Akamai To Acquire Prolexic For Cloud DDoS Protection


Web application hosting provider Akamai Technologies said it has signed an agreement to acquire Prolexic Technologies in a $370 million deal that would integrate Prolexic's cloud-based distributed denial-of-service protection into the Akamai platform.

The transaction requires regulatory approval and is expected to occur in the first half of 2014, according to Akamai. Prolexic's software provides protection from attacks that flood networks with traffic in an attempt to cripple or crash applications and network services, including email, file transfers and VPN capabilities. It is used to defend against application layer, network layer and data center attacks.

Cambridge, Mass.-based Akamai said it would add Prolexic to its portfolio of services to bolster the availability of websites and Web applications it maintains and monitors on behalf of its clients.

[Related: 5 Reasons DDoS Attacks Are Gaining Strength]

Akamai also plans to broaden the services it provides beyond performance and security of websites and Web applications, said Tom Leighton, CEO of Akamai. Leighton told CRN that while the Prolexic technology has some overlap with Akamai's KONA Site Defender platform, Akamai would be able to extend its capabilities to provide data-center-level DDoS protection.

"Prolexic is very complementary because they focus on protecting the data center, IP space and full range of enterprise applications, not just Web," Leighton said. "We feel that the cloud service capability is a vital part of a DDoS mitigation strategy."

Less than half of Prolexic sales are through the channel, mainly through Internet service providers, Leighton said. Akamai, which counts about 20 percent of its sales through the channel, would use the acquisition to help grow its channel partnerships by increasing sales through large telecommunications providers, he said.

Technologies that can mitigate DDoS threats have become a hot topic following high-profile hacktivist attacks earlier this year carried out against U.S. banks and financial firms. A recent threat report issued by Akamai concluded that it is getting much harder to filter out bad traffic from legitimate transactions. DDoS attacks also can be used as a weapon by financially motivated cybercriminals, who attempt to disrupt systems while conducting fraudulent transactions.

Nation-state attackers also can use DDoS attacks in an attempt to take out critical infrastructure, threateingn the stability of financial markets, said Dan Thormodsgaard, vice president of solutions architecture at FishNet Security, which resells both Akamai services and Prolexic software.

Thormodsgaard said interest has risen significantly for both on-site DDoS mitigation appliances and cloud scrubbing technologies such as those offered by Prolexic. Cloud scrubbing is effective against volumetric attacks generally carried out by large-scale botnets, Thormodsgaard said. Relying on Internet service providers for protection only solves one pipeline, he said. Businesses that depend on the Internet turn to multiple products, including on-site appliances for visibility and to address highly targeted, sophisticated attacks.

"Any company that is doing business on the Internet and needs guaranteed uptime should have a DDoS mitigation strategy," Thormodsgaard said. "Cloud scrubbing solves the path of least resistance in terms of cost, but you would also need an on-premise solution for more serious protection."

Hollywood, Fla.-based Prolexic said it protects about half of the top 50 global banks. Prolexic competes against Arbor Networks, which launched a cloud-based DDoS service last month. A variety of other firms, including GigeNet, Incapsula and Cloudflare, provide cloud-based DDoS protection for websites and Web applications. Prolexic founder Barrett Lyon recently launched Defense.Net, which came out of stealth mode in August and is aimed at providing a new way to defend against DDoS attacks.

PUBLISHED DEC. 2, 2013