Akamai is a BtoC CDN that has 140,000 servers and thousands of POPs in its ecosystem, delivering 30% of the Internet traffic. The Akamai ecosystem collects an incredible amount of log data, globally, on a scale that most likely surpasses even the Tier 1 Carriers. Why doesn’t Akamai get into the B2B space, similar to Aryaka, and offer a Splunk like SIEM based on the cloud.
SIEM (Security Information & Event Management)
At the most basic level, a SIEM is a database that collects log data from servers, routers, firewalls, switches, applications and devices. The log format from these devices differ, so the SIEM normalizes the data to one common format. Thereafter, it compiles it, correlates it and presents it as intelligence to the user community.
Akamai should create a cloud base SIEM that collects log data from the devices and applications at the customer premises. Then, the data is pushed to the cloud (Akamai POP). In the cloud, the onsite customer log data is blended with the CDN log data. The combined intelligence provides a global view of the customer ecosystem, not an enterprise view, like your standard SIEM.
This global intelligence provided by Akamai will surpass anything that Splunk, ArcSight, Q1 Labs, or RSA Envision has to offer. Akamai will be able to provide intelligence from end-to-end, starting from the 1st mile, to middle mile, to last mile, from browser, back to the origin server, and across customer’s infrastructure. This kind of intelligence is extremely valuable. I say the starting price for this service is $3M, and goes way up from there. Thus, if a hacker steals data from a Target POS, Akamai will be able track those packets back to the hackers hide out.
I even got a name for the new Akamai Cloud SIEM, how about “Akamai C-DuNk”, if you haven’t noticed the words CDN in the name:) The tagline can be something like this:
“Akamai C-DuNk, The First and Only Global Cloud Security Intelligence Platform, that collects, correlates, and presents security intelligence on a global basis, from end-to-end, from first-mile to middle-mile, to last-mile, starting from browser to the customers infrastructure.”
Logs, robust dashboards, large databases, powerful servers, scalable reporting systems, web services, security, and everything else that comprises a SIEM is in Akamai’s DNA.
For starters, there is free open source software for the prototype. Here is the list.
- Don’t use Snort for IDS/IPS, since Cisco acquired Sourcefire. Use Suricata instead
- Snorby, the admin control panel for Suricata
- OSSIM Open Source SIEM
- TCPDump and some other Linux utilities
Akamai, act on this intelligence or another CDN might. Good luck.