closing the loop on web application vulnerabilities - john dilley, akamai
DESCRIPTION
Join Akamai Security Engineering for an overview of our WAF rule process. Starting with the OWASP rule set, learn how Akamai incorporates our experience and security intelligence to improve core rules and create new rules. We'll explore how teams create further customized rules for individual application patching and close the loop, bringing these rules back through engineering to be normalized and delivered as common rules. Will include a view into how we're changing our process to take advantage of new security intelligence capabilities. See John Dilley's Edge Presentation: http://www.akamai.com/html/custconf/edgetv-security.html#closing-the-loop The Akamai Edge Conference is a gathering of the industry revolutionaries who are committed to creating leading edge experiences, realizing the full potential of what is possible in a Faster Forward World. From customer innovation stories, industry panels, technical labs, partner and government forums to Web security and developers' tracks, there’s something for everyone at Edge 2013. Learn more at http://www.akamai.com/edgeTRANSCRIPT
Closing the Loop on Web Application VulnerabilitiesJohn Dilley, Chief Product Architect, Akamai
©2013 AKAMAI | FASTER FORWARDTM
Grow revenue opportunities with fast, personalized
web experiences and manage complexity from peak
demand, mobile devices and data collection.
Closing the Loop on Web Application VulnerabilitiesJoin Akamai Security Engineering for an overview of our WAF rule process. Starting with the
OWASP rule set, learn how Akamai incorporates our experience and security intelligence to
improve core rules and create new rules. We'll explore how teams create further customized
rules for individual application patching and close the loop, bringing these rules back through
engineering to be normalized and delivered as common rules. Will include a view into how
we're changing our process to take advantage of new security intelligence capabilities.
©2013 AKAMAI | FASTER FORWARDTM
Agenda
• How Akamai Kona provides “Closed Loop” security protection
• How Akamai is evolving this protection
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Why Is a Closed Loop Needed in Security?
Attacks increasing in sophistication
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
What Is a Closed Loop?
Start
Attack
Incident responseAnalysis leads
to new protections
Attackers evolve
And it starts again…
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
John Dilley 10/11
1234 5678 1234 5678
How Does a WAF Work?
John Dilley 10/11
1234 5678 1234 5678
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
John Dilley 10/11
1234 5678 1234 5678
Applying a Closed Loop to the WAF
ExternalIntel
+Akamai
Research
CustomerConfigurations
False PositiveAnalysis
SiteMonitoring
BehaviorAnalysis
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Applying a Closed Loop to the WAF
• OWASP
• TrustWave
• FS-ISAC
• FIRST
• FBI
• NANOG
• Security Research • InfoSec
©2013 AKAMAI | FASTER FORWARDTM
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Applying a Closed Loop to the WAF
©2013 AKAMAI | FASTER FORWARDTM©2013 AKAMAI | FASTER FORWARDTM
Kona Protections:
• WAF rules
• IP blacklists / whitelists
• Rate Controls
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Applying a Closed Loop to the WAF
©2013 AKAMAI | FASTER FORWARDTM
• Akamai Professional
Services• MSSPs
• You
©2013 AKAMAI | FASTER FORWARDTM
Applying a Closed Loop to the WAF
• Luna Security Monitor
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
• Luna Security Monitor
Applying a Closed Loop to the WAF
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Applying a Closed Loop to the WAF
• InfoSec
• Security Research
• Professional Services
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Applying a Closed Loop to the WAF
©2013 AKAMAI | FASTER FORWARDTM
• Security Research
• Professional Services
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Applying a Closed Loop to the WAF
©2013 AKAMAI | FASTER FORWARDTM
©2013 AKAMAI | FASTER FORWARDTM
Evaluating our Progress
0.94%
15.02%
0.09%
28.90%
23.98%
5.72%
1.6.1 2.2.6 (OWASP) Akamai Kona Rules
False Positives False Negatives
©2013 AKAMAI | FASTER FORWARDTM
How Did We Do?
0.09% 0.31% 0.48%
5.72%
19.68%
37.35%
Akamai Kona Rules Incapsula (Imperva) CloudFlare
False Positives False Negatives
©2013 AKAMAI | FASTER FORWARDTM
Summary
• Akamai Kona provides a learning platform
– Visibility across customers and industries
– Ability to apply new protections before you get attacked
• Akamai Big Data delivers an evolving and richer security ecosystem
– Big Data platform helps Akamai develop, refine, improve Kona Rules
– Client Reputation products in 2014 based on Big Data platform
©2013 AKAMAI | FASTER FORWARDTM
Questions?
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
©2013 AKAMAI | FASTER FORWARDTM
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
How Are WAF Rules Created?
Akamai Core Rules
Akamai Common Rules
Custom Rules
©2013 AKAMAI | FASTER FORWARDTM
Avoid data theft and downtime by extending the
security perimeter outside the data-center and
protect from increasing frequency, scale and
sophistication of web attacks.
Akamai Core Rules
Akamai Common Rules
Custom Rules
How Are WAF Rules Created?
Akamai Core Rules
Akamai Common Rules
Custom Rules
Akamai Security Research team
Akamai Professional Services team
Kona customercommunity
OWASP