Your SlideShare is downloading. ×

Big Data Intelligence - Or Katz, Akamai and Tsvika Klein, Akamai


Published on

As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess …

As web application attacks turn into massive campaigns against large corporations across the globe, web application firewall data increases exponentially, leaving security experts with a big data mess to analyze. Pinpointing real attacks in a sea of security event noise becomes an almost impossible tedious task. In this presentation, we will unveil a unique platform for collecting, analyzing and distilling Petabytes of WAF security intelligence information. Using the collected data, we will discuss the OWASP ModSecurity Core Rule Set project's accuracy, and reveal common attack trends, as well as our impressions and suggestions for how to wisely make the best out of the CRS project. See Or Katz and Tsvika Klein's Edge Presentation:

The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013.

Learn more at

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Big Data Intelligence Or Katz, Principal Security Researcher Tsvika Klein, Security Product Manager
  • 2. August 30 2013 Cyber Attack Origin: target: type: syria major US media sites Orchestrated & synced recon scan & d.d.o.s outcome: attacks blocked by akamai kona analysis: further analysis made using Akamai’s security big data platform... ©2013 AKAMAI | FASTER FORWARDTM
  • 3. Avg. Attacks from Syria (2013) Attacks from Syria (Aug-Oct) ‫( سوريا‬Syria) Google Trends Attacks from TOR Network Aug-20 Aug-30 Sep-4 Sep-11 ©2013 AKAMAI | FASTER FORWARDTM
  • 4. The AUG-30 Syrian Attack Deconstructed… ©2013 AKAMAI | FASTER FORWARDTM
  • 5. Big Data - Introduction ©2013 AKAMAI | FASTER FORWARDTM
  • 6. Akamai is Big Data 30% of Internet traffic Delivered by Akamai 100K+ Edge servers Collecting data in real time 734 Million IPv4 addresses seen by Akamai (quarterly) 30 Billion Security events logged 260 Terabytes Compressed daily logs ©2013 AKAMAI | FASTER FORWARDTM
  • 7. Security Big Data Challenge #1
  • 8. Security Big Data Challenge #2
  • 9. Akamai’s Big Data Platform – High Level Architecture IP Table Logs HTTP WAF Triggers Rate Triggers IP Geo Info Big Data Platform SARA Client Reputation Client Reputatio n Threat Reports ©2013 AKAMAI | FASTER FORWARDTM
  • 10. Security Analytics with SARA • Interactive Tool to Analyze Kona Events • Reporting Engine to generate the WAF Analysis Report ©2013 AKAMAI | FASTER FORWARDTM
  • 11. Client Reputation Record past behavior and use the data to protect everyone • Analyze activity over the Internet • We see majority of all Web users over period of one month • Focus on the source of the attack • Identify good and bad clients based on past behavior • Define an attack reputation score for clients • Filter malicious client based on reputation score • Distributed to over 100K Edge servers • Shared across our customers ©2013 AKAMAI | FASTER FORWARDTM
  • 12. Client Reputation Definition “To provide security intelligence … a reputation provider must take action in three phases. It must collect relevant data, it must analyze this data for security intelligence … and it must distribute the results quickly and efficiently to security policy enforcement ...” Source: Gartner, Dec 2012 ©2013 AKAMAI | FASTER FORWARDTM
  • 13. Big Data analysis – Use cases • • • ©2013 AKAMAI | FASTER FORWARDTM
  • 15. Web LOIC Attack Attackers! ©2013 AKAMAI | FASTER FORWARDTM
  • 16. Grow revenue opportunities with fast, personalized web experiences and manage complexity from peak demand, mobile devices and data collection. ©2013 AKAMAI | FASTER FORWARDTM
  • 17. Scraping Bot Net Attacker - $?$?$ ©2013 AKAMAI | FASTER FORWARDTM
  • 18. Anonymous Networks • • • • Tor Opera mini (cloud browsing) Blackberry infrastructure Cloud services ©2013 AKAMAI | FASTER FORWARDTM
  • 19. Big Data - Summary • Insight like never before • Helps to address the evolving threat landscape • Innovative security solutions to protect our customers ©2013 AKAMAI | FASTER FORWARDTM
  • 20. Glance into the Future Fraud Prevention Risk Based Authentication Adaptive Security Controls Simplified Configuration ©2013 AKAMAI | FASTER FORWARDTM