Akamai Technologies Ltd

Akamai Prolexic - Distributed Denial of Service (DDoS)

Prolexic Routed offers broad and rapid protection against both network- and application-layer DDoS attacks with the scale to handle the largest attacks seen today. Organisations benefit from Akamai's global 24/7 SOC which includes 200 staff in five locations around the world dedicated to responding to DDoS attacks against Akamai customers.

Features

• DDoS Mitigation against the largest of attacks
• 10Tbps+ of dedicated network attack capacity
• Fast and effective mitigation of attacks backed by industry-leading SLAs
• Direct physical connection (optional) to Akamai scrubbing centers
• 24/7 dedicated SOC's to mitigate attacks
• Agnostic platform
• Data centre and network infrastructure protection
• Robust network connectivity and carrier diversity - 100% platform availability
• Flexible deployment models
• Web based portal for real-time visibility

Benefits

• Mitigate business risk with fast and effective responses to DDoS
• Reduce capital costs by leveraging cloud-based DDoS protection
• Reduce operational costs by leveraging our 24x7 global SOC
• Reduce downtime and business risk associated with DDoS attacks
• Flexible deployment to fit with customer specific requirements
• Time to mitigate and consistency of mitigation SLA's
• Utilise dedicated security professional who mitigate over 200 weekly attacks
• Positive security model
• High capacity - 20 anycast global scrubbing centers

£3,000 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at itrask@akamai.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

627461542239689

Contact

Ian Trask
07976794758
itrask@akamai.com

Service scope

• Service constraints: Customers are required to have their own /24 IP subnet as a minimum to enable BGP advertising for Prolexic Routed; ; Otherwise an alternative solution is available - Prolexic IP Protect that can protect groups or single IP addresses from network layer DDoS attacks.
• System requirements:
  • The ability to advertise a /24 subnet for Prolexic Routed
  • Group or single IP address for Prolexic IP Protect

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide 24/7 support. Response time varies according to the severity of the incident.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: By default, the Akamai Prolexic service includes 24/7 support for severity 1 and 2 cases. We also provide specific time-to-mitigate SLAs in relation to DDOS attack mitigations. There are no support upgrades for this service. A technical account manager will be provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Before starting service, a comprehensive technical assessment is carried out to ensure compatibility with the Prolexic system. Customers will need to connect to the platform using a dedicated Layer 2 link, or via a GRE tunnel. Our integration team will work with customers to facilitate the connection of our networks by one of these methods. As part of the on-boarding process, will provide online training on the service and its control panel. We will establish runbooks to follow in case of a DDOS attack event. We will ensure customers are fully aware of the support contact methods.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: The Akamai Prolexic service does not store any client owned data. As a DDOS scrubbing service, we act as an intermediary for packets that are destined to your router / network. We allow legitimate packets to pass through, while we drop malicious packets that are considered part of a DDOS attack on your infrastructure. We do store meta data for the purpose of logging and analysis, to help us better understand your clean traffic profile and to analyse DDOS events. This data cannot be exported or retained at the end of the contract.
• End-of-contract process: The service will be disabled.

Using the service

• Web browser interface: Yes
• Using the web interface: The web interface is primarily for service monitoring. Once your Prolexic service is live, users can view the state of the connectivity between their routers / infrastructure and that of Akamai. Users can also view traffic and attack mitigation information.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: TBC
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: The Prolexic Analytics API exposes analytics data from Prolexic DDoS protection and monitoring services such as alerts and network bandwidth timeseries data.
• API automation tools: Other
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Akamai Prolexic has significant over-capacity in order to handle the largest DDOS attacks. We operate from 20 scrubbing centres around the world, with a total network capacity of 10+ Tbps.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Network
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • Other
• Other protection between networks: GRE tunnel
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We offer specific Time to Mitigate (TTM) SLAs depending on the nature of the DDOS attacks. The Prolexic platform is designed to be highly available with large amounts of redundancy. Should our platform fail to be available, the customer shall be entitled to receive a service credit.
• Approach to resilience: We operate from 16 different scrubbing centres around the world. In the unlikely event one facility has a technical problem, then we will route traffic via the other facilities.
• Outage reporting: Akamai will send notifications via the Luna Portal (customer control panel), Akamai Community, email and/or any other pre-established channels of communication.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
  • Other
• Other user authentication: Our web interface authenticates using username and password, with optional multi-factor authentication. There is also SAML support and IP restricted login. Our APIs use standard authentication methods. There are various user profile settings that can be put in place to control user access to certain elements of the service.
• Access restrictions in management interfaces and support channels: Customers can configure IP restricted login. Access requires providing valid credentials, including optional multi-factor authentication. Customer can manage users in the web interface, determining their details and authorisation level. This information is then used in support channels, to identify the user, authenticate the user (e.g. by calling back the number provided in the web interface) and authorise the user (check whether they are entitled to request change or access to resources).
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Specialized Security Systems Inc
• PCI DSS accreditation date: 30/06/2021
• What the PCI DSS doesn’t cover: Akamai’s Attestation of Compliance with the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1: https://www.akamai.com/site/en/documents/akamai/pci-dss-3.2-attestation-of-compliance.pdf Customers are instructed that only products running on the Secure Content Delivery Network, and Enterprise Application Access are in-scope for PCI and that no other systems are intended or should be used for the transmission, processing, or storage of cardholder data. Nevertheless, Akamai's products and services running on the Secure Content Delivery Network, and Enterprise Application Access may be configured to be used by customers in their cardholder data environment, and may be included in the scope of customers' PCI assessments.
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • PCI DSS
  • HIPAA
  • FedRAMP
  • ISO 27002
  • SOC 2 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: PCI DSS; HIPAA; FedRAMP; SOC 2 Type II; ISO27002
• Information security policies and processes: Akamai follows its Information Security Program. Redacted version can be shared with our customers if desired. Akamai is also assessed and compliant with various security standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The change management process for software changes is chaired by the Director of Operations and the Release Manager. The process reviews all changes and potential customer impact. Any releases are signed off on by appropriate parties, which always include the SVP of Engineering and SVP of Delivery. ; ; To minimize the risk of the corruption of information systems and the accidental removal of security controls a formal change control procedure must be followed when making changes to any production system.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: The vulnerability management process is set forth to ensure timely deployment of security patches and remediation of vulnerabilities to maintain confidentiality, integrity, and availability of Akamai systems and applications. The lifecycle of the vulnerability management includes tasks such as: investigate new vulnerabilities, remediate vulnerabilities, and close out the records when applicable. If the vulnerability is impacting to Akamai, the Information Security team is responsible for shepherding the vulnerability through all of the stages, ending in the closure stage. Please see this post for more information: ; https://blogs.akamai.com/2016/08/vulnerability-management-at-akamai.html
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: New vulnerabilities are identified and tracked. Vulnerabilities are identified by: Receiving vendor and security researcher vulnerability announcements, Monitoring vendor reporting distribution lists and reporting forums, monitoring public reporting forums (CERT, Bugtraq, SANS, etc) These Subscriptions help identify vulnerabilities that might impact Akamai information systems and networks. Additionally, the Information Security teams analyse Akamai's software and architecture to identify potential vulnerabilities. Once a specific vulnerability is identified, it is assigned to an Information Security and a subject matter expert to remedy. Vulnerabilities that do not impact Akamai are marked as such and closed.
• Incident management type: Supplier-defined controls
• Incident management approach: Akamai operates a documented Technical Crisis and Incident Management Process, this document can be shared with customers. Akamai has designed its technical systems and human operations with many safety controls and sensors to help prevent and detect issues in our environment as they arise. If a customer-identified issue cannot be solved by Akamai Support then an incident is declared. For all severity levels, we have an Incident Manager role identified to evaluate the severity of a situation and coordinate with others working on the problem. A Service Incident Report is produced identifying failures and highlighting changes to prevent reoccurrence.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Fighting climate change:

  Fighting climate change

  Taking environmental action through program transparency, data, and partnership. Emissions from worldwide online video streaming alone in 2018 were equivalent to more than 300 million metric tons of carbon, according to the Shift Project. That’s similar to carbon emissions from powering more than 50 million homes for one year. Akamai has made a commitment to reduce our emissions through platform efficiencies, data centre partnerships, and renewable energy procurement. We recognize that in our role as the leading performance, security, and delivery provider, we share the responsibility for reducing the world’s carbon emissions. Please view our sustainability report. https://www.akamai.com/resources/research-paper/akamai-sustainability-report-2021 Please view our ESG report. https://www.akamai.com/resources/research-paper/akamai-2021-environmental-social-governance-report
• Covid-19 recovery:

  Covid-19 recovery

  Business / Pandemic Planning & Preparedness. Akamai's Actions With continued concerns associated with COVID-19 surges in parts of the world, Akamai wants to assure our customers, suppliers and partners that we have taken several steps to minimize the risk of disruption to our business. Our customers can expect Akamai to provide the same high-quality, reliable services they have come to trust for over twenty years. https://www.akamai.com/global-services/support/covid-19-preparedness-statement Read our FAQ https://www.akamai.com/global-services/support/covid-19-preparedness-faq
• Tackling economic inequality:

  Tackling economic inequality

  At Akamai, we believe in delivering business results the right way. That means operating at all times in ways that reflect our core values of trust and integrity, inclusion and respect, and giving back to the communities in which our employees work and live around the world. As a signatory to the White House Equal Pay Pledge, we regularly monitor our pay practices and make changes as necessary to deliver on our commitment. This includes internal pay equity analyses covering gender globally and race and gender in the US. We review the results and act to remedy any discrepancies as appropriate. To date, no widespread patterns of disparity have been identified.
• Equal opportunity:

  Equal opportunity

  We’re continuing to push for greater inclusion at the hiring stage and beyond. Data collected from our new employees (hired in 2021) shows an increase in female representation of 3.6% globally (29.1% in 2020 vs. 32.7% in 2021). Overall, we have seen an increase in racial and ethnic minority representation among our US employees. Representation of ethnic minorities was 41.4% as of December 31st, 2021 (0.8% increase from 2020). Asian: Overall +0.4% change from 2020 to 2021 Non-technical 10.6% Technical 35.4% Manager 25.1% VP+ 14.2% Black/African American: Overall +0.1% change from 2020 to 2021 Non-technical 4.2% Technical 3.2% Manager 2.4% VP+ 2.7% H Read the report here https://www.akamai.com/careers/inclusion-diversity-and-engagement
• Wellbeing:

  Wellbeing

  2021 Inclusion, Diversity & Engagement Report This report marks our second year of public disclosure around Inclusion, Diversity, and Engagement. While we’ve tracked and reported on this data internally for years, we’re proud to continue our efforts around transparency and accountability in publishing our 2021 findings. https://www.akamai.com/careers/inclusion-diversity-and-engagement The Akamai Foundation is dedicated to encouraging the next generation of technology innovators by supporting STEM education, with a focus on the pursuit of excellence in mathematics in grades K-12. Grants focus on equal access to quality STEM education with grants supporting programs designed to attract more diversity to the technology industry. In addition, the Akamai Foundation provides disaster resilience, relief and humanitarian aid globally; and enables volunteerism by connecting employees to the communities in which Akamai operates. https://www.akamai.com/company/corporate-responsibility/akamai-foundation

Pricing

• Price: £3,000 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at itrask@akamai.com. Tell them what format you need. It will help if you say what assistive technology you use.