DDoS Attacks: The Impact on BrandAkamai's Fran Trentley on Improving Web Application Security
Mobile devices connecting to the enterprise are posing new security challenges, says Fran Trentley, senior director of global security and government services for Akamai.
"You have multiple end-user devices; you have multiple browsers; you have different connectivity," he says. "As we move toward more and more devices and we get closer to our technologies ... the expectation from end-users is that business applications are going to be available to them constantly."
And that means threats will increase, Trentley says during an interview with Information Security Media Group [transcript below].
To adequately respond to that demand, organizations need to figure out how to deliver adaptable, personalized services to those end devices, while also ensuring those devices maintain their performance and integrity, Trentley says.
During this interview, Trentley discusses:
- The impact of mobility on business application performance and security;
- Why the lines are blurring between cyber-attackers and the vectors they use;
- The role collaboration plays in improving cybersecurity.
At Akamai, Trentley oversees Cloud (ITC) Security Services, which provides DDoS mitigation, remote authorization and visualization services for global private and public-sector companies. He is responsible for the development and training of security service personnel involved in the identification, defense and response to network-based attacks against customer assets. His scope also includes support to more than 100 U.S. government customers.
Mobility's Impact on Business, Security
TRACY KITTEN: What are the connections between business and people impacting cybersecurity?
FRAN TRENTLEY: As we move toward more and more mobile devices and we get closer to our technologies, and we move away from desktops to tablets, mobile and to wearable computing, the expectation from end-users is that business applications are going to be available to them constantly. The expectations actually grow as you move toward mobile devices. The impact to businesses is now those same applications that used to be a nice-to-have are critical, and they have to deliver them to that plethora of mobile devices and that massive number of browsers that are available to them.
The landscape for business has been complicated as well. You have multiple end-user devices; you have multiple browsers; you have different connectivity. You may be on cellular right now and move into a building and go onto broadband. Then, the applications are more complex. You're using third-party content providers, and you're bundling all of that before you deliver an experience out to an end-user. ... You care about what that end-user is coming in for and where he's coming in from. And the threat landscape continues to grow. Businesses need to figure out how to continue to deliver a very adaptable, personalized presentation to all of those end devices and to all those individuals while maintaining their performance and their security.
KITTEN: What would you say are the real risks associated with distributed-denial-of-service attacks?
TRENTLEY: The downtime. Downtime and defacement are some of the major impacts that we see, and what that impacts is brand. Now we've seen it a couple of different ways. If you're an e-commerce customer, we see the impact to revenue. For every hour of downtime, you can associate the amount of revenue loss. And it doesn't mean that once that application comes back up again you get those customers back, because if they were trying to get onto your application while they were down, they may migrate to another e-commerce site to pick up that same item that they were going to buy from you.
KITTEN: How do you see the industry responding to emerging cyber-threats, such as DDoS?
TRENTLEY: I'll use DDoS as one of those pieces we look at [when] protecting that web application. ... Those are volumetric as well as low-volume attacks that are targeted at consuming back-end resources. But we also look at protecting the application from Layer 7 attacks, SQL injections, cross-sites, scripting, those kinds of things. We look at protecting your DNS infrastructure, because if an adversary comes in and takes down your DNS infrastructure, nobody can get to your application anyway. Protecting the DNS infrastructure and then protecting the origin infrastructure, so that you don't have direct origin attacks, your adversary has to go through your mitigations and can't shortcut them directly back into your origin infrastructure. Those are the four pillars, when we think about protecting that Web application.
KITTEN: What roles do vendors play in helping their customers develop response plans mitigation strategies?
TRENTLEY: A portion of that is the responsibility of the customer, as the customer builds his team. When he builds his team, his vendors and his integrators need to be part of that team, as well as his organic staff. There's training and bonding that needs to be done with those, and they can pressure - and have historically - that team to make sure that they're supporting that one mission. All of the assets available to those vendors become available to the team.
KITTEN: Are we doing enough to enhance and improve international collaboration and collaboration between the public and the private sector?
TRENTLEY: We're doing more than we have [done in the past]. I think it's critically important because your adversary has the same access to information and intelligence that you do. Without collaboration and that innovation driven through collaboration - and I'm talking collaboration academically as well as technically - then we're not going to make it. We're not going to be able to thrive in this new environment. That's going to be critical to our ability to continue to do business.
Knowing the Enemy
KITTEN: What about the actors behind some of these attacks. How has collaboration helped bring some of these criminal organizations and hacktivists to justice?
TRENTLEY: It would be great if we could bucket those into individuals, hacktivist organizations, organized crime or nation-state, but it's very difficult because those individuals share and they collaborate. Once an attack or a capability is released, it is available to all of those different groups, so it becomes a challenge. Our adversaries collaborate at the speed of the Internet openly and constantly.