Akamai releases new threat hunting tool backed by Guardicore capabilities

Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments.

Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to help identify and eliminate threats.

“An earlier version of Hunt was available through Guardicore to a limited set of customers,” Pavel Gurvich, senior vice president and general manager of Akamai’s Enterprise Security Group said. “Now, as part of Akamai’s integration of Guardicore’s technology and telemetry, we have scaled, expanded, and enhanced the service to meet broader demand from customers with larger environments.”

Hunt combines in-house telemetry with global threat data

Hunt identifies threats and risks by analyzing telemetry data from Akamai customer’s environment and cross-referencing it with high-priority global threat intelligence. It performs big data analytics on the combined data to query suspicious and anomalous activities

“The acquisition also opened up access to a very large data set of attacks, seen through Akamai’s global domain naming system (DNS), web application firewall (WAF) and distributed denial of service attack (DDoS) footprints, that have improved Hunt’s detection abilities,” Gurvich said. “In addition to this new, massive scale, Akamai Hunt is built on an improved engine architecture that runs 100 times faster than before and handles the collection and analysis of events to reduce time to detection.”

Hunt has dedicated security experts to assist customer security operation centers (SOCs) in the remediation of threats, patching of vulnerabilities, and hardening of IT infrastructures.

Hunt also features alerts and monthly reports for just-in-time mitigation and an overview of monthly incidents.

Agentless segmentation to enforce zero trust across IoT/OT

Akamai has also announced the release of “agentless” segmentation on Akamai Guardicore Segmentation to extend zero trust support to its customers with connected IoT and OT devices, which are not capable of running host-based security software.

The agentless capability will be available for Akamai Guardicore Segmentation customers in the second quarter of 2023 and will automate new IoT/OT device onboarding, device fingerprinting, and least privilege segmentation.

This would essentially enable the platform to automatically discover new network-connected devices and execute predefined device onboarding workflows, enforce fine-grained security policies across device line up, and employ least privilege segmentation policies to quarantine suspicious devices through direct integration with network control points.

“The need for segmentation for devices that aren’t capable of running host-based security software is a concern we increasingly hear about from customers and partners,” Gurvich said. “It’s safe to say that almost all of our customers from the healthcare, manufacturing, education and financial industries have IoT/OT/MIoT environments they want protected the same way their other workloads are protected with Zero Trust security policies.”

The enhancement will add an alert for “roaming” devices as they move between different areas of a company’s wired and wireless network infrastructure.

READ MORE HERE