© 2020 Akamai1

Business Continuity – What have we learned so far?

Nick HawkinsSenior Director of Product Management,

Enterprise SecurityAkamai Technologies

© 2020 Akamai2

A Lot Has Changed…

© 2020 Akamai3

Global Event With Lasting Effects “People who were reticent to work remotely will find that they really thrive that way. Managers who didn’t think they could manage teams that were remote will have a different perspective. I do think we won’t go back.”

Jennifer ChristieHead of HR, Twitter

© 2020 Akamai4

A Digital Transformation Has Happened

API

API

IAASAPI

SAAS

People & Things

Complex Infrastructure

IaaS & SaaS

Apps & APIs

API

© 2020 Akamai5

Security ChallengesLarger Attack

SurfaceDirect Internet Access

(DIA), SaaS, cloud services, mobility, IOT all dramatically increase your

attack surface

Advanced Threats

Threats are becoming more complex, increasing in

volume and adversaries are now adept at bypassing

your defences

SecurityComplexity

Security complexity and control point complications has created security gaps

Security Skills

Worldwide shortage of security talent and

expertise means many security teams are

stretched

© 2020 Akamai6

New ChallengesSpear Fishing / BEC

COVID-19 Phishing

BYOD

Home Internet

Exposing new apps

© 2020 Akamai7

“Legacy perimeter security simply won’t work and won’t scale for the requirements of digital business

and digital government.”Gartner

Digital Trust Shouldn’t Be Inherent & Static

TRUSTED

IaaS

SaaS

WebApp #1 App #2

App #3 App #n

DC

DC

Office Airport

Source: Gartner; Zero Trust Is an Initial Step on the Roadmap to CARTA

UNTRUSTED

© 2020 Akamai8

Digital Trust Shouldn’t Be Inherent & Static

TRUSTED

IaaS

SaaS

WebApp #1 App #2

App #3 App #n

DC

DC

Office Home

UNTRUSTED

High risk

Complex

Slow

© 2020 Akamai9

Flexibility and Speed of Response are Key

Virtual/hardware appliances Security as a service

VS

© 2020 Akamai10

Move Beyond Inherent & Static Digital Trust

Office Airport

WebDC

IaaS

SaaSApp #1 App #2

App #3 App #n

App #1

App #2Dynamic app access based on identity, device & user context

Block access to malicious domains & URLs everywhere

Mitigate the latest & largest DDoS & web app attacks

Deliver quality user experiences with fast & reliable apps

© 2020 Akamai11

Adaptive Access & Threat ProtectionOne edge platform to secure all

enterprise apps & users

Protect Apps That You Control: Identity Aware Proxy : EAA

• Identity, single sign-on & multi-factor authentication• Inline app access, app performance, device

posture & app security

Protect Apps You Don’t Control: Secure Web Gateway : ETP

• Malware, phishing & DNS-based data exfiltration protection with inline payload analysis & Zero Day Phishing protection

Office Home

The WebDC

IaaS

SaaSApp #1 App #2

App #3 App #n

App #1

App #2

© 2020 Akamai12

Secure access to cloud apps

Traditional VPN elimination

Use Cases

Secure 3rd party app access

Guest Wi-Fiacceptable usage

enforcement

Direct Internet access security at

the edge

Mergers & acquisitions

Simply improve security posture

DC/IaaS visibility& protection

© 2020 Akamai13

Device & threat protection signals

DC IaaS

Adaptive Application Access Identity & contextual signals• Time of day, location, specific URL & HTTP

method, user agent string, etc.• Authentication state, group membership, etc.

Device signals• Presence/validity of client certificate• OS details (version, auto update, disk

encryption, firewall status, etc.)

Threat protection signals• 3rd party signal from EDRs like Carbon Black• Akamai signal from Enterprise Threat Protector

Policy Engine

Identity, contextual & threat protection signals

Access Proxy

© 2020 Akamai14

Traditional VPN Methodology

Other Apps

Corporate Directory (AD)

VPN Client

……

Intranet (SharePoint)

Jenkins(Dev Ops)

Oracle EBS (Expense)

Account Payable

Mail (Exchange)

ContactsInternet

Corporate Perimeter

Desktop with VPN

VPN Connector

VPN IPSec Tunnel IPSec Tunnel

© 2020 Akamai15

Enterprise Application Access

Corporate Directory (AD)

EAA Client

Intranet (SharePoint)

Jenkins(Dev Ops)

Oracle EBS (Expense)

Account Payable

Mail (Exchange)

Contacts

Corporate Perimeter

EAA Connector

EnterpriseApplicationAccessEdge

SaaS

mTLS

SAML 2.0

TLSWebsockets > HTTPs

Akamai Intelligent Platform

Firewall

Desktop with no VPN

Enterprise Threat

Protector

© 2020 Akamai16

Enabling LIXIL to migrate to zero trust architecture

https://www.akamai.com/jp/ja/about/news/press/2019-press/lixil-using-akamai-eaa.jsp

Challenges• Thousands of locations • Multiple business partners accessing internal applications.• Malware lateral movement from ASEAN countries to Tokyo.• Poor application performance, especially overseas users• Large potential attack surface

How Akamai Solved the Issues • Cloud-based zero trust access to internal applications• Migration away from legacy on-premise solutions• Significantly increased security posture

Additional Benefits• Massive increase in remote working requirements due to COVID-19• Deployed EAA client to thousands of employees in a few days

© 2020 Akamai17

Global Airline – Call Centre Use CaseAPAC based - Application infrastructure in their home country but call centers are offshore

Challenges• Complex infrastructure to access call center apps• Poor app performance• Potential security vulnerabilities due to complex architecture

How Akamai Solved the Issues • Improved app performance• Reduced attack surface• Reduced Deployment Time

Additional Benefits• Massive increase in call volumes due to COVID-19• Redeployed 600 Loyalty program agents in 2 hours to assist!

© 2020 Akamai18

Secure access to cloud apps

Traditional VPN elimination

Use Cases

Secure 3rd party app access

Guest Wi-Fiacceptable usage

enforcement

Direct Internet access security at

the edge

Mergers & acquisitions

Simply improve security posture

DC/IaaS visibility& protection

© 2020 Akamai19

Adaptive Threat Protection - Beyond DNS

DNS HTTP/S Payload

On & off-net user DNS requests

Visibility into all Internet requests

Domains evaluated against Akamai Cloud Security Intelligence

Known malicious domains related to malware, ransomware & DNS exfiltration blocked

Suspected malicious domains forwarded to Akamai cloud proxy

URLs evaluated against Akamai Cloud Security Intelligence

Requests to known malicious URLs blocked

Suspected URLs forwarded to Akamai cloud proxy

Akamai cloud proxy inspects HTTP/S payload inline across multiple malware engines

If malware detected request blocked

All traffic | Identity integration | Optional Cloud Sandbox

© 2020 Akamai20

The new corporate office

© 2020 Akamai21

Corporate Network C&C

Cloud Security

Intelligence Threats

Device

Off-net

Device

Cloud SWG Platform

Web App

ConnectorIDP

ActiveDir. AD Auth SAML

InternetWeb Video

Social Network

Client

Client

Cloud Sandbox Platform

DNS

Cloud Proxy

Cloud DNS

HTTP(s)

Cloud Based Secure Web Gateway

© 2020 Akamai22

Protecting A Nationwide School Network

• Provide protection to all staff and students• Protects against Malware, Phishing & CnC traffic• Enforces Acceptable Use Policy (AUP)• Blocks Anonymisers• Enforces SafeSearch

https://www.n4l.co.nz/how-does-n4l-help-protect-schools-against-ransomware/

© 2020 Akamai23

Extending That Protection To The Home

● Extending ETP coverage to all students studying at home

● Deliver exactly the same protection as if they were in school

https://interfaceonline.co.nz/2020/04/14/n4l-provides-free-safety-filter-for-all-students-learning-from-home/?fbclid=IwAR3lWB1EmyvUO6bbY1IbLJDxkM8E393cqaXrhpSHoPiadwZuU_Tm1K2r96A

https://switchonsafety.co.nz/

© 2020 Akamai24

Enabling The Pokémon Company To Improve Network Security

Challenges• Work with many external business partners• High volume of external access to internal network• Needed to move towards zero trust to ensure network was still secure

How Akamai Solved The Issues• Strengthens measures against targeted attacks using Akamai’s latest

threat information• Cloud-based architecture promotes simple and rapid deployment• Intuitive management interface reduces IT team workload

https://www.akamai.com/us/en/about/news/press/2020-press/pokemon-using-akamai-ETP.jsp

© 2020 Akamai251 | Presentation Title Here | © 2018 Akamai | Confidential

Overview

KEY PRODUCTSThreat protection ► Enterprise Threat Protector

Identity and application access ► Enterprise Application Access

DDoS/WAF ► Kona Site Defender or Web Application Protector

Application acceleration ► Ion

OVERVIEW

The Akamai Intelligent Edge Platform provides a single set ofsecurity and access controls for your remote workforce. Client users can enjoy the same user experience from anywhere around the globe through the Internet. At the same time, Akamai’s solutions restrict users to required applications. This saves resources, improves performance, and reduces risk.

EDGE PLATFORM

Using the Akamai Intelligent Edge Platform, employees can access corporate and web applications from anywhere via the Internet. Applications can be protected from attacks as well as accelerated for optimal performance.

User identity is established using on-premises, cloud-based, or Akamai identity stores. Users are authenticated with multi-factor authentication. If the destination is a corporate application, devices undergo security posture assessment.

For web applications, threat protection defends employees from malware, phishing, and malicious web content. It also provides visibility into and control of all enterprise web traffic.

Edge servers automatically drop network-layer DDoS attacks and inspect web requests to block malicious threats like SQL injections, XSS, and RFI.

Based on the user’s identity and other security signals, access is provided only to required applications and not the entire corporate network.

Identity App Access

Web

Home

DDoS/WAF

For corporate applications, transactions are accelerated through protocol and route optimization, and content can be served from cache to improve performance and reduce cloud bandwidth costs.

App Acceleration

Cafe

Airport

Published 04/20

Office

Corporate Apps

Threat Protection

IaaSProvider

DataCenter

Attacker

Attacker

SaaSProvider

SECURE YOUR REMOTE WORKFORCEReference Architecture

© 2020 Akamai26

Key Outcomes • Authorizations based on multiple security layers

• Secured access to business critical apps

• Increased user protection irrespective of location

• Increased workforce productivity

• Reduced costs, improved scalability, increased flexibility

© 2020 Akamai27

Get Started Today

Akamai’s Business Continuity Assistance Program: • Rapid review of your remote

user requirements• Determination of assistance• 60-days free period usage• Self-service and assisted

plans

https://www.akamai.com/us/en/campaign/business-continuity-assistance-program.jsp

© 2020 Akamai28

Learn More About Akamai’s Journey to Zero TrustKeith Hills, Senior Director IT Risk & Security

• https://www.akamai.com/us/en/campaign/where-to-start-with-zero-trust-security.jsp#how-akamai-it-adopts-zero-trust

Akamai Case Study• https://www.akamai.com/us/en/multimedia/documents/case-study/how-akamai-

implemented-a-zero-trust-security-model-without-a-vpn.pdf

Charlie Gero – Akamai CTO• Moving Beyond Perimeter Security

• https://content.akamai.com/us-en-PG10736-zero-trust-moving-beyond-perimeter-security.html

• Zero Trust With Akamai• https://www.akamai.com/us/en/solutions/security/zero

-trust-security-model.jsp#enable-zero-trust-security

© 2020 Akamai29