Understanding Your Cyber Risk Profile

Authoritative DNS

Domain Name Service (DNS) is a critical component of every organization’s Web infrastructure. DNS translates human-readable domain names into numeric IP addresses, enabling users to connect with Web sites and applications.

DNS is often a target for distributed denial of service (DDoS) attacks, as well as reflection and amplification attacks. Because many organizations use only a couple of DNS servers, DNS security can be easily overwhelmed by a volumetric attack, causing DNS servers to go offline and preventing users from finding the website.

  • 1
  • 2

Does your self-hosted or outsourced authoritative DNS have protection against DDoS attacks of 20Gbps or greater?

Are you using 2 or more independent authoritative DNS platforms such as a combination of self-hosted and a DNS service provider?

7 7 4 2
1
2 2 5
2 6 6 2 2 4 5 5 5 5
3 6 6 6 6
1 1 1 6
2
4 4 31
34 51 4 32 51 35 35 4

Application and Network Layer protection

Application layer attacks use a variety of means to attack Web sites and the servers and databases that support them, with results ranging from data breaches, defacements, and diminished site performance. 3 primary types of application layer attacks are SQL Injection, Cross Site Scripting and Remote File Inclusion.

Distributed Denial of Service (DDoS) attacks saturate network bandwidth or server load to make the service unavailable to its intended users. Common techniques include using bots to send millions of TCP or UDP packets or bombarding resource-intensive pages with HTTP requests.

  • 3
  • 4
  • 5
  • 6
  • 7

What web application protections do you employ? (Check all that applies)

  • Next

For applications that are hosted in cloud platforms (e.g. AWS or Azure), how would you protect against a sophisticated, layer 7 DDoS attack?

Do you employ any protection to defend API endpoints from DDoS attacks or overconsumption of API resources by known third parties?

Which of these solutions do you use against DDoS attacks? (Check all that applies)

  • Next

Does your web hosting infrastructure have protection against DDoS attacks of?

Recursive DNS

Almost every action taken on the Internet begins with a domain name system (DNS) request that translates domain names to IP addresses. While DNS makes the Internet fast and efficient, and significantly more navigable for humans, it is inherently ripe for exploit due to its open and ubiquitous nature. DNS itself has no intelligence and, as a result, will resolve requests for both good and malicious domains.

  • 8
  • 9

Are your authoritative DNS servers and DNS resolvers hosted on the same equipment/infrastructure?

Which of the following do you employ as blacklisting on your DNS resolvers? (Check all that applies)

  • Next
41 6 1 65 41 51 52 53 41 42 64 1
5 51 52
61 42 62
21 5
5
5 22
3 4 41 42 3 31 43 43 44 41 42 45 46 31

Bots

Bots are automated software programs that interact with websites. Leading web security research finds bot traffic can represent up to 60% of overall web traffic, but only 28% of all bot traffic is declared. This includes both good bots engaging in essential business tasks, such as search engine indexers, and bad bots performing harmful activities, such as price and content scraping. One of the most harmful and costly activities these malicious bots engage in is credential stuffing, which can affect any organization with a login page on its website.

Identity and Access Management

Remote access refers to the ability to access a computer, such as a home computer or an office network computer, from a remote location. This allows employees to work offsite, such as at home or in another location, while still having access to a distant computer or network, such as the office network. Remote access can be set up using a local area network (LAN), wide area network (WAN) or even a virtual private network (VPN) so that resources and systems can be accessed remotely.

  • 10
  • 11

Have you built controls to mitigate account takeover, account scraping, or credential stuffing attacks against your web properties?

How are you providing access to behind-the-firewall applications in your data center or cloud environments to remote users like employees, contractors and vendors currently? (Check all that applies)

Submit

Well done,
survey completed!

Hi, thank you for taking the time to complete our survey. Your results show that your organization’s risk exposure is Low.

In the digital age we are living in today, implications from an advanced cyber attack are far-reaching. It may cause devastation that even the largest enterprises could struggle to recover from. Keeping your organization safe needs constant vigilance, and the ability to evolve one step ahead of today’s cyber threats.

Based on your survey results, we have prepared some recommendations that you can take to start securing your organization today.

Recommendations from Akamai

The most common underprotected or overlooked yet critical aspects to consider are:

  • Not having a secondary authoritative DNS provider to ensure 100% availability.
  • Absence of cloud WAF especially for important transactional web applications exposed to public internet.
  • Relying only cloud hosting platform’s inbuilt scalability to defend against application layer DDoS attacks.
  • Difficulties in deploying and managing API endpoint defense.
  • Blocking bots using only manual methods such as IP blacklisting.
  • Providing non-employers access to network via VPN without full network segregation.

For an elaborate guide on how minimize risks your organization is exposed to, the exclusive 26-paged Cyber Risk Guide helps you identify high-risk security gaps, and focus on how to mitigate their effects.

Through this guide, you will be able to:

  • Gain a macroscopic understanding of cyber risks your organization is exposed to
  • Identify the various attack surfaces and entry points to your network
  • Understand the best practices and techniques needed to secure your organization

Get your complimentary e-book now!