Dataquest interacted with Michael Afergan, Senior Vice President and General Manager, Web Experience Division, Akamai Technologies on threat intelligence sharing and how it can help organizations
What are the security trends observed in India and globally? And how is the security concern in India different from that of other countries?
I have spent a lot of time working with markets across Asia including Japan and India. Security is an up front and center theme globally. One of the big themes that I have seen happening in many markets is the shift from point solutions and boxes to thinking about services and cloud–based solutions. This is something that is both similar and different about India. The similarity is that it’s a trend that is happening globally and the difference would be that the trend caught up a bit late than it has in some other markets.
There are really three key pieces behind the trends here in India. The first is the shift from looking just at compliance to looking at complete solutions. In many markets around the world the first wave of security purchases have really been driven by regulatory or internal compliance solutions. That certainly has been true here in India, and I think we are starting to see a shift. People are realizing that just checking the box of compliance is not good enough and there is really a need to think about fully integrated solutions that checks the box of compliance and also provides more robust answers. That is one of the thesis that is driving the box based solutions to cloud based solutions.
The second thing I see really picking up in India, that is similar to the rest of the world, is the incredible scale and frequency of the attacks. Day by day, week by week, month by month – sometimes even I am surprised at the scale of attacks that are happening here. India as you may know is one of the countries that was hit by the recent DD4BC. An attack that was a relatively large and sophisticated attack.
The third theme that is starting to materialize here, that we started to see around the DD4BC attacks, is the value of information sharing. So DD4BC was a great example of an attack that was relatively sophisticated, hit relatively big institutions and it was kind of a slow attack that moved slowly from country to country. It hit Australia first, moved here, and then moved to Japan. One of the benefits that we saw across our customer base across cloud-based solutions was the benefit of data sharing and learning. What we learned from the Australia attacks have benefitted our customers here in India, Japan and around the world. In the shift from compliance to complete solutions, the focus of the scale and frequency of the attacks and really the notion about the data sharing has been fuelling the trend in India.
What is Akamai’s take on botnets?
Clearly, outsourced tools have become a primary weapon in a lot of security based attacks and certainly the volumetric based attacks. In terms of dark botnets we can see tools being used in a couple of different ways by a private agency or even by a state sponsored attacks. We can also see hacktivism showing up as a trend which need not be dark or a bot. You also see some socially minded attacks – the use of voluntary individuals who are downloading software to their desktops and becoming parts of the attack because they think it’s for some social good not necessarily realizing the harm that they can be doing and the ways their computers can get abused from thereon in. One of the themes that has come across in these attacks is that it’s not just the need to block some bad guys but the need to constantly understand the reputation of various machines and IP blocks around the world.
Machines could be good one day but end up being bad guys either maliciously, because their machines got taken over and made part of a network or voluntarily because somebody downloaded a software, joined one cause and unbeknownst to themselves became part of another cause. It allows actors who otherwise wouldn’t have the resources to suddenly pose a much larger threat. It is one of the reasons there is a need for a robust defence that involves understanding the reputation/ profile of users on a relatively real time basis. It brings me back to my prior point of information sharing, which is basically, learning from what you see on one attack, understanding how those users might have been compromised and leveraging it for another attack.
Can you shed some light on threat intelligence sharing and how it can help organizations?
You have to understand that most attacks these days are run by organizations that work effectively like companies. So they are trying to be efficient and scalable in their investments. I think it helps to gain some insight. Part of what they do is find routes through scale, and that might mean scale through attack vectors and also scale through attacking machines. So if you think about an attack vector like DD4BC, even though they use different techniques there are similarities in terms of how they attack primarily FSI companies in different countries. While they might have been new to Australia, many of the techniques that they used were comparable to the ones used in another country.
They might be new to India, but part of what they do here is similar to what they had done in Australia. As an organization, understanding and leveraging the best insights into where those attacks were done before can be highly valuable in providing a robust infrastructure. So even if you’re an Indian enterprise getting attacked with DD4BC for the first time, knowing what happened in Australia can be highly valuable in building a robust defence. And that is a real example of what we did for our customers over the past years.
Another opportunity is understanding the reputation of bad guys. There are networks that get compromised one way or another. A lot of the machines used in the attack can be seen used in different ways in different attacks. So having that real time database of who the good and the bad guys are can be valuable. You as one organization, one entity might not have the visibility. But the good/bad news about Akamai is that if you are a valid user on the internet, we are probably seeing you from one or more of our different properties worldwide. And unfortunately, if you are a bad guy on the internet, we are also probably seeing you on a regular basis across one or more different attacks. And so, while one entity doesn’t have that visibility, the benefit of Akamai delivering 20 – 30% of web traffic gives us that visibility which can now allow you as an Indian enterprise to get all the benefit from what we see globally, and apply it to your threat perimeter.
What would you advise the CIOs and IT heads about handling attacks?
IT heads, CIOs, heads of businesses are always inundated with a list of compliances and concerns and boxes they have to check. But really, the first thing is to step back and understand your threat perimeter and what’s really happening in your infrastructure. And while of course you will have to worry about checking the boxes and making sure that you’re complying to whatever the board may be mandating, or if you are a public agency, what sort of regulatory requirements you have, first and foremost understanding and appreciating any inventorying, the risk that you have and the type of attacks that are happening in your infrastructure on a daily basis is important.
And the second thing I want to advise you to think about is the value of an integrated cloud based solution. Today there are different statistics from different organisations on the number of solutions that a classic enterprise has and there are tens of solutions. Even if you buy all of those solutions, it can often be difficult to stich all of that together. So I’m certainly seeing a lot of leading enterprises thinking about cloud based architectures which are constantly being adapted and innovated as opposed to a set of boxes that you have to be updating and managing yourself.
And then third is learning from others, which no matter how good you are, no matter how much data you’re mining in your platform, you are seeing a small fraction of the attacks that are happening in the web on a daily basis and being part of a cloud based solution allows you to benefit from the good and the bad that are happening across the web. So all those pieces get back to the fundamental point that I made in the beginning – there is the shift from individual point based, bot based solutions to using cloud based solutions. Frankly, some of the conclusions that we’re seeing, our customers come through on their own. Most of our ideas come from the best practices we see our customers do.
How is Akamai catering to the clients with security concerns?
Our strategy in the security space is to provide the best cloud based solutions we can to our customers that scale. Typically as you know we largely work with the largest enterprises across certain key verticals. So in India, like in most other markets, the key verticals are FSI financial services, eCommerce, and public sector. The good news is we’ve had a lot of success in India in those verticals. We have 5 of the top five Tech firms, 3 of the top three stock exchanges, 5 of the top five media and entertainment firms and 5 of the top five e-commerce companies. Our approach to those companies is to come in with our cloud based solutions. Obviously, security these days is a big part of it but not the only part. Typically we work with our customers protecting their infrastructure and giving a high performance across those verticals that typically needs our web performance and security products together to provide high performing and secure experience for their end users. If you’re thinking about media and entertainment, we also add in things like our media products for your consumers who live in an increasingly mobile world, to make sure that your video and streaming offerings have high quality.
Our cloud based solutions allows our customers to innovate and scale. If it is an India-only enterprise, we’re giving it a platform that gives it high performance and reliability throughout India, allowing them to experiment and roll out new applications in the India market which is obviously very fast moving and mobile focused. If they are a global enterprise, we’re obviously allowing them to do the same thing across the world and have that high performance and reliability. We do that on our ever evolving cloud based solutions, which is one of our key value propositions for our customers not just in the area of security but also all of our products.
Original article can be found here: Outsourced tools have become a primary weapon in a lot of security based attacks: Michael Afergan, Akamai TechnologiesDA…