Home » Security Bloggers Network » March Release: Q&A with Ari Weil

March Release: Q&A with Ari Weil

by Akamai on March 25, 2019

Shortly after Akamai announced the March 2019 Release with new features and capabilities across its security, performance and media product lines, Akamai’s VP of Product Marketing, Ari Weil, took over Akamai’s Twitter account for a live March Release Q&A.

For those that missed the live event, here’s an overview of all the questions submitted, as well as Ari’s answers.

Q1: What are some of the most effective integrations between security, performance & media products?

A1: #API protection with our #WAF + API Gateway that include offload & acceleration. #bot mgmt protects revenue, #CX & data with unmatched intelligence

Sponsorships Available

Q2: What @Akamai product update are you most excited about in 2019?

A2: The #security portfolio: #WAF, #API Gateway, #Bot Management, #CIAM and #malware protection – https://www.akamai.com/us/en/security.jsp

Q3: How do you foresee the security landscape changing in the next 5 years?

A3: #Identity will become the foundation for #security – access + management – and extend to #IoT so things present as personas vs. simple endpoints

Q4: In layman’s terms, what does the March Release mean for Akamai? #AskAkamaiAri

A4: Your business is moving to the #cloud. @akamai has the best platform (tech, tools & people) for hybrid/multi-cloud #security, mgmt & orchestration

Q5: What does the March Release mean for current customers? Are the enhancements automatically applied or are these new offerings?

A5: Both! #http2, TLS 1.3, #rum, #bot detections are auto-on. Customers config #waf #api inspection, bot actions, video optimization. #ciam is new and exciting!

Q6: This new March release supports new devices and browsers to protect against content pirates. Can you elaborate which ones are now supported that weren’t in the past and what made that possible for this new release?

A6: We have extended TLS 1.3 and token auth to support all devices/browsers. We eliminated the need for cookies which limited browser support in the past. #AskAkamaiAri

Q7: Which of Akamai’s latest accomplishments are you most proud of? (Too many to choose from I know)

A7: I’m most excited about how we actively use the data we collect to help our customers. Data + threat research = a safer Internet

Q8: What is HTTP/2? #AskAkamaiAri

A8: @akamai has a great resource on this at https://http2.akamai.com/ Check it out!

Q9: How will Akamai’s recent acquisition of Janrain help me improve my company’s #security capabilities?

A9: #CIAM will help with security, yes, but like all of our portfolio it’s the combination of protection+performance that’s most compelling.

https://www.akamai.com/us/en/products/security/identity-cloud.jsp

Q10: What aspects of the new release have the biggest impact on improving digital user experiences?

A10: #http2 and standard TLS are critical for secure performance at scale – check out this blog for more insight: https://developer.akamai.com/blog/2019/01/31/http2-discover-performance-impacts-effective-prioritization

Q11: How will the @Akamai March Release save businesses time?

A11: #cloud agnostic automation: 0-sec #ddos mitigation, #appsec & #api protection, img/video acceleration. APIs to script it or fully managed have our services manage it

Q12: With an existing multi-cloud strategy in place, how can companies transition to @Akamai and employ additional #security measures without disruption?

A12: An #enterprise solution deployed as a single proxy improves time to mitigate. automates protections and offers scripting to snap into existing processes.

A12 (2): This is related to a great article I love to reference on the SAFe approach that speaks to moving from problem solving to focused execution: https://bizzdesign.com/blog/enterprise-architecture-and-agile-devops

Q13: Can you talk more about the security challenges related to cloud migration organizations face? How can @Akamai help?

A13: First, #Security controls are necessarily siloed with #cloud providers – @akamai provides a single solution.

A13 (2): Second, you likely don’t hire/staff experts in building and operating #ddos, #waf, #bot, #identity tools – so consume them aaS

A13 (3): Third, where does your #threat_intel come from? @akamai sees the most threats with experts to derive insights https://blogs.akamai.com/sitr/security/

A13 (4): Fourth, #cloud #security requires awareness & rigor to avoid misconfigurations/plain mistakes. #edge security creates a defensive shield to insulate you.

A13 (5): Fifth, d’you think #devsecops is real? How do you do it across clouds? @akamai offers #apis to snap into existing processes so every app is protected.

Q14: How is the March Release different from past releases?

A14: Hyper-focus on #cloud deployments. #http2, TLS 1.3, support for every browser, automated #security – we want customers focused on their apps and users

Q15: How specifically does Akamai enable and enhance the flexibility of security teams, in ever-changing business landscapes?

A15: With integrated solutions and flexibility in consuming them!

A15 (2): Start with insight – real-time visibility, alerting, and ability to take action across #ddos, #appsec, #bot, and #malware threats

A15 (3): Move to intelligent automation – #ddos is dropped at the edge for a zero second mitigation https://www.akamai.com/us/en/multimedia/documents/white-paper/proactive-ddos-mitigation-with-prolexic-mitigation-controls-whitepaper.pdf

A15 (4): More on intelligence – automated attack groups protect against OWASP and more without you chasing CVEs https://developer.akamai.com/blog/2018/10/10/quickly-protect-your-website-automatically-updated-waf-policies

A15 (5): Then there are #APIs – a massive and growing threat vector. We make it really simple to onboard them to our API Gateway https://developer.akamai.com/blog/2018/05/31/how-onboarding-your-api-akamai-api-gateway

A15 (6): Starting with the March 2019 release, we automatically inspect and protect payloads with our web app protector #waf https://blogs.akamai.com/2019/03/automated-api-protection-with-wap.html

A15 (7): Read more about how we help businesses focus on OWASP top 10 concerns here: https://www.akamai.com/us/en/multimedia/documents/white-paper/how-akamai-augments-your-security-practice-to-mitigate-the-owasp-top-10-risks.pdf

A16: Costs range from opportunity cost and revenue loss, to misaligned resources. We recently published a great #Akamai_SOTI report on this https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-security-ddos-and-application-attacks-2019.pdf

A16 (2): Large companies have a lot at stake – reputation, revenues – but small companies can be overwhelmed or fail to scale up due to compromise.

Q17: When it comes to credential stuffing, what are some key changes organizations can make that will help slow or outright stop these threats?

A17: #bot management is just that – management. You can’t durably stop bots b/c they morph so fast & frequently.https://www.akamai.com/us/en/products/security/bot-manager-frequently-asked-questions-faq.jsp

A17 (2): Key strategies include 1) proactive monitoring, 2) browser & app challenges, 3) progressive/step-up challenges, 4) evolving defenses

A17 (3): There’s a helpful @forrester report with more details and why @akamai has a leading solution here https://content.akamai.com/PG11583-forrester-new-wave-bot-management.html?lang=us-en

Q18: AIO bots are tricky, as they can be configured and customized to mimic a real human, leading to several evasion techniques. How is Akamai staying ahead of the crooks using AIOs and their evasions?

A18: Great question @SteveD3 – have a look at this document addressing AIO bots and more https://www.akamai.com/us/en/multimedia/documents/white-paper/akamai-scrapers-and-bot-series-managing-professional-bots-white-paper.pdf

Q19: If IPv6 is being underreported, what does this mean for the enterprise? How can this oversight be fixed?

A19: Underreporting discourages monitoring & mgmt. Dangerous b/c it leads to blind spots & possibly undetected compromise. Read more https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-security-retail-attacks-and-api-traffic-report-2019.pdf

Q20: If API traffic is now the top source type in the Internet, what are some of the risks associated with that change, and what can be done to address them?

A20: Businesses don’t really understand #API exposure or protections. Obfuscation is still assumed to work, leading to breaches.

Q21: If API traffic is now the top source type in the Internet, what are some of the risks associated with that change, and what can be done to address them?

A21: Businesses don’t really understand #API exposure or protections. Obfuscation is still assumed to work, leading to breaches.

A21 (2): Related: @akamai is often asked why #waf + API Gateway? There’s a lack of understanding between rate limits & quote mgmt. https://developer.akamai.com/blog/2018/05/30/demystifying-api-rate-limiting

Q22: What’s the timeline for launching EdgeWorkers?

A22: Our EdgeWorkers solution is slated to beta in the fall. Learn more about it here https://www.slideshare.net/Akamaidev/edgeworkers-enabling-autonomous-developer-friendly-programming-at-the-edge

Q23: What’s the difference between edge and cloud?

A23: #edge complements #cloud with scale, capability and proximity. @gartner does a great job at explaining this https://blogs.gartner.com/rene-buest/2018/10/15/its-a-matter-of-proximity-go-beyond-the-edge-directly-to-the-digital-touchpoint-in-support-of-digital-business-2/

Q24: Can you protect apps in Google Cloud?

A24: @akamai #security is #cloud agnostic, and protects inbound traffic to any origin. See some examples https://www.akamai.com/us/en/products/security/akamai-architectures.jsp

Q25: Why do I need DDoS protection for applications in the cloud? Won’t the provider take care of that?

A25: Yes absolutely: 1) providers may blackhole traffic above a threshold, 2) deployed resources can be overwhelmed, 3) cost to absorb attacks

Q26: What are some of the ways in which Akamai is helping protect content?

A26: Standard #TLS & TLS 1.3 support to protect against content piracy is one https://blogs.akamai.com/2019/03/future-proofing-your-content-security-perimeter-with-enhanced-token-authentication.html

A26 (2): Proxy detection to prevent unauthorized viewers that can compromise your ability to generate revenue is another https://blogs.akamai.com/2019/03/prevent-access-to-unauthorized-viewers-with-enhanced-proxy-detection.html

Q27: How does Enhanced Proxy Detection work?

A27: @akamai classifies IP addresses to makes access control decisions using 3rd-party metadata. We do this in partnership with @geoguard_

Q28: Who is Akamai partnering with for their EPD offering?

A28: @akamai has partnered with @geoguard_ for VPN/Smart DNS Proxy detection for online streaming services. Check out https://blogs.akamai.com/2019/03/prevent-access-to-unauthorized-viewers-with-enhanced-proxy-detection.html

Q29: What does “short-form” video optimization mean? How long are the videos?

A29: Short-form are 15-90 second videos. #ecommerce companies recognize these materially improve engagement. Learn more from @digitalcomm360 https://www.digitalcommerce360.com/2018/02/01/hot-100-retailers-embrace-video-connect-shoppers/

Q30: What kind of data does DataStream stream? (say that 5 times fast)

A30: #cdn perf & delivery data. Real-time insight into cache efficiency, routing, mgmt. This lets customers make the best tuning decisions possible.

Learn More

Visit the https://www.akamai.com/us/en/release-notes/mar-2019.jsp March Release page on Akamai.com to see everything that was announced.