Tag Archives: Akamai

Protecting DNS Infrastructure from Resource Exhaustion Attacks

Posted on by
Reply

The Domain Name System (DNS) functions as the phonebook of the internet. It serves to translate IP addresses into readable domain names, enabling end users to access web applications and application programming interfaces (APIs) through fast and reliable internet connections. DNS infrastructure was designed as the building block of the internet, not as a security control point, resulting in DNS servers being viewed as an easy target vulnerable to attack. Protecting DNS servers is critical since a threat to an organization’s servers also has the capacity to impact enterprise operations, profitability and trust with end users.

Threats to DNS Infrastructure

In the evolving landscape of DNS infrastructure, threats pose serious risks to the speed, availability and operation to enterprises’ DNS services. Among these threats are DNS floods, which overwhelm servers with a barrage of requests for resources, effectively rendering them unavailable to legitimate queries. The 2023 Akamai Attack Superhighway State of the Internet report underscores the increasing concern surrounding DNS denial of service attacks across various industry sectors, a trend that is expected to continue to escalate in the future. With DNS infrastructure handling up to seven trillion DNS requests a day, multistage attacks have become the primary mode of attack for the modern threat actor. Through collaborative efforts, attackers have found increasing success by working together and combining different tools during a single attack.

Resource Exhaustion Attacks

Akamai Shield DNS 53 Blog Embedded Image 2024

Resource exhaustion presents in both people and technology. Exhaustion in people is often the result of staffing challenges, lean crews managing multiple aspects of the network while simultaneously defending against attacks. If one aspect of the network falls under attack, it takes away from their ability to manage and oversee other areas. On the technological side, resource exhaustion attacks seek to overload one piece of the network—a DNS server, a hardware tool, a next-generation firewall—to the point where it can no longer function because it was not designed to handle a heavy amount of traffic. This style of attack can last anywhere from a few minutes to a continuous attack that lasts for days.

Distributed Denial of Service (DDoS), a type of resource exhaustion attack, simulates thousands of computers attempting to access the same resource simultaneously until it can no longer function. The website under attack becomes unavailable due to the sudden onslaught of false traffic that it is unable to manage. DNS is a common target for these DDoS style attacks because the critical services of websites and applications are reliant on the process of domain names translating to IP addresses being uninterrupted. Mitigating this form of malicious traffic presents a challenge, as these servers typically only have access to the IP address of the resolver. Consequently, any attempt to limit traffic based on this address usually results in false positives.

Securing DNS Infrastructure

By implementing a reverse proxy solution that protects on-prem and hybrid DNS infrastructure, organizations can defend existing DNS hardware tools from globally distributed attacks like resource exhaustion and DDoS. Organizations can ensure access to online services and applications remain available by re-routing traffic through an advanced DNS proxy server and filtering out malicious traffic during attacks in real time. An intelligent reverse proxy solution that deploys through an authoritative DNS change made in a domain controller and does not require replacing any existing tools helps organizations identify legitimate traffic from attack traffic. A solution with proactive security policies eliminates time spent on configuring individual settings or having to change them over time. Organizations that use hardware DNS receive the advantage of continued availability and enhanced security of existing investments and solutions that are critical to their network without having to make any major network adjustments. Through real-time monitoring of DNS infrastructure health and performance, organizations can increase the reliability of routing, security and availability of their existing DNS hardware solutions.

With the increase in remote work in the wake of the COVID-19 pandemic, it has become harder to detect and prevent resource exhaustion attacks. DNS resolution for website and application performance is critical, organizations must invest in adequate DNS infrastructure rather than relying on two or three servers to connect with end users. Adoption of a proactive approach that can identify and mitigate vulnerabilities at each stage of the data journey is pivotal to ensuring that DNS infrastructure is secure amid the evolving threat landscape.

Learn more about how to protect your enterprise from resource exhaustion attacks with Akamai Shield NS53, a bidirectional reverse proxy service.

Digitally Transforming the Customer Experience

Posted on by
Reply

The federal government first sharpened its focus on efforts to digitally transform customer experience (CX) beginning in 2018, when enhancing CX became a cross-agency priority goal and the 21st Century Integrated Digital Experience Act (IDEA) was signed into law. That’s also the year that 100% of public-sector respondents to an IDC survey said digitally transforming their organizations was a top priority. Then COVID-19 struck and reinforced the vital role that digital services play in ensuring the health and well-being of our country and the continuity of business and daily life. People turned in droves to websites, contact centers and other digital resources, often overwhelming agencies that were technologically unprepared for such an influx. Agencies need to enhance their understanding of customers so they can make better decisions about delivering services and providing important information. Agencies must also be able to build digital services quickly without compromising quality or security. And because engaged employees are essential to the delivery of government services, agencies must make sure employees have the technology and support they need to do their jobs. Read the latest insights from industry thought leaders in emerging technology in Carahsoft’s Innovation in Government® report.

 

Customer Experience is a Team Sport

“Many requests for government services start with a form, which can be a frustrating touchpoint. That’s why improving forms is an essential component of the 21st Century Integrated Digital Experience Act. Americans can save time and avoid frustration when they easily enter data into a mobile-friendly digital form on any device, sign it electronically and submit it securely. Digital forms also save time and effort for government employees, and they limit the opportunity for data entry errors, which further strain government resources and lead to an unsatisfactory experience for employees and citizens. Improving CX is becoming a top priority for many government agencies. Rallying the organization behind the goals and enabling employees at each touchpoint in the customer’s journey can lead to positive outcomes that everyone can be proud of. Helping everyone understand who their customers are, the major tasks they want to complete and the pain points in each customer journey is critical to any CX strategy. It can be helpful to have an agency senior leader, such as a chief customer officer, oversee all of the CX initiatives and bring the customer perspective to all conversations to drive the strategy agency-wide.”

Read more insights from Adobe’s Technical Director of Government Solutions, Jonathan Benett.

 

Optimizing the User Experience at the Edge

“Modernization efforts lead to improved security. Legacy systems are becoming increasingly harder to secure, particularly if they’re on physical infrastructure. The 21st Century IDEA advocates using a flexible cloud infrastructure to make it easier to improve the user experience on any device while enhancing security. As agencies seek to offer better digital services, many of them turn to responsive design engines to send websites to mobile devices. However, the time it takes for those engines to analyze and assemble a unique response to specific devices slows down the user experience, leaving citizens frustrated and unable to complete necessary tasks. What if the distance between the user and the data could be lessened? Enter the Akamai Edge. Akamai executes business logic and security policies at the edge to improve performance without compromising security. We can also put capacity rules in place at the edge to distribute the load and keep a distributed denial-of-service attack or sudden rise in traffic from affecting a website’s performance.”

Read more insights from Akamai’s Senior Solutions Engineer, Micah Maryn.

 

Amplifying the Power of the Customer’s Voice

“When government agencies went remote, offices stayed open virtually and services (mostly) remained available. And while those areas where government needs more digitalization (such as unemployment systems) were made even more apparent, the trains kept moving. So what is next? Government can respond by doing something it has done more of in recent years — listen. As the power of the customer’s voice reaches government, agencies that are savvy listeners and can integrate customer feedback into their service improvement plans will set the leadership tone for a responsive and digital government. Lawmakers are embracing the need for digital government. The central components of the 21st Century Integrated Digital Experience Act — modernizing websites, digitizing services and forms, accelerating the use of e-signatures, improving the customer experience, and transitioning to shared services — apply to all levels of government. Agencies understand the value of those changes, and the experience of the pandemic has given them even more incentive to make those changes.”

Read more insights from Granicus’s Vice President for Business Development, Patrick Moore.

 

How to Build a More User-Focused Website

“After the 21st Century IDEA was signed into law, the General Services Administration’s Technology Transformation Services published the U.S. Web Design System. This offers guidance and technology that agencies can use to create websites that are IDEA-compliant. Liferay applied the principles of the U.S. Web Design System to our platform to further streamline agencies’ ability to create websites that achieve the goals of the act. Liferay is particularly focused on facilitating action-oriented, self-service interactions. Our analytics component allows agencies to create audience segments so they can personalize the experience of website visitors based on why they use the site and what’s important to them. We also offer a more robust cloud-based analytics offering and the ability to test different versions of content to find the best way to reach the target audience. With Liferay, agencies can meet IDEA’s searchability requirement with a best-in-class capability right out of the box.”

Read more insights from Liferay’s Director of Federal, Kale Fluharty.

 

Government Unifies the Citizen Experience, Goes Digital

“Agencies should start thinking about creating a unified engagement layer that can house everything they know about a customer and that customer’s journey over time to ensure a positive, productive experience. That engagement layer also makes it possible for agencies to modernize back-office activities and seamlessly improve the customer experience. Thanks to the 21st Century Integrated Digital Experience Act, government agencies have been modernizing websites and digitizing forms. But those websites and forms are still disconnected from the data and still fail to address the customer life cycle. Furthermore, agencies must also embrace the other elements of the act, including adopting e-signatures, improving the customer experience and moving to shared services. Citizens, businesses and other government partners need a single front door — a place where they can engage regardless of where they are in their particular interaction. That front door service should include everything they have done and everything they could do regardless of which agency, office, department or person is handling the interaction on the government side.”

Read more insights from Salesforce’s Senior Director of Digital Transformation, Global Public Sector, Thomas Saracene.

 

The Next Evolution in Contact Centers

­­­“Digitally transforming the contact center would enable agencies to leverage technology for speed and efficiency. Imagine a scenario in which a person can call the local unemployment office and talk to a “virtual agent” (or voice bot) to receive an update on their unemployment benefits, identify gaps in submissions or self-report required activity. Not only does this create a better citizen experience, it also deflects the call from a live agent, reducing strain on the contact center and allowing agents to focus on more complicated citizen requests. At Talkdesk, our goal is to automate 80% of customer interactions in the next three years. This means 80% of interactions will either be fully automated or conducted via an automated process that improves agent efficiency. The ability to scale up to handle a sudden workload influx while enabling work location flexibility will continue to be a concern. Moving systems and processes into the cloud is a foundational step on the road to digital transformation, and new deployment methods enable agencies to keep existing call-routing structures while adding cloud capabilities.”

Read more insights from Talkdesk’s Vice President of Regulated Industries, James Ward.

 

Download the full Innovation in Government® report for more insights from these government customer experience thought leaders and additional industry research from FCW.

The Rise of Edge Computing

Posted on by
Reply

The proliferation of internet-of-things (IoT) sensors and an increasingly mobile workforce were dispersing government IT operations farther from the data center long before the coronavirus struck. But the pandemic has spotlighted agency employees’ increasing need for robust, secure capabilities in the field — or at home, in the case of remote work — and decision-makers need fast access to data analytics in a wide variety of situations. All those factors are driving interest in computing at the network edge, or processing data at the site of generation rather than storage. Edge computing has profound implications for a wide range of government missions across local, state, and Federal government, and with the emergence of 5G networks, it is becoming easier to incorporate. And if implemented thoughtfully, the benefits can be immense – reduced network stress, increased cybersecurity and savings in cost, time and storage. Read the latest insights from industry thought leaders in edge computing in Carahsoft’s Innovation in Government® report.

 

Streamlining the Adoption of Edge Computing

“Open source is a necessary component of edge computing for two main reasons. First, open source is much more secure than its proprietary counterparts due to the increased transparency. For edge deployments with hundreds or even thousands of sites, initially securing and maintaining them are solved through Red Hat open source. Second, open source supports a level of innovation most proprietary systems simply can’t match. When thousands of people work on a technology, that gives it a substantial advantage in terms of new ideas and accelerated innovation.”

Read more insights from Red Hat’s Practice Lead of OpenShift Virtualization, Storage and Hyperconverged Infrastructure in the North American Public Sector, Garrett Clark.

 

A Unified Approach to Edge Computing

“To avoid piecemeal implementation, edge computing must be part of an agency’s overall IT infrastructure. When done well, it will empower agencies to make more efficient and faster decisions because they’ll be able to harness more data from across the entire landscape. It will also give end users better and faster access to data in the field so they can take advantage of those insights in real time. Edge devices will not replace existing IT but instead will expand on what’s already in place. By incorporating edge computing into enterprise modernization, agencies can also start applying machine learning and other emerging technologies to harness the power of data. However, with edge devices and data now outside agencies’ firewalls, security must be embedded into edge computing. Important tools include automated security and centralized management, perhaps via the cloud.”

Read more insights from Nutanix’s Senior Director of Public Sector Systems Engineers, Dan Fallon.

 

FCW NovDec Blog 2020 Embedded ImageHow to Unleash the Power of Edge Computing

“Edge computing holds a great deal of promise as a stand-alone capability, but when paired with technologies such as advanced connectivity and enterprise data platforms, edge computing can fuel new customer and employee experiences at scale. When agencies combine edge computing with advanced connectivity, for example, they can empower rich, personalized experiences for customers as well as employees. Imagine moving from a 2D world of video consumption to a 3D world with immersive experiences personalized at scale for the individual. Edge computing coupled with advanced connectivity and SAP’s data platform can serve as the foundation to bring these new experiences to life. To help fuel this innovation, advanced connectivity such as 5G and Wi-Fi 6 play an integral role.”

Read more insights from SAP’s Vice President, Global Center of Excellence, Frank Wilde.

 

Accelerating Mission Success at the Edge

“Sometimes an agency will want to be in a cloud environment, sometimes it will choose an edge computing environment, and often, it will need both. In that situation, some quick analytics can happen at the edge, but then the data can move to the cloud for a deeper evaluation that will draw out more predictive insights and analytics. There are three key considerations agencies should keep in mind when moving to edge computing. First, they should think about it as part of a larger continuum alongside their core technologies, including cloud. Second, agencies should design for consistency in management and orchestration. Regardless of where a workload is running, a consistent approach helps agencies manage IT resources and costs and allows the organizations to scale and expand. The third consideration is more far reaching, but I encourage agency leaders to think about the opportunities that edge computing opens up.”

Read more insights from Dell’s Global Marketing Director of Edge and IoT Solutions, Kirsten Billhardt.

 

Beyond the Data Center and the Cloud

“We expect the number of connected devices to reach nearly 45 billion by 2025, gathering close to 80 zettabytes. Unfortunately, sending that growing amount of data to the cloud for processing is not always the best option due to bandwidth limitations and cost concerns. Many government systems are also not connected to the cloud and need to process data locally. Edge technology evolved to meet those challenges by bringing the advantages of cloud closer to the edge. Business applications enabled by edge computing include autonomous delivery, machine control, environmental monitoring, fleet vehicle diagnostics, vision-based analytics and defect detection. Edge computing is particularly beneficial in two situations: when a great deal of data needs to be migrated to the cloud for storage but there is little or no bandwidth and when data needs to be collected and acted on quickly at the edge (e.g., autonomous vehicles and drones).”

Read more insights from AWS’s Principal Technical Business Development Leader for IoT in the Worldwide Public Sector, Lorraine Bassett.

 

Edge: The Next Paradigm Shift in IT  

“Agencies can protect their data and applications across any cloud strategy (including on-premises, private, hybrid, multi-cloud or edge computing) with a cloud-agnostic, edge-based Web Application and API Protection (WAAP) solution. A globally distributed WAAP will protect websites, applications and APIs from downtime and data theft due to web attacks and distributed denial-of service (DDoS) attacks. All network-layer DDoS attacks, including those by large IoT botnets, are instantly dropped at the edge because a WAAP functions as a reverse proxy and only accepts traffic via ports 80 and 443. Any application-layer DDoS or web attack will be automatically inspected and stopped at the edge without disrupting access for legitimate users. Additionally, modern application architectures are shifting toward greater use of microservices and away from monolithic pieces of software. Small, independent microservices are assembled into more complex applications so they can leverage fully functional and distributed processes from third-party APIs.”

Read more insights from Akamai’s Senior Vice President of Web Performance, Lelah Manz.

 

Download the full Innovation in Government® report for more insights from these government edge computing thought leaders and additional industry research from FCW.