© 2020 Akamai1
Business Continuity – What have we learned so far?
Nick HawkinsSenior Director of Product Management,
Enterprise SecurityAkamai Technologies
© 2020 Akamai2
A Lot Has Changed…
© 2020 Akamai3
Global Event With Lasting Effects “People who were reticent to work remotely will find that they really thrive that way. Managers who didn’t think they could manage teams that were remote will have a different perspective. I do think we won’t go back.”
Jennifer ChristieHead of HR, Twitter
© 2020 Akamai4
A Digital Transformation Has Happened
API
API
IAASAPI
SAAS
People & Things
Complex Infrastructure
IaaS & SaaS
Apps & APIs
API
© 2020 Akamai5
Security ChallengesLarger Attack
SurfaceDirect Internet Access
(DIA), SaaS, cloud services, mobility, IOT all dramatically increase your
attack surface
Advanced Threats
Threats are becoming more complex, increasing in
volume and adversaries are now adept at bypassing
your defences
SecurityComplexity
Security complexity and control point complications has created security gaps
Security Skills
Worldwide shortage of security talent and
expertise means many security teams are
stretched
© 2020 Akamai6
New ChallengesSpear Fishing / BEC
COVID-19 Phishing
BYOD
Home Internet
Exposing new apps
© 2020 Akamai7
“Legacy perimeter security simply won’t work and won’t scale for the requirements of digital business
and digital government.”Gartner
Digital Trust Shouldn’t Be Inherent & Static
TRUSTED
IaaS
SaaS
WebApp #1 App #2
App #3 App #n
DC
DC
Office Airport
Source: Gartner; Zero Trust Is an Initial Step on the Roadmap to CARTA
UNTRUSTED
© 2020 Akamai8
Digital Trust Shouldn’t Be Inherent & Static
TRUSTED
IaaS
SaaS
WebApp #1 App #2
App #3 App #n
DC
DC
Office Home
UNTRUSTED
High risk
Complex
Slow
© 2020 Akamai9
Flexibility and Speed of Response are Key
Virtual/hardware appliances Security as a service
VS
© 2020 Akamai10
Move Beyond Inherent & Static Digital Trust
Office Airport
WebDC
IaaS
SaaSApp #1 App #2
App #3 App #n
App #1
App #2Dynamic app access based on identity, device & user context
Block access to malicious domains & URLs everywhere
Mitigate the latest & largest DDoS & web app attacks
Deliver quality user experiences with fast & reliable apps
© 2020 Akamai11
Adaptive Access & Threat ProtectionOne edge platform to secure all
enterprise apps & users
Protect Apps That You Control: Identity Aware Proxy : EAA
• Identity, single sign-on & multi-factor authentication• Inline app access, app performance, device
posture & app security
Protect Apps You Don’t Control: Secure Web Gateway : ETP
• Malware, phishing & DNS-based data exfiltration protection with inline payload analysis & Zero Day Phishing protection
Office Home
The WebDC
IaaS
SaaSApp #1 App #2
App #3 App #n
App #1
App #2
© 2020 Akamai12
Secure access to cloud apps
Traditional VPN elimination
Use Cases
Secure 3rd party app access
Guest Wi-Fiacceptable usage
enforcement
Direct Internet access security at
the edge
Mergers & acquisitions
Simply improve security posture
DC/IaaS visibility& protection
© 2020 Akamai13
Device & threat protection signals
DC IaaS
Adaptive Application Access Identity & contextual signals• Time of day, location, specific URL & HTTP
method, user agent string, etc.• Authentication state, group membership, etc.
Device signals• Presence/validity of client certificate• OS details (version, auto update, disk
encryption, firewall status, etc.)
Threat protection signals• 3rd party signal from EDRs like Carbon Black• Akamai signal from Enterprise Threat Protector
Policy Engine
Identity, contextual & threat protection signals
Access Proxy
© 2020 Akamai14
Traditional VPN Methodology
Other Apps
Corporate Directory (AD)
VPN Client
……
Intranet (SharePoint)
Jenkins(Dev Ops)
Oracle EBS (Expense)
Account Payable
Mail (Exchange)
ContactsInternet
Corporate Perimeter
Desktop with VPN
VPN Connector
VPN IPSec Tunnel IPSec Tunnel
© 2020 Akamai15
Enterprise Application Access
Corporate Directory (AD)
EAA Client
Intranet (SharePoint)
Jenkins(Dev Ops)
Oracle EBS (Expense)
Account Payable
Mail (Exchange)
Contacts
Corporate Perimeter
EAA Connector
EnterpriseApplicationAccessEdge
SaaS
mTLS
SAML 2.0
TLSWebsockets > HTTPs
Akamai Intelligent Platform
Firewall
Desktop with no VPN
Enterprise Threat
Protector
© 2020 Akamai16
Enabling LIXIL to migrate to zero trust architecture
https://www.akamai.com/jp/ja/about/news/press/2019-press/lixil-using-akamai-eaa.jsp
Challenges• Thousands of locations • Multiple business partners accessing internal applications.• Malware lateral movement from ASEAN countries to Tokyo.• Poor application performance, especially overseas users• Large potential attack surface
How Akamai Solved the Issues • Cloud-based zero trust access to internal applications• Migration away from legacy on-premise solutions• Significantly increased security posture
Additional Benefits• Massive increase in remote working requirements due to COVID-19• Deployed EAA client to thousands of employees in a few days
© 2020 Akamai17
Global Airline – Call Centre Use CaseAPAC based - Application infrastructure in their home country but call centers are offshore
Challenges• Complex infrastructure to access call center apps• Poor app performance• Potential security vulnerabilities due to complex architecture
How Akamai Solved the Issues • Improved app performance• Reduced attack surface• Reduced Deployment Time
Additional Benefits• Massive increase in call volumes due to COVID-19• Redeployed 600 Loyalty program agents in 2 hours to assist!
© 2020 Akamai18
Secure access to cloud apps
Traditional VPN elimination
Use Cases
Secure 3rd party app access
Guest Wi-Fiacceptable usage
enforcement
Direct Internet access security at
the edge
Mergers & acquisitions
Simply improve security posture
DC/IaaS visibility& protection
© 2020 Akamai19
Adaptive Threat Protection - Beyond DNS
DNS HTTP/S Payload
On & off-net user DNS requests
Visibility into all Internet requests
Domains evaluated against Akamai Cloud Security Intelligence
Known malicious domains related to malware, ransomware & DNS exfiltration blocked
Suspected malicious domains forwarded to Akamai cloud proxy
URLs evaluated against Akamai Cloud Security Intelligence
Requests to known malicious URLs blocked
Suspected URLs forwarded to Akamai cloud proxy
Akamai cloud proxy inspects HTTP/S payload inline across multiple malware engines
If malware detected request blocked
All traffic | Identity integration | Optional Cloud Sandbox
© 2020 Akamai20
The new corporate office
© 2020 Akamai21
Corporate Network C&C
Cloud Security
Intelligence Threats
Device
Off-net
Device
Cloud SWG Platform
Web App
ConnectorIDP
ActiveDir. AD Auth SAML
InternetWeb Video
Social Network
Client
Client
Cloud Sandbox Platform
DNS
Cloud Proxy
Cloud DNS
HTTP(s)
Cloud Based Secure Web Gateway
© 2020 Akamai22
Protecting A Nationwide School Network
• Provide protection to all staff and students• Protects against Malware, Phishing & CnC traffic• Enforces Acceptable Use Policy (AUP)• Blocks Anonymisers• Enforces SafeSearch
https://www.n4l.co.nz/how-does-n4l-help-protect-schools-against-ransomware/
© 2020 Akamai23
Extending That Protection To The Home
● Extending ETP coverage to all students studying at home
● Deliver exactly the same protection as if they were in school
https://interfaceonline.co.nz/2020/04/14/n4l-provides-free-safety-filter-for-all-students-learning-from-home/?fbclid=IwAR3lWB1EmyvUO6bbY1IbLJDxkM8E393cqaXrhpSHoPiadwZuU_Tm1K2r96A
https://switchonsafety.co.nz/
© 2020 Akamai24
Enabling The Pokémon Company To Improve Network Security
Challenges• Work with many external business partners• High volume of external access to internal network• Needed to move towards zero trust to ensure network was still secure
How Akamai Solved The Issues• Strengthens measures against targeted attacks using Akamai’s latest
threat information• Cloud-based architecture promotes simple and rapid deployment• Intuitive management interface reduces IT team workload
https://www.akamai.com/us/en/about/news/press/2020-press/pokemon-using-akamai-ETP.jsp
© 2020 Akamai251 | Presentation Title Here | © 2018 Akamai | Confidential
Overview
KEY PRODUCTSThreat protection ► Enterprise Threat Protector
Identity and application access ► Enterprise Application Access
DDoS/WAF ► Kona Site Defender or Web Application Protector
Application acceleration ► Ion
OVERVIEW
The Akamai Intelligent Edge Platform provides a single set ofsecurity and access controls for your remote workforce. Client users can enjoy the same user experience from anywhere around the globe through the Internet. At the same time, Akamai’s solutions restrict users to required applications. This saves resources, improves performance, and reduces risk.
EDGE PLATFORM
Using the Akamai Intelligent Edge Platform, employees can access corporate and web applications from anywhere via the Internet. Applications can be protected from attacks as well as accelerated for optimal performance.
User identity is established using on-premises, cloud-based, or Akamai identity stores. Users are authenticated with multi-factor authentication. If the destination is a corporate application, devices undergo security posture assessment.
For web applications, threat protection defends employees from malware, phishing, and malicious web content. It also provides visibility into and control of all enterprise web traffic.
Edge servers automatically drop network-layer DDoS attacks and inspect web requests to block malicious threats like SQL injections, XSS, and RFI.
Based on the user’s identity and other security signals, access is provided only to required applications and not the entire corporate network.
Identity App Access
Web
Home
DDoS/WAF
For corporate applications, transactions are accelerated through protocol and route optimization, and content can be served from cache to improve performance and reduce cloud bandwidth costs.
App Acceleration
Cafe
Airport
Published 04/20
Office
Corporate Apps
Threat Protection
IaaSProvider
DataCenter
Attacker
Attacker
SaaSProvider
SECURE YOUR REMOTE WORKFORCEReference Architecture
© 2020 Akamai26
Key Outcomes • Authorizations based on multiple security layers
• Secured access to business critical apps
• Increased user protection irrespective of location
• Increased workforce productivity
• Reduced costs, improved scalability, increased flexibility
© 2020 Akamai27
Get Started Today
Akamai’s Business Continuity Assistance Program: • Rapid review of your remote
user requirements• Determination of assistance• 60-days free period usage• Self-service and assisted
plans
https://www.akamai.com/us/en/campaign/business-continuity-assistance-program.jsp
© 2020 Akamai28
Learn More About Akamai’s Journey to Zero TrustKeith Hills, Senior Director IT Risk & Security
• https://www.akamai.com/us/en/campaign/where-to-start-with-zero-trust-security.jsp#how-akamai-it-adopts-zero-trust
Akamai Case Study• https://www.akamai.com/us/en/multimedia/documents/case-study/how-akamai-
implemented-a-zero-trust-security-model-without-a-vpn.pdf
Charlie Gero – Akamai CTO• Moving Beyond Perimeter Security
• https://content.akamai.com/us-en-PG10736-zero-trust-moving-beyond-perimeter-security.html
• Zero Trust With Akamai• https://www.akamai.com/us/en/solutions/security/zero
-trust-security-model.jsp#enable-zero-trust-security
© 2020 Akamai29
Top Related