamic environment we work in today. As the regulations themselves get stricter, security audits are becoming more common, and the consequences graver for non-compliance. These include fines, damage to business reputation and even loss of revenue until compliance is achieved.

Physical segregation of IT infrastructure is no longer enough. Workloads have become dynamic, and the CDE is not static, including tiers that allow for auto-scaling or unpredictable changes. Networks and applications that are in scope for PCI DSS regulations are complex. They can span multiple machines, include hybrid environments like containers and VMs, and even work across multiple physical locations or time zones.

Microsegmentation is becoming a popular choice for meeting compliance regulations such as PCI DSS. The right solution can provide unparalleled visibility into traffic and data flows across your entire infrastructure, including hybrid environments. It can then help you segment your network, reducing the scope and limiting communication at process level. This can keep your CDE protected, even from lateral moves or pivots if a breach occurs. A flexible policy engine for creating rules will ensure that you have ultimate control over your microsegmentation approach, meeting more in-depth requirements such as permissions and behavior for insecure protocols.

For PCI compliance and more, microsegmentation can allow you to gain powerful visibility of all applications and workloads at process level, build flexible policies that drill down to meet compliance regulations, and enforce these to control an overall security posture that has you ready for any audit.

The post What is microsegmentation? first appeared on Techcity Company Limited.

Zero Trust is a network security model based on a philosophy that no person or device inside or outside of an organization’s network should be granted access to connect to IT systems or services until authenticated and continuously verified.

What is the Zero Trust model?

In 2010, Forrester Research analyst John Kindervag proposed a solution he termed “Zero Trust.” 

It was a shift from the strategy of “trust but verify” to “never trust, always verify.” In the Zero Trust model, no user or device is trusted to access a resource until their identity and authorization are verified. This process applies to those normally inside a private network, like an employee on a company computer working remotely from home or on their mobile device while at a conference across the world. It also applies to every person or device outside of that network. It makes no difference if you have accessed the network before or how many times — your identity is not trusted until verified again and again. The idea is that you should assume every machine, user, and server to be untrusted until proven otherwise.

Historically, a castle-and-moat approach to security seemed workable — the idea of a network perimeter where everyone outside the network — or moat — was “bad” and everyone inside was “good” once prevailed. But just as castles and moats are a thing of the past, so should be the castle-and-moat approach to security. Just think about the current state of remote work. Today’s workforce and workplace have changed — when, how, and where people do their work have moved beyond the four walls of an office. With the rise of the cloud, the network perimeter no longer exists in the way it used to. Users and applications are just as likely to be outside of the moat as they are inside. And that introduces weaknesses in the perimeter that malicious actors can exploit. Once inside the moat, they are free to move around, accessing resources and high-value assets, like customer data (or the crown jewels!) — or launching a ransomware attack.

How Zero Trust works

Imagine the Zero Trust model like an extremely vigilant security guard — methodically and repeatedly checking your credentials before allowing you access to the office building where you work, even if they recognize you — then duplicating that process to verify your identity over and over. 

The Zero Trust model relies on strong authentication and authorization for every device and person before any access or data transfer takes place on a private network, no matter if they are inside or outside that network perimeter. The process also combines analytics, filtering, and logging to verify behavior and to continually watch for signals of compromise. If a user or device shows signs of acting differently than before, it is taken note of and monitored as a possible threat. For example, Marcus at Acme Co. typically logs in from Columbus, Ohio, in the United States, but today, he’s attempting to access Acme’s intranet from Berlin, Germany. Even though Marcus’ username and password were entered correctly, a Zero Trust approach would recognize the anomaly in Marcus’ behavior and take action, such as serving Marcus another authentication challenge to verify his identity. 

This basic shift in approach defeats many common security threats. Attackers can no longer spend time taking advantage of weaknesses in the perimeter, and then exploiting sensitive data and applications because they made it inside the moat. Now there is no moat. There are just applications and users, each of which must mutually authenticate, and verify authorization before access can occur. Mutual authentication takes place when two parties authenticate each other at the same time, such as a user with a login and password, and an application they are connecting with through a digital certificate.

Adaptive security and visibility model:

Core principles behind Zero Trust Network Access

The Zero Trust model is based on five basic principles:

• Every user on a network is always assumed to be hostile
• External and internal threats exist on the network at all times
• Network locality is not sufficient for deciding trust in a network
• Every device, user, and network flow is authenticated and authorized
• Policies must be dynamic and calculated from as many sources of data as possible

What are the components of Zero Trust?

The Zero Trust security model of today has expanded. There are many implementations of its principles, including Zero Trust architecture (ZTA), Zero Trust Network Access (ZTNA), and Zero Trust Edge (ZTE). Zero Trust security is also sometimes referred to as “perimeterless security.”

Don’t think of Zero Trust as one discrete technology. Rather, a Zero Trust architecture uses a variety of different technologies and principles to address common security challenges through preventive techniques. These components are designed to provide advanced threat protection as the boundaries between work and home disappear, and an increasingly distributed remote workforce becomes the norm.

Zero Trust Network Access capabilities:

• Control network flows between all assets
• Verify identity and grant access to the cloud
• Authentication and authorization, including multi-factor authentication (MFA)
• Application access vs. access to the entire network
• Least-privilege user access to all applications (IaaS, SaaS, and on-premises)
• VPN elimination
• Service insertion
• Security at the edge
• Improved application performance
• Improved security posture against advanced threats

Key benefits of Zero Trust architecture

A Zero Trust architecture works seamlessly for users, helps protect against cyberattacks, and simplifies infrastructure requirements. Different components of Zero Trust architecture can:

Help ensure network trust and thwart malicious attacks

IT teams need to ensure that users and devices can safely connect to the internet, regardless of where they are connecting from, without the complexity associated with legacy approaches. They also need to proactively identify, block, and mitigate targeted threats such as malware, ransomware, phishing, DNS data exfiltration, and advanced zero-day attacks for users. Zero Trust security can improve security postures while reducing the risk of malware.

Provide secure application access for employees and partners

Traditional access technologies, like VPN, rely on antiquated trust principles, and are particularly vulnerable through compromised user credentials that have led to breaches. IT needs to rethink its access model and technologies to ensure the business is secure, while still enabling fast and simple access for all users, including third-party users. Zero Trust security can reduce risk and complexity, while delivering a consistent user experience.

Reduce complexity and save on IT resources

Enterprise access and security is complex and constantly changing. Making changes with traditional enterprise technologies often takes days (and often across many hardware and software components) using valuable resources. A Zero Trust security model can reduce architectural complexity.

Why a Zero Trust security model is needed

In summary, the modern workforce is becoming increasingly mobile, accessing applications from multiple devices outside of the business perimeter. In the past, many enterprises adopted a “verify, then trust” model — which meant if someone had the correct user credentials, they were admitted to whichever site, app, or device they were requesting. This resulted in an increased risk of exposure, dissolving what was once the trusted enterprise zone of control and leaving many organizations exposed to data breaches, malware, and ransomware attacks. Protection is now needed within specific digital infrastructures where applications and data, and users and devices, are located.

Compelling reasons to employ a Zero Trust model

• Users, devices, applications, and data are moving outside of the enterprise perimeter and zone of control, away from traditional data centers
• New business requirements driven by digital transformation increase risk exposure
• “Trust but verify” is no longer an option, as targeted advanced threats are moving inside the corporate perimeter
• Traditional perimeters are complex, increase risk, and are no longer compatible with today’s business models
• To be competitive, businesses need a Zero Trust network architecture able to protect enterprise data, wherever users and devices are, while ensuring that applications work quickly and seamlessly

Implementing a Zero Trust architecture with Akamai

Akamai’s cloud security services can be combined to build a complete Zero Trust solution that best suits your specific business needs. By enabling safe application access in a cloud-native world, internal corporate networks can become a thing of the past.

Using our advanced distributed ZTNA solution, along with the power of the over 20-year-strong global Akamai Intelligent Edge Platform, you can easily move to a perimeterless world, phasing in applications, protecting your business, and enabling growth.

Akamai’s journey to Zero Trust security

Application access redefined: secure, simple, fast

Give your workforce fast, secure access with Zero Trust Network Access. Enterprise Application Access allows you to adapt to sudden workflow changes. In a matter of minutes, you can set up new applications and users through a single portal and scale remote access. Enterprise Application Access is designed to enable you to make smart decisions about access while reducing cost, complexity, and risk with a simplified cloud-delivered service and no virtual or physical applications to maintain.

Get Zero Trust Network Access with unmatched threat intelligence. Give the right users precise access to the right apps, not the entire network. With adaptive access controls that provide near-real-time security signals and risk scores, your apps are automatically protected.

Proactive protection against zero-day malware and phishing

Safely connect users and devices to the internet with Secure Internet Access using a secure web gateway. Keep users and devices safe with the multilayered defense of real-time intelligence and detection engines on the world’s largest edge platform: a globally scalable solution that deploys in minutes and can reduce time-consuming security management.

Discover phish-proof multi-factor authentication

Akamai MFA prevents employee account takeover and data breaches, and provides unrivaled security. Security is provided by end-to-end cryptography and a sealed challenge/response flow. This method makes the authentication process unphishable and confidential.

The post Zero Trust security model first appeared on Techcity Company Limited.

Such changes will offer exciting opportunities for agile businesses, but the increasing complexity creates formidable challenges as well:

• An explosion of devices and network types. With 13.4 billion connected devices worldwide today — a number expected to triple by 2020¹ — the Internet must support an increasingly diverse set of interactions, from web and mobile to wearable tech and machine-to-machine communications. Slow adoption of new protocols, meanwhile, is hindering content delivery and causing inconsistent customer experiences.
• Richer and more sophisticated content. Organizations are employing complex images, video, and underlying code on their websites to create the engaging experiences consumers have come to expect. In addition, the rising availability of last-mile broadband and high-definition devices continues to raise the bar on video quality, foreshadowing a five- to tenfold increase in video capacity requirements within the next few years.
• Attacks of increasing scale and sophistication. Hackers and cybercriminals are increasingly targeting websites and web applications with larger and more complex attacks. One study estimates that by 2019, cybercrime will cost businesses $2.1 trillion globally, roughly four times the annual estimated cost of breaches in 2015.²

4 Essentials of Superior Customer Experience

As customer interactions and transactions increasingly move to digital channels, organizations are publishing rich, interactive sites and full-featured applications accessible over a wide variety of devices. Behind the scenes, these efforts require a cloud delivery platform and services that optimize and secure transactions and content delivery.

1. A highly distributed architecture

For a business to deliver rich content and mobile applications with speed and consistency, the servers delivering that content must be close to the customer accessing it. The farther data has to travel, the more latency is introduced, which can have an unexpectedly severe effect on performance, particularly for “chatty” web applications and high-quality video. A highly-distributed content delivery platform is essential to achieving high levels of performance, reliability, and scale.

As mobile usage increases, service providers will need to extend their platform edges even further to minimize latency resulting from lower network speeds and traffic spikes.

2. Cutting-edge performance services

Distributed architecture provides the physical framework for optimal delivery, and intelligent software services reduce complexity and leverage advanced web technologies to deliver the most engaging internet experiences possible.

• Websites and mobile apps are getting richer, more dynamic, and more complex, often resulting in “heavier” web pages that take longer to load.
• Sites that use responsive design techniques to scale across different screen sizes may suffer from “over-downloading” of unneeded rich media assets to mobile devices.
• Devices themselves are getting more diverse, creating a hyper-fragmented landscape of form factors, browsers, operating systems, and device capabilities to support.
• By 2019, video may account for as much as 80% of all consumer internet traffic3 — a staggering statistic that represents both growing audiences and their increasing demand for quality. Media companies in particular may see their video capacity requirements grow a hundredfold or more.

Delivering a speedy and engaging experience to every customer in this complex and fast-evolving marketplace requires a broad set of intelligent services, such as advanced caching and dynamic site acceleration, which work in concert to optimize each customer experience.

3. Sophisticated security capabilities

As the volume of high-value data and transactions on the Internet continues to grow, so do the forces of attackers looking to exploit it — and these forces are costing organizations big money. Businesses around the world suffered average losses of $9.5 million due to cybercrime in FY 2016, a 21% increase from 2015.4

Given the increasing volatility of the internet threat landscape, organizations need to secure websites and applications with defense layers that protect against the internet-scale threats of today and tomorrow.

• Across the Akamai network, the number of distributed denial-of-service (DDoS) attacks that surpassed 100 gigabits per second (Gbps) increased by 140% from Q4 2015 to Q4 2016. These “mega attacks” have grown dramatically as amplification techniques allow hackers to create onslaughts that are hundreds of times larger than before. Attacks often come in waves and coincide with high-traffic launches and events, when infrastructure is already heavily loaded. Companies need always-on capabilities to protect infrastructure across all ports and protocols.
• Web-based attacks are among the costliest types of cybercrime, with hackers attempting to exploit website vulnerabilities in order to deface, disrupt, or steal from a site. These attacks are increasingly launched in conjunction with DDoS assaults, using the latter to divert attention while causing more serious damage with the former. Defenses should include a scalable firewall solution deployed across a highly distributed cloud platform that uses a continuously updating rule set to filter traffic accurately.

Organizations can’t defend against these attacks on their own. Comprehensive threat intelligence is necessary to distinguish bad traffic from legitimate traffic, to stay current on detection and mitigation strategies, and to identify attack trends and malicious actors in real time — all without affecting performance for your customers.

4. Support to keep businesses agile

Businesses understand the need to become more agile to compete in an era of rapid change and innovation. Whether it’s flash sales and daily deals, real-time inventory and pricing changes, or promotional events and product launches, they are updating features and content on websites and mobile apps more frequently than ever — and infrastructure needs to keep up.

Many companies, however, simply do not have the in-house resources or skill sets to maintain robust site performance and security. Enlisting the support of a trusted cloud delivery platform provider gives organizations self-serviceable control and sophisticated capabilities such as advanced cache control, fast purge capabilities, and flexible content handling.

Just as critical as the ability to deploy changes quickly is the ability to test those changes in a safe and streamlined manner, particularly as organizations move toward continuous delivery methodologies and faster, more frequent release cycles. Platform management capabilities help to further streamline development processes and enhance visibility into real-time usage, performance, and security metrics.

Partnering with the right service provider on managed services to monitor content delivery, identify and resolve issues preemptively, and ward off dynamic, multivector cyberattacks will ensure optimal performance and protection. Your organization can then focus internal resources on core business competencies, enabling the business to innovate without constraint.

Conclusion

As the web grows more dynamic, and mobile traffic continues to increase, the ability to improve responsiveness and deliver consistently superior customer experiences will help organizations and their leadership teams stay ahead of the innovation curve. A cloud delivery platform featuring a highly distributed architecture, cutting-edge performance services, sophisticated security capabilities, and expert support will enable you to harness the Internet of today and tomorrow, propelling your business ever-faster forward.

The post Boosting Agility and Performance on the Evolving Internet first appeared on Techcity Company Limited.

How does Memcached work?

Memcache is a distributed memory caching system. Its purpose is to help websites and applications load content faster by temporarily storing content on devices, which can then efficiently load when the visitor comes back to the website.

Memcache vulnerabilities

As open-source software, Memcached could be vulnerable to attacks. This became apparent in 2018 when a new form of DDoS attack was launched. Cyber attackers sent spoof requests, which mask the real identity of a sender by cloaking their IP address, to a vulnerable UDP Memcached server.

A UDP, or User Datagram Protocol, is particularly vulnerable as it allows data to be transferred before the end receiving party agrees to the communication, for example, a quick video playback. Hackers sent these spoof requests to the server, flooding the victims with high volumes of traffic and crashing the servers.

As with traditional DDoS attacks, Memcached attacks result in an overloaded server, denying service to genuine website users.

One step up from Mirai Botnet

Prior to the Memcache attack, the biggest DDoS threat was the Mirai Botnet malware, first discovered by MalwareMustDie in August 2016. At the time, it was involved in some of the largest DDoS attacks in history, including well-publicized cases such as the attack on security journalist Brian Krebs.

The team at Akamai went straight to work on mitigating attacks from Mirai Botnet malware, and now provides solutions to protect against any further threats from this source.

Largest DDoS Attack Ever Detected — Twice the Size of 2017 Mirai Botnet

Are you protected?

Having successfully protected against Mirai Botnet, Akamai is now compiling its resources to help enterprises fend off any potential attacks from Memcached malware.

On February 28, 2018, one of Akamai experienced a 1.3 TBps DDoS attack against one of our customers, driven by the memcached reflection. This is the largest attack seen to date by Akamai, more than twice the size of the Mirai botnet attack mitigated by Akamai in 2017.

In response, Akamai created the Prolexic Platform. This software was able to successfully moderated the attack by filtering all traffic sourced from UDP port 11211.

The UDP port 11211 is the default port used by Memcached. Akamai was able to detect this and prevent server-crashing damage to its clients.

Memcache DDoS protection

In order to protect against attacks of this nature, Akamai is now publishing a series of resources, which will help to recognize potential threats. The team is also offering a consultancy service for those who think they might be affected.

If you think you might be vulnerable to a Memcache UDP attack, please call us, toll free, on 1.877.425.2624. Alternatively, contact the DDoS Attack Hotline and arrange a call back.

Find out more about Memcached DDoS tools with our online resources

At Akamai, we always like to stay one step ahead of the curve. Read our experts’ reports to find out more and keep yourself safe from Memcached DDoS.

The post Memcached DDoS Explained first appeared on Techcity Company Limited.

Demand for streaming media services is growing quickly, presenting content providers with new revenue opportunities and new technical challenges as well.

Consumers expect instant and uninterrupted access to streaming media services and broadcast-quality streaming video on any device. Content providers who can deliver on these expectations can realize significant gains in profits and market share.

But meeting user expectations for streaming media services requires extremely sophisticated technology. Content delivery networks (CDNs) can be helpful, but implementing a CDN from scratch doesn’t make sense for many providers.

To take advantage of this unique market opportunity, content providers need solutions that are easy to deploy and maintain while providing the state-of-the-art technology to deliver streaming media services flawlessly.

Akamai managed CDN simplify streaming media services.

Akamai Aura Managed CDN (MCDN) is a turnkey solution allows content providers to offer high-quality streaming media services by leveraging a CDN dedicated to those services. Aura Managed CDN minimizes the time to deployment and reduces up-front costs of delivering streaming media services while enabling providers to deliver a superior online experience that will meet and exceed customer expectations.

With a managed CDN from Akamai, the underlying CDN infrastructure is maintained by Akamai experts to dramatically simplify management of streaming media services. This streaming video hosting solution enables providers to drive more revenue and win a greater share of audience by offering advanced value-added streaming services and connecting with the global Akamai Intelligent Platform™ to provide streaming media services beyond the reach of their own network footprint.

With Akamai managed streaming media services, you can:

• Offer premium subscription content on many devices.
• Minimize complexity with a turnkey CDN solution that is maintained and monitored 24/7 by Akamai.
• Reduce costs by managing a single CDN infrastructure, offloading OTT traffic and eliminating expensive hardware.
• Enrich the online experience by extending online video libraries, streaming to any device and accelerating web content.

Streaming media services with Akamai’s Adaptive Media Delivery

In addition to a managed CDN, Akamai offers Adaptive Media Delivery, a highly scalable technology to support streaming of live and on-demand content. Adaptive Media Delivery is optimized for Adaptive Bitrate (ABR) streaming to provide a superior viewing experience across network types and devices at varying connection speeds. As a live streaming server, Adaptive Media Delivery has enabled streaming of some of the world’s largest online events, including the FIFA World Cup, the Super Bowl and the Olympics. When a streaming event requires enormous capacity and scale, the world’s most successful brands turn to Akamai.

Learn more about streaming Akamai’s streaming media services and other enterprise cloud computing solutions.

The post Streaming Media Services first appeared on Techcity Company Limited.

A superior streaming media server from Akamai.

To meet these challenges, Akamai offers Adaptive Media Delivery, a streaming media server optimized for Adaptive Bitrate (ABR) streaming and that delivers a superior viewing experience across fixed and mobile networks and varying connection speeds.

Akamai’s streaming media server has proven more than reliable while streaming some of the world’s largest online events, including the Olympics, the Super Bowl and the FIFA World Cup.

Akamai’s streaming server overcomes the challenges of latency, congestion and packet loss on the Internet by using a broad network of edge servers to bring content closer to users. Akamai has 20 to 100 times more Points of Presence (POPs) than other global CDN providers, and relies on partnerships with the world’s leading service providers to place edge servers deep within more than 1200 service provider networks, delivering lower latency and higher quality.

Benefits of Akamai’s streaming media server

Akamai’s streaming media server provides significant advantages for streaming media services:

• Scalability. Adaptive Media Delivery can quickly scale to serve large audiences, whether planned or unexpected, leveraging the distributed network’s ability for dynamically and intelligently distributing load.
• Quality. Akamai’s streaming media server enables superior video quality by relying on a globally distributed network architecture that keeps content close to viewers.
• Optimization. Using Akamai application-aware software intelligence, providers can optimize online video playback quality and performance while monitoring streaming delivery.
• Experience. Content providers can benefit from Akamai’s experience in streaming the world’s largest online events.
• Adaptability. With Akamai’s streaming media server, you can reach audiences on any device using a wide range of standard video streaming protocols.

Learn more about Akamai’s streaming media server and about Akamai solutions for enterprise mobility solutions and streaming video hosting.

The post Streaming Media Server first appeared on Techcity Company Limited.

Why Live Video Streaming Is Complicated

Because audience composition and behavior is difficult to predict, implementing live video streaming is never simple. Delivery of live video streams can be complicated because of the diversity of platforms, access networks and streaming formats competing in today’s online media ecosystem. Consumers expect consistent high quality performance and availability wherever, whenever and on whatever device they choose. And it is now more challenging than ever to ensure an enjoyable, glitch-free viewing experience online—especially when streaming live.

If audience turnout exceeds server capacity, users can be shut out of a live video streaming event, incapable of accessing your content and left with a negative impression of your company. Even if your servers are able to handle the demand, video performance can suffer as a result of network congestion, latency and packet loss, forcing your audience to disengage and pursue better video quality elsewhere.

Simplifying Live Video Streaming with an Intelligent Stream Packaging and Delivery

Akamai, a leader in the content delivery industry with over a decade of experience in streaming media, knows how complex live video streaming can be. Let us provide you with the scalability, reliability and technology you need to ensure that your viewers are never disappointed.

• Our innovative stream packaging and video transcoding solution, streamlines live video streaming workflows by processing a single live stream to reach multiple devices and platforms, dynamically packaging your content in real time using the appropriate protocol—whether it’s HTTP live streaming (HLS) for iOS and Android platforms, HTTP dynamic streaming (HDS) for adaptive bitrate delivery on Flash-based platforms. We also support the latest streaming formats such MPEG-DASH for live delivery.
• Our cloud-based storage and delivery solution, supports your streaming offering with multi-stream redundancy and capabilities such as DVR-enabled live streaming.
• Our globally distributed CDN. for content optimization and distribution—the Akamai Intelligent Platform—can scale with your audience to handle the largest of live video streaming events, reliably supporting thousands of simultaneous streams.
• Our comprehensive Media Analytics toolset can monitor video playback quality to ensure that your users enjoy each and every live broadcast—from start to finish.

Discover how Akamai Media Delivery Solutions can provide your viewers the best live viewing experience possible.

The post Live Video Streaming first appeared on Techcity Company Limited.

Pressure to Perform

The ubiquity of mobile devices and the continuing increase in global connection speeds have drastically transformed the way the world does business, and mobile banking is one of the leading examples. In 2016, the U.S. Federal Reserve reported that 53% of banking customers who own smartphones were engaged in mobile banking, and the momentum to mobile is certain to continue.

The financial services industry is in full transformation mode in response to changing customer expectations and government regulations, but the road is steep and the competition fierce. Stricter consumer privacy regulations add layers of complexity to digital initiatives. Meanwhile, digitally native fintechs are rewriting the financial services playbook. FSIs need a laser focus on enhancing customer relationships and experiences, redefining value propositions, and optimizing business models and processes.

Today’s customers expect near-instant gratification and resolution. FSIs have a real opportunity to reinforce their value and improve retention rates by delivering seamless experiences across mobile devices and other channels (e.g., web to mobile). That means providing intuitive platforms and apps, self-service capabilities, and click-to-call/chat communication, among other innovations. To prevail against nimble competitors, FSIs must continue to leverage cloud-based technologies that enable the kind of experience customers prefer: safe, seamless, reliable, and fast.

Businesses must adapt to changing consumer habits and expectations

In financial services, fintechs are promoting a vision of a world without banks. Blockchains and cryptocurrencies are funding transactions without paper money or credit cards. Robo-advisers are providing portfolio management without managers. Mobile payments are turning phones into credit cards. The ability of upstart companies to provide high-performing web experiences is not hindered by legacy infrastructure — or legacy business models.

Customers want a fast, seamless, immersive, cross-channel digital experience that satisfies, and even anticipates, their needs. This is especially true of millennials, a generation quickly becoming the dominant demographic. Combine millennials’ expectations of brands in general with their fundamentally different banking and investing habits, and it’s clear that FSIs must adapt:

• Fewer than 50% of millennials see themselves staying with their current financial services institution over the next few years.
• Two-thirds of millennials (67%) are open to trying financial services from brands they trust, like Nike, Google, and Apple, that don’t currently offer financial services.

It’s not enough to provide exceptional experiences just for basic online activities. FSIs must prove themselves by offering complex activities, such as applying for a loan or configuring products. As institutions offer ever-more complex digital transactions, the focus on performance only increases. The reality is that today’s engaged consumers — influenced by their daily interactions on social media and other platforms — expect all sites and apps to be high performing and lightning fast.

Businesses that transform the digital customer experience get results

With a sharp focus on identifying and satisfying customers’ preferences, FSIs can use mobile and other digital channels as a springboard for growth. Consider that in the U.S. retail banking industry, Gallup found that fully engaged customers contribute 37% more annual revenue to their primary bank than disengaged customers. Fully engaged banking customers also maintain more products with their bank — from checking and savings accounts to mortgages and auto loans — and keep higher deposit balances in their accounts than less engaged customers with the same products.

Incumbent and startup financial institutions that have committed to mobile and other digital channels have achieved superior results. For example:

• In the Netherlands, SNS Bank redefined the branch concept by creating a network of advisory-focused, cashless banking shops that serve as a physical extension of the web. These shops feature a “consultant style” mobile sales force specialized in selling complex products from both the bank itself and other providers. ¹  
• Using multiple data sources to assess risk, Atlanta-based Kabbage has developed an underwriting process that enables it to lend small businesses and consumers up to $100,000 in minutes. ²
• When customers of Germany’s Fidor Bank apply for a loan, they find out in seconds if they are approved. The bank also enables customers to buy currency online and make payments in a variety of currencies through Currency Cloud — a multicurrency, regulated e-wallet. ³

Hyper-diverse environments make performance and security a challenge

Businesses face considerable technological hurdles, however, in creating compelling mobile and web experiences, due to the challenges inherent in service and content delivery via the Internet. These challenges center on:

Device diversity: Fragmented audiences make it difficult to deliver the right experience to the end user based on device characteristics. The sheer number of devices, browsers, and operating systems available has resulted in significant fragmentation — approximately 24,000 mobile device types (and counting) access Facebook every day. In today’s landscape, there are countless permutations of users accessing content, with each user expecting the same high-quality performance.

Connectivity: Location impacts connectivity, whether via hardwired, broadband, Wi-Fi, or cellular networks. Connectivity issues are particularly acute for mobile customers, who endure the limitations of the so-called “last mile.” These include poor cellular throughput, dropped connections, and limited handset processing power and memory.

Security risks: Not only do FSIs need to be concerned with delivering exceptional experiences reliably and quickly, but they must also leverage powerful cloud-based tools to protect the customer and themselves during a time when cyberattackers are targeting the financial services industry more aggressively than ever.

What it takes to power digital engagement

Building and supporting the digital experiences that cater to this fragmented and constantly evolving landscape can be costly and complicated for in-house IT teams. To deliver mobile experiences that are secure, fast, and reliable, FSIs need to leverage an intelligent, scalable, distributed cloud delivery platform to serve content while optimizing performance and providing sophisticated security. Here are three key components to meet customers’ mobile expectations:

• Make it seamless. By gathering data from cross-channel and multi-device interactions for analysis, FSIs can recognize recent activity and deliver personalized services, offers, and promotions in every session. Cross-channel consistency is critical for meeting (or surpassing) customer expectations and cultivating loyalty.
• Ensure high performance. An advanced cloud delivery platform will ensure that websites and apps are always available and that every customer will enjoy optimal performance, regardless of location or device type. This requires the presence of web and application servers located around the world, close to end users and the content they need, along with real-time optimizations for device, browser, and network settings.
• Mitigate cybersecurity threats. Today’s online threats continue to grow in size, frequency, and sophistication, putting FSIs at tremendous risk of reputational damage, diminished IT productivity, and revenue loss. With distributed denial-of-service (DDoS) incidents and web application attacks gaining scale, financial institutions and their customers need reassurance that their data and digital properties are safe. Security measures must be applied from a global-scale cloud platform that has the capacity and intelligence to protect FSIs from formidable external threats.

Conclusion

FSIs that optimize performance and availability, while satisfying expectations for high security, stand the best chance of retaining customers and attracting new ones. The task is too large for institutions to tackle alone; they need to partner with a cloud delivery platform provider that can help manage the risks and complexities inherent in digital service delivery.

About Akamai

Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. With the world’s most distributed compute platform — from cloud to edge — we make it easy for customers to develop and run applications, while we keep experiences closer to users and threats farther away. Learn more about Akamai’s security, compute, and delivery solutions at akamai.com and akamai.com/blog, or follow Akamai Technologies on Twitter and LinkedIn.

The post The Future of Customer Experience in Financial Services first appeared on Techcity Company Limited.