Absorbing DDoS; Akamai’s Kona security service

Written by

Even amongst those outside the IT industry, it is popular to speculate where we would be without the internet; what would happen if you could switch if off over night? Those in the know like to point out that fault tolerance, through alternative routing, was one of this reasons for the internet’s conception back in the 1960s. Anyway, how could you make the internet disappear overnight?

One way, at least for a regional outage, would be a sudden widespread failure of power supply. This can be caused by adverse weather (e.g. ice storms bringing down power lines), solar storms (which could cause transformers within national power grids to melt) or some other catastrophe such as a tsunami or meteorite impact (the dinosaurs didn’t have an internet to worry about!)

There is one other less dramatic way the internet could be brought grinding to halt or at least become uselessly slow for many users and that is if Akamai Technologies Inc. closed up shop. Akamai is little known to those outside the IT industry and often forgotten by those within. However, for those interested in the performance of the internet, Akamai is one of those brand names that has transmuted from a noun to verb. You will hear said of a web site or on-demand application that has been Akamaised.

If you have ever wondered why it is that iPlayer can actually deliver BBC content to you so efficiently wherever you can legally watch it, why pictures appear so quickly when you view profiles on certain social networks or why you download iTunes content so quickly, it is because all these internet services have been Akamaised. Akamai states publically that its platform delivers around 30% of all web traffic; in private it reckons it is considerably more than this.

Akamai’s platform consists of over 115,000 servers distributed around the globe. It uses these to cache popular content and applications close to those that want to use them. This saves its customers having to do the same; they run their main central servers and Akamai ensures local copies are available in remote places.

In the 14 years since it was founded Akamai has made use of its platform to move way beyond pure web content distribution (a service it calls Aqua) and video distribution (Sola). Other services include enterprise application acceleration (Terra), network traffic security (Kona) and a line of managed and licensed content distribution offerings for network operators (Aura).

The Kona security service particularly intrigued Quocirca. Having spoken to an Akamai customer, it was clear that it saw Kona as supplementary to other security measures not an alternative to them, but very much a front line defence. Kona protects against two basic types of threat; it can spot attempts to exploit known vulnerabilities such as SQL injection and cross site scripting and it can keep DDoS attacks at bay. In both cases doing so way out in the cloud before attacks get close to home.

With DDoS attacks there is an important reason for Akamai customers in particular to look at adding Kona to their other Akamai subscriptions. At one level Akamai helps prevent the impact of a DDoS attack for any of its customers as the sheer scale of its network means the attack can be absorbed. However, it is not part of Akamai’s remit to detect and stop such an attack, the effect of being Akamaised will be to speed up a DDoS attack.

This may not be catastrophic because of Akamai’s absorbent properties, but it could lead to a hugely increased bill for the underlying Akamai services which are charged for based on traffic volumes. These could double, triple or worse during a DDoS attack. However, for customers that include Kona there is an insurance component; if traffic rises above an average back ground level due to a DDoS attack then Akamai will not charge for the increased traffic but absorb it and then block the attack as part of the service.

Akamai provides fundamental services that enable much of the internet as we know it to operate efficiently. Take those services away and there would be big problems. Akamai may like to better known, however, it should be careful about what it wishes for. “To Google” may make sense to the man or woman on the street, but “to Akamaise” would not. Lay people do not need to know about such background services, however important. The danger for Akamai is it will become well known one day because some of its services fail. Perhaps it is best to focus on operating competently and unseen in the background rather than seeking the limelight.

What’s hot on Infosecurity Magazine?