March Release: Q&A with Ari Weil

2019-03-25T16:00:00
ID AKAMAIBLOG:3C32BE3373C096B1FA8690BC2FA25472
Type akamaiblog
Reporter Akamai
Modified 2019-04-12T13:09:15

Description

Shortly after Akamai announced the March 2019 Release with new features and capabilities across its security, performance and media product lines, Akamai's VP of Product Marketing, Ari Weil, took over Akamai's Twitter account for a live March Release Q&A.

AskAkamaiAri.png

For those that missed the live event, here's an overview of all the questions submitted, as well as Ari's answers.

Q1: What are some of the most effective integrations between security, performance & media products?

A1: #API protection with our #WAF + API Gateway that include offload & acceleration. #bot mgmt protects revenue, #CX & data with unmatched intelligence

Q2: What @Akamai product update are you most excited about in 2019?

A2: The #security portfolio: #WAF, #API Gateway, #Bot Management, #CIAM and #malware protection - <https://www.akamai.com/us/en/security.jsp>

Q3: How do you foresee the security landscape changing in the next 5 years?

A3: #Identity will become the foundation for #security - access + management - and extend to #IoT so things present as personas vs. simple endpoints

Q4: In layman's terms, what does the March Release mean for Akamai? #AskAkamaiAri

A4: Your business is moving to the #cloud. @akamai has the best platform (tech, tools & people) for hybrid/multi-cloud #security, mgmt & orchestration

Q5: What does the March Release mean for current customers? Are the enhancements automatically applied or are these new offerings?

A5: Both! #http2, TLS 1.3, #rum, #bot detections are auto-on. Customers config #waf #api inspection, bot actions, video optimization. #ciam is new and exciting!

Q6: This new March release supports new devices and browsers to protect against content pirates. Can you elaborate which ones are now supported that weren't in the past and what made that possible for this new release?

A6: We have extended TLS 1.3 and token auth to support all devices/browsers. We eliminated the need for cookies which limited browser support in the past. #AskAkamaiAri

Q7: Which of Akamai's latest accomplishments are you most proud of? (Too many to choose from I know)

A7: I'm most excited about how we actively use the data we collect to help our customers. Data + threat research = a safer Internet

Q8: What is HTTP/2? #AskAkamaiAri

A8: @akamai has a great resource on this at <https://http2.akamai.com/> Check it out!

Q9: How will Akamai's recent acquisition of Janrain help me improve my company's #security capabilities?

A9: #CIAM will help with security, yes, but like all of our portfolio it's the combination of protection+performance that's most compelling.

<https://www.akamai.com/us/en/products/security/identity-cloud.jsp>

Q10: What aspects of the new release have the biggest impact on improving digital user experiences?

A10: #http2 and standard TLS are critical for secure performance at scale - check out this blog for more insight: <https://developer.akamai.com/blog/2019/01/31/http2-discover-performance-impacts-effective-prioritization>

Q11: How will the @Akamai March Release save businesses time?

A11: #cloud agnostic automation: 0-sec #ddos mitigation, #appsec & #api protection, img/video acceleration. APIs to script it or fully managed have our services manage it

Q12: With an existing multi-cloud strategy in place, how can companies transition to @Akamai and employ additional #security measures without disruption?

A12: An #enterprise solution deployed as a single proxy improves time to mitigate. automates protections and offers scripting to snap into existing processes.

A12 (2): This is related to a great article I love to reference on the SAFe approach that speaks to moving from problem solving to focused execution: <https://bizzdesign.com/blog/enterprise-architecture-and-agile-devops>

Q13: Can you talk more about the security challenges related to cloud migration organizations face? How can @Akamai help?

A13: First, #Security controls are necessarily siloed with #cloud providers - @akamai provides a single solution.

A13 (2): Second, you likely don't hire/staff experts in building and operating #ddos, #waf, #bot, #identity tools - so consume them aaS

A13 (3): Third, where does your #threat_intel come from? @akamai sees the most threats with experts to derive insights <https://blogs.akamai.com/sitr/security/>

A13 (4): Fourth, #cloud #security requires awareness & rigor to avoid misconfigurations/plain mistakes. #edge security creates a defensive shield to insulate you.

A13 (5): Fifth, d'you think #devsecops is real? How do you do it across clouds? @akamai offers #apis to snap into existing processes so every app is protected.

Q14: How is the March Release different from past releases?

A14: Hyper-focus on #cloud deployments. #http2, TLS 1.3, support for every browser, automated #security - we want customers focused on their apps and users

Q15: How specifically does Akamai enable and enhance the flexibility of security teams, in ever-changing business landscapes?

A15: With integrated solutions and flexibility in consuming them!

A15 (2): Start with insight - real-time visibility, alerting, and ability to take action across #ddos, #appsec, #bot, and #malware threats

A15 (3): Move to intelligent automation - #ddos is dropped at the edge for a zero second mitigation <https://www.akamai.com/us/en/multimedia/documents/white-paper/proactive-ddos-mitigation-with-prolexic-mitigation-controls-whitepaper.pdf>

A15 (4): More on intelligence - automated attack groups protect against OWASP and more without you chasing CVEs <https://developer.akamai.com/blog/2018/10/10/quickly-protect-your-website-automatically-updated-waf-policies>

A15 (5): Then there are #APIs - a massive and growing threat vector. We make it really simple to onboard them to our API Gateway <https://developer.akamai.com/blog/2018/05/31/how-onboarding-your-api-akamai-api-gateway>

A15 (6): Starting with the March 2019 release, we automatically inspect and protect payloads with our web app protector #waf <https://blogs.akamai.com/2019/03/automated-api-protection-with-wap.html>

A15 (7): Read more about how we help businesses focus on OWASP top 10 concerns here: <https://www.akamai.com/us/en/multimedia/documents/white-paper/how-akamai-augments-your-security-practice-to-mitigate-the-owasp-top-10-risks.pdf>

A15 (7): Read more about how we help businesses focus on OWASP top 10 concerns here: <https://www.akamai.com/us/en/multimedia/documents/white-paper/how-akamai-augments-your-security-practice-to-mitigate-the-owasp-top-10-risks.pdf>

A16: Costs range from opportunity cost and revenue loss, to misaligned resources. We recently published a great #Akamai_SOTI report on this <https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-security-ddos-and-application-attacks-2019.pdf>

A16 (2): Large companies have a lot at stake - reputation, revenues - but small companies can be overwhelmed or fail to scale up due to compromise.

Q17: When it comes to credential stuffing, what are some key changes organizations can make that will help slow or outright stop these threats?

A17: #bot management is just that - management. You can't durably stop bots b/c they morph so fast & frequently.<https://www.akamai.com/us/en/products/security/bot-manager-frequently-asked-questions-faq.jsp>

A17 (2): Key strategies include 1) proactive monitoring, 2) browser & app challenges, 3) progressive/step-up challenges, 4) evolving defenses

A17 (3): There's a helpful @forrester report with more details and why @akamai has a leading solution here <https://content.akamai.com/PG11583-forrester-new-wave-bot-management.html?lang=us-en>

Q18: AIO bots are tricky, as they can be configured and customized to mimic a real human, leading to several evasion techniques. How is Akamai staying ahead of the crooks using AIOs and their evasions?

A18: Great question @SteveD3 - have a look at this document addressing AIO bots and more <https://www.akamai.com/us/en/multimedia/documents/white-paper/akamai-scrapers-and-bot-series-managing-professional-bots-white-paper.pdf>

Q19: If IPv6 is being underreported, what does this mean for the enterprise? How can this oversight be fixed?

A19: Underreporting discourages monitoring & mgmt. Dangerous b/c it leads to blind spots & possibly undetected compromise. Read more <https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-security-retail-attacks-and-api-traffic-report-2019.pdf>

Q20: If API traffic is now the top source type in the Internet, what are some of the risks associated with that change, and what can be done to address them?

A20: Businesses don't really understand #API exposure or protections. Obfuscation is still assumed to work, leading to breaches.

Q21: If API traffic is now the top source type in the Internet, what are some of the risks associated with that change, and what can be done to address them?

A21: Businesses don't really understand #API exposure or protections. Obfuscation is still assumed to work, leading to breaches.

A21 (2): Related: @akamai is often asked why #waf + API Gateway? There's a lack of understanding between rate limits & quote mgmt. <https://developer.akamai.com/blog/2018/05/30/demystifying-api-rate-limiting>

Q22: What's the timeline for launching EdgeWorkers?

A22: Our EdgeWorkers solution is slated to beta in the fall. Learn more about it here <https://www.slideshare.net/Akamaidev/edgeworkers-enabling-autonomous-developer-friendly-programming-at-the-edge>

Q23: What's the difference between edge and cloud?

A23: #edge complements #cloud with scale, capability and proximity. @gartner does a great job at explaining this <https://blogs.gartner.com/rene-buest/2018/10/15/its-a-matter-of-proximity-go-beyond-the-edge-directly-to-the-digital-touchpoint-in-support-of-digital-business-2/>

Q24: Can you protect apps in Google Cloud?

A24: @akamai #security is #cloud agnostic, and protects inbound traffic to any origin. See some examples <https://www.akamai.com/us/en/products/security/akamai-architectures.jsp>

Q25: Why do I need DDoS protection for applications in the cloud? Won't the provider take care of that?

A25: Yes absolutely: 1) providers may blackhole traffic above a threshold, 2) deployed resources can be overwhelmed, 3) cost to absorb attacks

Q26: What are some of the ways in which Akamai is helping protect content?

A26: Standard #TLS & TLS 1.3 support to protect against content piracy is one <https://blogs.akamai.com/2019/03/future-proofing-your-content-security-perimeter-with-enhanced-token-authentication.html>

A26 (2): Proxy detection to prevent unauthorized viewers that can compromise your ability to generate revenue is another <https://blogs.akamai.com/2019/03/prevent-access-to-unauthorized-viewers-with-enhanced-proxy-detection.html>

Q27: How does Enhanced Proxy Detection work?

A27: @akamai classifies IP addresses to makes access control decisions using 3rd-party metadata. We do this in partnership with @geoguard_

Q28: Who is Akamai partnering with for their EPD offering?

A28: @akamai has partnered with @geoguard_ for VPN/Smart DNS Proxy detection for online streaming services. Check out <https://blogs.akamai.com/2019/03/prevent-access-to-unauthorized-viewers-with-enhanced-proxy-detection.html>

Q29: What does "short-form" video optimization mean? How long are the videos?

A29: Short-form are 15-90 second videos. #ecommerce companies recognize these materially improve engagement. Learn more from @digitalcomm360 <https://www.digitalcommerce360.com/2018/02/01/hot-100-retailers-embrace-video-connect-shoppers/>

Q30: What kind of data does DataStream stream? (say that 5 times fast)

A30: #cdn perf & delivery data. Real-time insight into cache efficiency, routing, mgmt. This lets customers make the best tuning decisions possible.

Learn More

Visit the <https://www.akamai.com/us/en/release-notes/mar-2019.jsp> March Release page on Akamai.com to see everything that was announced.