It seems not a week goes by without news of a major corporation or public institution suffering a web security attack. These high profile episodes show how even organizations with ample resources struggle to fully protect their web properties and the data that lies behind them. What makes web security a tough challenge for these organizations—and even more so for smaller organizations with fewer resources at their disposal—is that the web security threat environment is constantly evolving.
How Web Security Threats Are Changing
Web security professionals tasked with safeguarding an organization’s online assets face a shifting threat landscape. Major trends in the web security environment include:
- Dramatic growth in the scale of attacks, as attackers employ large networks of automated “bots” to do their bidding. For example, in March of 2013 a distributed denial of service attack (DDoS) against U.S. financial institutions used over 3000 bots to generate a staggering 190Gbps in peak network traffic.
- A rise in application layer attacks as hackers probe and exploit vulnerabilities in web service security using techniques such as HTTP floods, buffer overflow exploits, or SQL injection. (See our brief SQL injection tutorial for more on this common application layer threat to web security.)
- The advent of multi-dimensional attacks that combine multiple tactics and attack avenues, such as an attention-diverting DoS attack coupled with a SQL injection attack aimed at stealing data.
- New types of highly dedicated attackers—particularly, the emergence of politically-motivated “hacktivists” who seek to advance their cause with high-profile attacks on corporate or government web properties.
How Akamai Can Help Safeguard Your Organization’s Web Security Today and Tomorrow
Akamai’s Kona Site Defender is a cloud-based web security solution integrated into Akamai’s global content and application delivery network. Many of the world’s leading brands use the Akamai web security cloud to safeguard their online assets and their brand reputation.
The Akamai global cloud protects your web content and web applications against fast-changing cyber threats while reducing the demands on your own security infrastructure and personnel:
- With network layer and application layer defenses embedded into the world’s largest web content delivery network spanning more than 160,000 servers in 95 countries, the Akamai web security cloud provides the mass scale required to easily absorb and defuse even the largest attacks.
- Forward-positioned within a single network hop of more than 90% of web users, the always-on Akamai web security cloud detects and mitigates security threats at the edges of the internet, before they ever reach your origin infrastructure.
- As the operator of global network that delivers between 15 and 30% of internet traffic, Akamai is perfectly positioned to detect the newest web security threats as soon as they emerge and bring them to the attention of our clients.
- For online merchants who need to maintain PCI DSS compliance, Akamai offers an SSL network certified to Level 1 Service Provider standards as well as an edge tokenization service that can keep sensitive cardholder data out of your origin infrastructure and dramatically reduce the scope of your PCI compliance checklist.