Closing the Loop on Web Application Vulnerabilities - John Dilley, Akamai

1,936 views
1,728 views

Published on

Join Akamai Security Engineering for an overview of our WAF rule process. Starting with the OWASP rule set, learn how Akamai incorporates our experience and security intelligence to improve core rules and create new rules. We'll explore how teams create further customized rules for individual application patching and close the loop, bringing these rules back through engineering to be normalized and delivered as common rules. Will include a view into how we're changing our process to take advantage of new security intelligence capabilities. See John Dilley's Edge Presentation: http://www.akamai.com/html/custconf/edgetv-security.html#closing-the-loop

The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013.

Learn more at http://www.akamai.com/edge

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,936
On SlideShare
0
From Embeds
0
Number of Embeds
127
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Closing the Loop on Web Application Vulnerabilities - John Dilley, Akamai

  1. 1. Closing the Loop on Web Application Vulnerabilities John Dilley, Chief Product Architect, Akamai
  2. 2. Closing the Loop on Web Application Vulnerabilities Join Akamai Security Engineering for an overview of our WAF rule process. Starting with the Grow revenue opportunities with OWASP rule set, learn how Akamai incorporates our experience and security intelligence tofast, personalized web experiences and manage complexity from peak improve core rules and create new rules. We'll explore how teams create further customized demand, mobile devices and data rules for individual application patching and close the loop, bringing these rules back through collection. engineering to be normalized and delivered as common rules. Will include a view into how we're changing our process to take advantage of new security intelligence capabilities. ©2013 AKAMAI | FASTER FORWARDTM
  3. 3. Agenda • How Akamai Kona provides “Closed Loop” security protection • How Akamai is evolving this protection ©2013 AKAMAI | FASTER FORWARDTM
  4. 4. Why Is a Closed Loop Needed in Security? Attacks increasing Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and in sophistication attacks. sophistication of web ©2013 AKAMAI | FASTER FORWARDTM
  5. 5. What Is a Closed Loop? And it Start again… starts Attackers evolve Analysis leads to new protections Avoid data theft and downtime by extending the security perimeter outsideAttack the data-center and protect from increasing frequency, scale and sophistication of web attacks. Incident response ©2013 AKAMAI | FASTER FORWARDTM
  6. 6. How Does a WAF Work? John Dilley 1234 5678 1234 5678 10/11 John Dilley 1234 5678 1234 5678 10/11 Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  7. 7. Applying a Closed Loop to the WAF External Intel + Akamai Research False Positive Analysis John Dilley 10/11 1234 5678 1234 5678 Customer Configurations Avoid data theft and downtime by extending the security perimeter outside the data-center and Behavior protect from increasing frequency, scale and Analysis sophistication of web attacks. Site Monitoring ©2013 AKAMAI | FASTER FORWARDTM
  8. 8. Applying a Closed Loop to the WAF • OWASP • FS-ISAC • TrustWave • FIRST • Security Research • FBI Avoid data theft and downtime by extending the • NANOG security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. • InfoSec ©2013 AKAMAI | FASTER FORWARDTM
  9. 9. Applying a Closed Loop to the WAF Kona Protections: • WAF rules • IP blacklists / whitelists • Rate Controls Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  10. 10. Applying a Closed Loop to the WAF • Akamai Professional Services Avoid data theft and downtime by extending the security perimeter outside the data-center and • MSSPs protect from increasing frequency, scale and • You sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  11. 11. Applying a Closed Loop to the WAF • Luna Security Monitor ©2013 AKAMAI | FASTER FORWARDTM
  12. 12. Applying a Closed Loop to the WAF • Luna Security by extending the Avoid data theft and downtimeMonitor security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  13. 13. Applying a Closed Loop to the WAF InfoSec Avoid•data theft and downtime by extending the security perimeter outside the data-center and • Security Research protect from increasing frequency, scale and • Professional Services sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  14. 14. Applying a Closed Loop to the WAF • Security Research • Professional Services Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  15. 15. Applying a Closed Loop to the WAF Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  16. 16. Evaluating our Progress 28.90% 23.98% 15.02% 5.72% 0.94% 1.6.1 0.09% 2.2.6 (OWASP) False Positives Akamai Kona Rules False Negatives ©2013 AKAMAI | FASTER FORWARDTM
  17. 17. How Did We Do? 37.35% 19.68% 5.72% 0.48% 0.31% 0.09% Akamai Kona Rules Incapsula (Imperva) False Positives CloudFlare False Negatives ©2013 AKAMAI | FASTER FORWARDTM
  18. 18. Summary • Akamai Kona provides a learning platform – Visibility across customers and industries – Ability to apply new protections before you get attacked • Akamai Big Data delivers an evolving and richer security ecosystem – Big Data platform helps Akamai develop, refine, improve Kona Rules – Client Reputation products in 2014 based on Big Data platform ©2013 AKAMAI | FASTER FORWARDTM
  19. 19. Questions? ©2013 AKAMAI | FASTER FORWARDTM
  20. 20. Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and sophistication of web attacks. ©2013 AKAMAI | FASTER FORWARDTM
  21. 21. How Are WAF Rules Created? Akamai Core Rules Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scale and Akamai Common Rules sophistication of web attacks. Custom Rules ©2013 AKAMAI | FASTER FORWARDTM
  22. 22. How Are WAF Rules Created? Akamai Core Rules OWASP Akamai Security Research team Akamai Professional Services team Kona customer community Avoid data theft and downtime by extending the security perimeter outside the data-center and protect from increasing frequency, scaleAkamai Core Rules and Akamai Common Rules sophistication of web attacks. Akamai Common Rules Custom Rules Custom Rules ©2013 AKAMAI | FASTER FORWARDTM

×