Following Infosecurity Europe in London, Roger Barranco, Vice President, Global Security Operations, Akamai Technologies, visited Switzerland. We had the chance to meet him and get answers to some of the most pertinent questions about the current state of cyber security, especially with regard to DDoS Attacks.
R.B. That’s a great question in part due to some important nuances to the answer. While the overall number of DDoS attacks has slightly declined since the peak of 2H 2021, the actual number of enterprises being attacked is on the rise along with the number of endpoints being attacked within the customer network. We believe this is a result of threat actors attempting to exhaust enterprise firewalls, routers and/or other edge gear while simultaneously probing for weaknesses in often new or previously unprotected systems.
There has been a mild shift away from repeatedly attacking a single enterprise towards attacking multiple enterprises, so the risk of attack to the average enterprise is higher than ever in the past. The attackers continue to evolve with new tooling and attack vectors. Just this week, we identified three new protocols that were used to attack customers.
R.B. To stay ahead of the DDoS threat, Akamai continues to invest in our platform, people and processes.
Platform: We continue to expand capacity and capabilities in advance of the largest attacks (last reported at 3.47 Tbps by Microsoft).
People: While enterprise teams may only experience DDoS attacks a few times a year, our Security Operations Command Centers mitigate advanced attacks every day. We invest in ongoing training and knowledge sharing across our 6 global SOCCs to maintain the most knowledgeable and experienced DDoS experts, which are available 24x7x365.
Process: Our processes drive continuous improvement and define proactive mitigations. Once a new tool or threat vector is identified, the Prolexic SOCC takes immediate action to prepare mitigations and train our team to protect all our clients against these threats. We engage our clients to understand their environments to define proactive mitigations and automate protection when appropriate.
It’s additionally important to recognize that especially now with all the current geopolitical challenges, threats are ever evolving hence our constant efforts to enhance our capabilities while partnering with our customers to tune their environment resulting in a solid defensive posture.
R.B. Our platform is designed to fight attacks as close to the attack source as possible and as far away from the customer as possible. By adding a scrubbing center in Switzerland we continue to segregate bad traffic from desired local traffic in a big way. The reason I said “big way” is, we deploy larger / very powerful scrubbing centers whicht avoids the challenges associated with deploying multitudes of tiny scrubbing points of presence that can be readily overwhelmed resulting in traffic shaping which can negatively impact performance. The world depends on the services that originate from Switzerland where we have many significant customers hence our excitement to further protect such a critical region with focus on local Swiss traffic.
R.B. Excellent progress has been made on the deployment from which we expect to go-live in the October 2022 timeframe.
R.B. The investment in Akamai’s Prolexic platform continues to be significant beyond scale and capacity to include tooling, detections and options for granular mitigation. A couple new and exciting capabilities will be available this year like
I would also like to highlight that our approach to protecting our customers is different and highly effective from the perspective of building proactive defensive postures that result in zero second mitigation SLAs mixed with the proper amount of automation and, importantly, appropriate human involvement.