U.S. Department of State enhances security, stability and scalability to defend against continual attacks
The U.S. Department of State works to “create a more secure, democratic, and prosperous world for the benefit of the American people and the international community.” As part of delivering on this mission, the State Department needs to maintain a secure, high performing, and resilient global web presence 24x7. As of 2014, the agency delivers numerous online applications and operates 475 departmental and embassy websites in 67 languages, which are visited by hundreds of thousands of people each day.
With such a high-visibility site delivering critical information, the State Department needs to take all necessary measures to ensure unfailing site availability and web performance. However, it can be complex and expensive to address web security, scalability, reliability and performance for such a far- reaching online presence. Instead, the State Department decided to look to a third-party solution.
The U.S. Department of State needed to meet three key requirements to support its objectives:
Ensure optimal website performance: The State Department wanted to provide all site visitors with a satisfactory web experience.
Scale on demand: The agency wanted to handle all Internet traffic spikes and growth in traffic over time without fail and without expanding its content delivery infrastructure.
Maintain a solid online presence: The State Department wanted its sites to be always available for any site visitors.
Cloud Solutions Deliver on Sky-high Expectations
To cost effectively and reliably achieve its goals, the U.S. Department of State chose to accelerate, protect, and deliver US Embassy and State Department with web properties and applications via the Akamai Intelligent Platform™. Specifically, the State Department chose Akamai’s cloud-based Dynamic Site Accelerator, Web Application Accelerator (WAA), Web Application Firewall (WAF), Site Shield, Enhanced DNS with DNSSEC, and Distributed Denial of Service (DDoS) Readiness solutions to power and secure its online presence. As a result, the State Department became better protected from malicious activity, while enjoying seamless, on-demand, instant scaling accompanied by top-notch web application performance.
While providing web performance and scalability benefits for end-users, Akamai enabled the State Department to extend and secure its web presence to the edge of the Internet for hundreds of embassy websites and State Department applications. “Trusting the Akamai Intelligent Platform for its mission-critical services has enabled the State Department to focus on its core outreach mission,” explains Peter Jarrell, Consultant to the U.S. Department of State.
On-Demand Scalability: Fending Off Unanticipated Attacks
Akamai’s WAF, Site Shield Security products, and Distributed Denial of Service (DDoS) Readiness solution package has helped the U.S. Department of State prepare for, monitor, manage, and mitigate the impacts of malicious DDoS attacks. After experiencing volumetric POST attacks on embassy websites, WAF was implemented to detect malicious requests in Akamai’s [cloud] environment and block the activity before ever reaching the agency’s data center. By combining the industry expertise of seasoned Akamai consultants with sophisticated Akamai capabilities, the DDoS Readiness service is designed to help identify and alleviate the impacts of DDoS attacks.
During the July 4th 2009 weekend, the Internet witnessed the largest Denial of Service cyber attacks against U.S. Government websites to date. Akamai protected and successfully fended off these attacks for numerous U.S. Government sites, including the Department of State’s, www.state.gov. Categorized as a brute-force DDoS attack, the source originated from compromised Korean computers. Akamai quarantined and mitigated DDoS traffic targeting the Department of State’s site.
The agency leveraged Akamai’s cloud security solution to handle two distinct waves of peak traffic during the July 4th DDoS attacks. Because of Akamai’s technology, the State Department scaled to a peak of 9,145.63 Mbps during the first wave and to 1,921.38 Mbps during the second. In addition, Akamai offloaded 99.4% of the agency’s origin bandwidth and 96.9% of its origin requests. “To handle the same traffic without Akamai, we would have had to provision 58 OC-3 circuits and 190 web servers,” says Jarrell.
Optimizing and Protecting Web Infrastructure
The State Department selected Akamai’s globally distributed CDN platform because it is uniquely positioned to absorb DDoS attacks. The agency recognized and appreciated that the overall security of Akamai’s content delivery network relies on several factors, which work together to provide a secure solution with defense in depth. These components include physical security, host and software security, network and component design, and 24/7 monitoring and response.
In addition, the State Department’s website (www.state.gov) static content is fully hosted and served from Akamai NetStorage which means that Akamai was able to offload 100% of the static content traffic from State Department. As a result, the State Department has been able to focus on offering more dynamic sites.
“By relying on Akamai, the Department of State is freed from a significant amount of hardware provisioning, is able to devise a custom security posture, and offloads numerous operational and maintenance issues. This partnership allows teams supporting our web and application initiatives to be more nimble and agile,” concludes Jarrell
About U.S. Department of State
The United States Department of State is the federal executive department responsible for international relations of the United States. The Department’s Mission Statement: Shape and sustain a peaceful, prosperous, just, and democratic world and foster conditions for stability and progress for the benefit of the American people and people everywhere. (Source: the FY 2013 Agency Financial Report, released December 2013)