A Response to

Request For Information Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and

Restoration Services September 3, 2015

Prepared By:

Micah Maryn, CISSP Senior Solutions Engineer 703-581-6423

mimaryn@akamai.com

A k a m a i T e c h n o l o g i e s , I n c . 1 1 1 1 1 S u n s e t H i l l s R o a d

S u i t e 2 5 0 R e s t o n , V A 2 0 1 9 0

September 3, 2015 AKAMAI CONFIDENTIAL Page 2 of 15

Contents

Introduction .............................................................................................................................. 2

KEY SERVICES ........................................................................................... 3

Background .............................................................................................................................. 3

COMPANY FACTS AND FIGURES: ............................................................... 4

ACCREDITATIONS AND COMPLIANCES ...................................................... 5

AKAMAI CLOUD SECURITY SOLUTIONS ...................................................... 6 Web Site & Application Security- Kona ..................................................... 6 Network & Infrastructure Security- Prolexic ............................................... 7 DNS Protection- FastDNS ........................................................................ 9

Contact Information ............................................................................................................... 11

Akamai Response to RFI Section IV ..................................................................................... 12

INTRODUCTION

Akamai® is the leading distributed security platform for helping enterprises across the globe to provide secure, high-performing user experiences on any device, anywhere. Akamai's security solutions are based on a Multi-Perimeter Cloud design that provides multiple defenses to protect from DNS attacks, Web Application attacks and Network Infrastructure attacks. Our Intelligent Platform™ provides extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai also removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely deliver sites and application over the Web.

In addition, Akamai has assembled a team of security experts who are proactively engaged in increasing the security posture of our customers and our platform. These individuals not only are working to mitigate threats now, but aggregating data from our platform to discover emerging threats and develop successful mitigations.

Akamai has been protecting websites since its inception:

On September 11, 2001- Flash mobs and loss of major Internet connections inside the World Trade Center crippled the availability of many news and information sites. Akamai was able to scale up to absorb the increased demand and route around the damaged Internet infrastructure so that the sites delivered by Akamai continued to be operational.

In July 2009- Akamai defended numerous US Government, commerce, and financial services sites from a multi-day 124-Gbps DDoS coming from South Korea with no operational impact.

In December 2014- Akamai successfully defended 320 Gbps and 71 mpps (millions of packets per second), multiple vector (network, application, and DNS) attack which targeted a single customer.

Akamai currently provides cloud security services to some of the best-known companies in the world, and US Government agencies, mitigating 10-15 attacks a day. In addition to supporting our direct customers, Akamai is actively engaged in cyber security working groups, including,

Forum of Incident Response and Security Teams

The Open Source Web Application Security Project (OWASP)

The FBI-led “Botnet Threat Focus Cell”

Industry Botnet Group (IBG)

September 3, 2015 AKAMAI CONFIDENTIAL Page 3 of 15

KEY SERVICES

Akamai offers three core cloud security services along with several professional security services.

1. Web Site and Application Security- leveraging our globally distributed reverse proxy platform. 2. Network Layer Security- leveraging our globally distributed Prolexic scrubbing platform. 3. DNS Layer Security- leveraging our globally distributed DNS platform 4. Professional Security Services- including:

Security assessments

Threat advisory services

Managed security services

In the following section, Akamai will provide additional details on each of our core services. Additionally, we have included a brief whitepaper with our response, Akamai Cloud Security Solutions: Comparing

Approaches for Web, DNS and Infrastructure Security. We highly recommend reviewing this piece as it does a very good job of discussing our approach, comparing the alternatives and highlighting the benefits of our solution options.

BACKGROUND

Akamai understands the importance of protecting the availability of your websites, applications, and data centers as well as the confidentiality and integrity of your content and data. Akamai also understands that attacks are increasing in size and complexity. As attacks become larger and more frequent, and threats become more complex, it can become increasingly difficult for state and local agencies to manage security threats and ensure the availability, integrity, and most importantly, the confidentially of their data. Akamai has extensive experience providing DDoS mitigation and web security for eCommerce, financial services, and government customers.

Akamai provides market-leading, cloud security services which protect the origin infrastructure from, network layer, application layer, DNS Layer, and other malicious activity. Combining highly-distributed, robust architecture, The Akamai Intelligent Platform extends the security perimeter to the edge of the Internet, often within in one network hop of the client user; where the attacks begin.

The Akamai Intelligent Platform architecture includes a 100% availability SLA and extends your security perimeter into the cloud, mitigating threats before they reach your infrastructure. Furthermore, The Akamai Intelligent Platform aggregates massive amount of data regarding Internet conditions, Darknet traffic, and malicious activity. This data, along with information gathered from mitigating 10-15 attacks per day enables Akamai to identify correlations, new attack signatures, and emerging threats. Akamai is then able to use this threat intelligence to further improve our products, features, and rules sets, as well as providing threat intelligence data to our customers.

September 3, 2015 AKAMAI CONFIDENTIAL Page 4 of 15

COMPANY FACTS AND FIGURES:

Year Incorporated: August 1998

Corporate Headquarters: Akamai Technologies Inc. Corporate Headquarters 150 Broadway Cambridge, MA 02142 www.akamai.com

Security Operations Center Ft. Lauderdale, FL

Akamai Technologies, Inc. is Publicly Traded: (NASDAQ: AKAM)

Revenue 2014 annual revenue of $1.96 billion, up 24 percent year-over-year (http://www.akamai.com/html/investor/financial_reports.html)

Dun and Bradstreet Report: Akamai Technologies Inc. DUNS # is 128521528 Akamai has included an S&P Capital IQ report along with a the Fidelity/S&P Capital IQ Financial Statement

Current Employees 5,100+

Akamai’s customers are some of the best-known organizations in the world.

Over 20 public and private sector on-line education services

Multiple K-12 and Higher Education institutions

Both Houses of the U.S. Congress

All Branches of the U.S. Military

All 15 Cabinet Agencies of the US Government

10 out of the top 10 US Banks

All top 20 global eCommerce Sites

All top anti-virus companies

All top 30 Media and Entertainment companies

Akamai is proven.

Akamai delivers daily Web traffic reaching more than 26 Terabits per second.

Akamai delivers over 2 trillion of daily Internet interactions.

90% of the world's Internet users are within a single "network hop" of an Akamai server.

Akamai can work with any customer's Web environment, no matter how sophisticated.

September 3, 2015 AKAMAI CONFIDENTIAL Page 5 of 15

ACCREDITATIONS AND COMPLIANCES

Akamai services current support the following compliances and accreditations:

FedRAMP- Provisional JAB ATO

FISMA

FIPS 199- Low and Moderate ATOs

PCI- Tier 1 Merchant Service Provider

ISO-27002

FedRAMP- Provisional JAB ATO The Akamai Intelligent Platform has been FedRAMP accredited with a Joint Authorization Board (JAB) Provisional Authority to Operate (P-JAB-ATO) that meets the FedRAMP requirements as a Public Cloud Service Model and an Infrastructure as a Service (IaaS) Model. A FedRAMP P-JAB ATO is a certification by the JAB of Akamai’s compliance with FISMA as well as several of the NIST Special Publications, including NIST 800-53, and FIPS publications. Akamai’s FedRAMP information can be found here, http://cloud.cio.gov/fedramp/akamai.

The accreditation boundary for the Akamai Content Delivery Network (CDN) covers a majority of Akamai’s infrastructure and services, including:

Content Delivery Infrastructure & DDoS Mitigation Services Internal Systems & Infrastructure

HTTP Delivery Edge Servers Luna Control Center Portal Akamai NOCC

DNS & DNSSEC Service HTTPS (Secure Delivery) Edge servers Key Management Infrastructure

Streaming Servers Global Traffic Management (GTM) System Akamai’s DNS Servers

NetStorage FISMA Prior to the FedRAMP Mandate, Akamai had already meet FISMA compliance and supported a Moderate SP 800-53 baseline of controls with one sub-network supporting a High controls baseline with additional configurations and products prior to our FedRAMP accreditation in August 2013. Akamai also supports custom DoD/Intel requirements.

FIPS Prior to our FedRAMP Accreditation, Akamai had received an Authorization to Operate (ATO) from the US Department of Homeland Security (DHS) and the Nuclear Regulatory Commission at a FIPS-199 LOW, and an ATO as part of a larger US Air Force system at a FIPS-199 Moderate. Our DHS ATO and support package is available as a reference, from our DHS COTR upon request.

PCI- Tier 1 Merchant Service Akamai is certified as a Tier 1 Merchant Service Provider under PCI-DSS, as evidenced by our listing on the Visa website. To maintain this accreditation, Akamai undergoes quarterly network scanning and annual penetration tests by a 3rd party certified by the PCI standards council.

ISO-27002

Akamai has implemented an Information Security Management System (ISMS) based on the ISO 27001/2 (formerly 17799) Code of Practice for Information Security Management and undergoes an annual assessment by an independent third party in accordance with the ISO standard. As a cloud computing provider, we are unlike the traditional hosting providers who engage in accreditations of the ISMS of a data center against the Operations Management domain of ISO 27001/2. Instead, we engage our auditors to investigate our ISMS as it applies to the complete ISO 27001/2 set of

September 3, 2015 AKAMAI CONFIDENTIAL Page 6 of 15

controls, against our entire company, both corporate facilities and the production network of tens of thousands servers in approximately a thousand networks. We provide the summary of findings from that assessment to our customers as evidence that our security program is in-place and functional, the executive summary of which is available to existing and prospective customers under NDA.

Code of Ethics & Regulatory Compliance Akamai is committed to conducting our business with the highest level of ethics and integrity and in compliance with all applicable laws and regulations. Akamai expects all of our executive officers and managers to be leaders in adhering to high ethical standards and all employees to follow suit. We strive to deal honestly and fairly with all parties with whom we interact in the course of our business. To formalize this commitment, Akamai has adopted a Code of Business Ethics that applies to all of our employees. In addition, Akamai adheres to Sarbanes-Oxley Compliance regulations, quarterly employee trainings and holds an Acceptable Use Policy to maintain the integrity of traffic delivered on its network.

AKAMAI CLOUD SECURITY SOLUTIONS

Akamai cloud security solutions provide cloud-based protection not only from DDoS attacks targeting your network infrastructure and web sites/applications, but also from web application attacks targeting the integrity and confidentially of your data.

Akamai has several offerings which address:

Web Site and Application Security

Network Layer and Infrastructure Security

DNS Layer Security

WEB SITE & APPLICATION SECURITY- KONA

Akamai’s Kona security services provide cloud based Web site and application security features. Built into Akamai’s Content Delivery Platform, a globally distributed platform consisting of 175,000 servers deployed in over 102 countries on 1,300 networks, Kona offloads the amount of traffic coming into the origin, regardless of the origin location, and inspects inbound traffic using Akamai cloud based WAF.

A site or application can be configured using Kona on the Akamai Intelligent Platform by simply doing a CNAME to Akamai in the DNS.

The Kona solution provides:

HTTP and HTTPS content delivery over our global platform of 175,000 servers, including over 60,000 in the US

Dynamically elastic-absorbing peak traffic caused malicious activity or increased demand for content without impacting performance

Route traffic dynamically to mitigate the ever changing network conditions of the Internet

DDoS Mitigation and Enhance security by identifying, absorbing, and blocking security threats

IP white/black list controls and geo-blocking

Rate limiting controls

A fully functional cloud base Web Application Firewall (WAF) o Includes OWASP Top 10 and ModSecurities CRS o Also includes proprietary rules which fill gaps in the industry standard CRS.

September 3, 2015 AKAMAI CONFIDENTIAL Page 7 of 15

o Fully configurable, allowing for site/application specific policies and custom rule creation.

Client IP Reputation o Using the threat intelligence data aggregated by the Akamai platform to identify IPs

pushing malicious traffic, and assigning a risk score based on the volume and type of traffic, to dynamically block IPs actively pushing malicious traffic.

Direct to Origin protections which only allow connections from clients passing through the Akamai reverse proxy, and the security controls within The Akamai Intelligent Platform.

Site Failover to custom web pages.

100% availability SLA of the Akamai Intelligent Platform

Kona can be contracted as a self-managed service or a managed service. When contracted as a managed service, Akamai’s security experts working in our Security Operations Center (SOC) will also provide:

Customer specific documentation of incident response procedures and escalation processes.

Traffic Rate monitoring

24x7 Attack Mitigation Support

In addition to the security benefits, Kona will provide performance improvements gained from the reverse proxy caching functionality and routing optimizations. Furthermore, Akamai’s advanced performance optimizations can be used in conjunction with Kona’s security features. The advanced optimizations are able to dynamically adapt content based on a client user’s location, device, and current bandwidth, thus provide ding an optimal user experience for all users regardless of device.

NETWORK & INFRASTRUCTURE SECURITY- PROLEXIC

Not all attacks are going to target the application layer (Ports 80/443). For attacks targeting the infrastructure, Akamai recommends our Prolexic solution.

As part of the Akamai Intelligent Platform, Prolexic provides a cloud-based architecture to protect organizations from DDoS attacks before they reach the data center. It employs a globally distributed DDoS mitigation infrastructure to inspect network traffic for DDoS attacks and then mitigate those attacks, forwarding clean traffic to the data center. By stopping attacks in the cloud, Prolexic can provide several benefits over traditional approaches including massive scale, reducing costs, simplified deployment and leveraging Akamai’s expertise.

Prolexic provides organizations with dynamic protection against a broad range of potential DDoS attack types, regardless of complexity and even as they change over the course of an attack. This includes both network-layer DDoS attacks, such as UDP and SYN floods, as well as application-layer DDoS attacks, such as HTTP GET and POST floods.

September 3, 2015 AKAMAI CONFIDENTIAL Page 8 of 15

Prolexic Service Flow

Each scrubbing center contains the full range of DDoS mitigation technologies and inspects network traffic passing through it and mitigating any discovered DDoS attacks. Customers route their network traffic onto the Akamai platform by making a BGP route advertisement change. Once activated, Prolexic will propagate the route to all scrubbing centers and advertise it to the Internet. This provides the following benefits:

All inbound network traffic routes through a scrubbing center where Akamai SOC staff can inspect it for DDoS attack characteristics.

Users and attackers automatically route through a high performance scrubbing center, distributing attack load while minimizing additional latency for legitimate users.

Outbound network traffic returns to the user through its normal path without routing through a scrubbing center.

The service provides a high level of redundancy. If a scrubbing center ever goes offline, network traffic will automatically route to next closest scrubbing center.

After inspecting for DDoS attacks, Prolexic Routed then forwards clean traffic to the destination data center. The Akamai platform uses a private backbone to backhaul clean traffic to one of two scrubbing centers closest to the destination data center, where it is then forwarded through a Generic Route Encapsulation (GRE) tunnel or a direct connection to the origin data center.

Within each scrubbing center, Akamai employs over 20 different security technologies to mitigate different types of DDoS attacks. Akamai SOC staff performs real-time analysis of network traffic during ongoing attacks and apply different mitigation technologies as needed, even as the attack vectors employed change over time. Through a cloud-based service delivery model, organizations benefit from Akamai’s experience in selecting and managing best-of-breed DDoS mitigation technologies for the most effective response to any type of DDoS attack.

All scrubbing centers employ a dual-path architecture that segments clean and DDoS attack traffic, as shown in figure below. In normal operation, network traffic will pass through the scrubbing center on a bypass network path with minimal additional latency. When an attack is detected, Akamai SOC staff will isolate traffic to targeted destination IP addresses and reroute it through a separate mitigation network path within every scrubbing center for further analysis and mitigation.

September 3, 2015 AKAMAI CONFIDENTIAL Page 9 of 15

Prolexic Traffic Segmentation

Segmenting clean and suspected attack traffic provides two advantages:

1. By automatically routing traffic to non-targeted IP addresses through the bypass network path, Prolexic minimizes the performance impact of mitigation activities on clean traffic.

2. By applying mitigation only to traffic destined for known targeted IP addresses, Prolexic minimizes the risk of collateral damage that mitigation activities may have on clean traffic and other applications.

Prolexic can be implemented as an Always-On or On-Demand solution. When used in an On-Demand configuration, customers would simply push out a BGP route advisement to route traffic to the Prolexic scrubbing platform when an attack or suspicious activity is detected.

When Prolexic is used in an “On-Demand” posture it is recommended to leverage our Flow Based Monitoring (FBM) service. This service allows the customer to export sampled netflow from their edge (internet facing) routers directly to Akamai flow collectors. This data is sampled every 60 seconds and compared to established baselines from the previous 7 days. Volumetric anomalies trigger alerts that when reaching critical levels; trigger the Akamai SOC to engage with the customer via their personal runbook. These alerts can also be viewed in the customer portal and accessed via API. Once the customer is engaged and if the decision is made to route traffic over the Prolexic Routed service, the Akamai SOC has additional tools at their disposal to monitor levels of traffic destined for the customer IP network. These tools are helpful as attackers often change targets during the course of an attack. Prolexic is a managed service utilizing a people-driven security strategy, relying on trained and dedicated security experts to inspect for and mitigate DDoS attacks originating anywhere in the world from Akamai’s 24x7 SOC. SOC staff perform real-time analysis of ongoing attacks and provide the ability to respond to changing attack vectors and multidimensional threats. A Security Services Primary (SSP) is assigned to each customer. The SSP will work with the customer to provide an incident response Run Book which documents a customer specific incident response processes, escalation paths, and points of contact. During attacks, Akamai security experts provide the experience necessary to respond quickly and effectively to new and developing DDoS attacks, followed by a post attack summary report, documenting the incident, response, and recommendations based on analysis of the incident.

DNS PROTECTION- FastDNS

Akamai Fast DNS provides customers with a robust, reliable, and scalable outsourced DNS solution to dependably direct end users to enterprise Web site applications. Fast DNS is the only Primary and/or Secondary DNS solution that leverages the Akamai Intelligent Platform; requiring no change to existing DNS administration processes, and provides unparalleled reliability, scalability, and performance of DNS resolutions.

Due to the size and distribution of the Akamai Intelligent Platform, Akamai’s Fast DNS provides a high performance, highly scalability, and 100% available DNS resolution service. Using a secondary DNS

September 3, 2015 AKAMAI CONFIDENTIAL Page 10 of 15

approach, Fast DNS allows content providers to retain existing processes for DNS zone administration while leveraging the Akamai Platform to improve scalability, performance and availability.

Akamai's use of IP Anycast further leverages the relationships Akamai has developed with a large number of networks, providing for true global scalability to reach. It gives organizations the ability to back each advertised name server IP address with multiple physical machines that are located in several networks on multiple continents.

FastDNS supports the DNS Security Extensions (DNSSEC), described in RFCs 4033, 4034, and 4035, enable zone administrators to digitally sign zone data using public key cryptography, thus proving its authenticity. The primary premise of DNSSEC is to prevent DNS cache poisoning and DNS hijacking. To ensure that all of our customers have the ability to deliver zones signed by DNSSEC, Akamai has DNS enhancements that support the following two scenarios: Sign and Serve DNSSEC, where Akamai manages signing the zone, key rotation, and serving the zone; and Serve DNSSEC, where you manage signing the zone and key rotation, while Akamai serves the zone.

Akamai’s DNS service provides a consistent pricing structure. Fast DNS pricing is based on a flat rate per Zone, with a Zone being a unique Start of Authority (SOA) Record. The Fast DNS pricing structure allows for unlimited DNS requests. There will be no extra charges or penalties associated with increase traffic volume or increased number hits caused by flash traffic or DDoS attack.

Akamai's DNS Solution can be managed either as Primary or Secondary, each can be configured on a secure web based user interface “Luna Control Center”. Akamai provides the flexibility for customers to assign Access Control Rights on a per user basis per zone basis.

Primary DNS This solution provides the ability for customer to host DNS records and services as well as the authority for DNS resolutions occurs within the Akamai Distributed Computing Platform Cloud. This solution provides customers the ability to configure their DNS records and zones via the Luna Control Center and APIs. Additionally there is a module to provide support for DNSSEC and enable customers to offload the DNSSEC signing process.

Secondary DNS This solution allows customers to still administer their zone data on their primary DNS servers. This allows providers to retain their existing business processes for change management of zone data, and not be restricted to intrusive or inconvenient administration mechanisms. Customers have the capability to support DNSSEC were Akamai is serving what the primary DNS servers provide or the ability to offload the DNSSEC signing process completely to the Akamai Distributed Computing Platform Cloud.

Global Traffic Management In addition to providing DNS resolution services, Akamai DNS platform can also provide a Global Traffic Management (GTM) solution. In terms of security, GTM provides cloud based Disaster Recovery solution, dynamically routing traffic to an alternate hot site should the primary data center become unavailable.

Fast, automatic failover is critical to eliminating downtime. For government services downtime can erode constituent trust, prevent adoption, and drive constituents seeking services to agency offices and call centers.

September 3, 2015 AKAMAI CONFIDENTIAL Page 11 of 15

Rob San Martin Regional Sales Manager Akamai Technologies (703) 621-4030 rsanmart@akamai.com

it.]

GTM monitors the availability of data centers from several locations using custom Akamai test agents. Each test agent periodically performs one or more liveness tests on the customer servers to determine their availability. Failover to a backup server is initiated when a majority of test agents reports a primary as being unavailable. Once the primary becomes available again, the test agents detect the availability, and GTM rolls traffic back from the backup to the primary.

GTM Failover:

When primary is down, end users are resolved to backup.

CONTACT INFORMATION

John Baez, Major Account Executive, and Rob San Martin, Regional Sales Manager, will be Akamai points of contact for this submission.

John Baez Major Account Executive Akamai Technologies 702 Cutlass Drive Austin, TX 78734 (512)-925-5515 jbaez@akamai.com

September 3, 2015 AKAMAI CONFIDENTIAL Page 12 of 15

Please do not hesitate to contact John or Rob Should you have questions or require any clarifications regarding our submission.

AKAMAI RESPONSE TO RFI SECTION IV

The following is Akamai’s response to Section IV of the Florida DMS RFI.

We have included the requested information from the Florida DMS RFI, maintaining the formatting and number structure.

Akamai’s responses are provided following each of the Florida DMS requests in blue font. 1) Pre-Incident Services:

a) Incident Response Agreements – Terms and conditions in place ahead of time to allow

for quicker response in the event of a cyber-security incident.

Akamai Response:

All of Akamai’s Services come with clearly defined Terms and Conditions, Service Level Agreements and Acceptable Use Policies. The specifics of the Terms and Conditions vary depending on the specific solutions and services being leveraged.

Akamai’s Managed Security solutions, such as Prolexic, provide specific Time to Mitigate SLAs.

Time to Mitigation SLAs

Attack Type Typical

Time to Mitigate Guaranteed

Time to Mitigate

UDP/ICMP Floods 1 minute or less 5 minutes

SYN Floods 1 minute or less 5 minutes

TCP Flag Abuses 1 minute or less 5 minutes

GET/POST Floods 10 minutes or less 20 minutes

DNS Reflection 5 minutes or less 10 minutes

DNS Attack 5 minutes or less 10 minutes

Akamai’s Manage Security Solutions also include the creation of a customer specific Security Incident Run Book. This document will define the escalation process and any special details of your configuration (if applicable) as well as identify all key points of contact for both our customer and Akamai.

The Run Book is a joint collaboration between the customer and the Akamai Security Services Primary who will be assigned to your account. The Security Services Primary will also initiate periodic reviews of the Run Book to ensure that all procedures and Points of Contact are still valid and up to date.

Mitigation requiring traffic analysis and custom signature deployment

September 3, 2015 AKAMAI CONFIDENTIAL Page 13 of 15

b) Assessments – Evaluate a State Agency’s current state of information security and

cyber-security incident response capability.

Akamai Response:

Akamai has two professional service offerings which address this need.

1. Security Assessment Services Package

2. Managed Security Services

The Akamai Security Assessment package provides you with an in-depth picture of the vulnerability of your Website through a customized vulnerability scanning and analysis. It helps you understand and act against potential risks integral to your application architecture and design.

Based on our findings, we will make recommendations for refining your front-end architecture, the use and configuration of Akamai’s Security Services, and any industry security best practices (as applicable).

The results are compiled in a detailed report that helps you to:

Refine your application Architecture to protect against Web application attacks.

Understand and quantify the protections available from Kona Security Products.

Deploy and configure your Akamai Security Services to provide maximum protection while minimizing risk of false positives.

Identify gaps in your security posture as compared to security best practices.

Akamai’s Managed Security Services will provide periodic reviews and assessments as well as the creation of a customer specific Security Incident Run Book. This document will define the escalation process and any special details of your configuration (if applicable) as well as identify all key points of contact for both our customer and Akamai.

The Run Book is a joint collaboration between the customer and the Akamai Security Services Primary who will be assigned to your account. The Security Services Primary will also initiate periodic reviews of the Run Book to ensure that all procedures and Points of Contact are still valid and up to date.

In addition, Managed Security Services provide Annual Table Top Drill, during which various attack scenarios are reviewed. The goal of the drill is to ensure that escalation paths, best practices, and procedures are being followed as well as validating that all information contain within the Run Book are properly documented or updated.

c) Preparation – Provide guidance on requirements and best practices.

Akamai Response

Any Akamai Professional services engagement, including security assessments, custom consultation services, or implementation of Akamai security services will include guidance on requirements and best practices

d) Developing Cyber-Security Incident Response Plans – Develop or assist in development of written State Agency plans for incident response in the event of a cyber-security

September 3, 2015 AKAMAI CONFIDENTIAL Page 14 of 15

incident.

Akamai Response

Akamai can absolutely support in the development of Incident Response plans. As part of any Security Services engagement, Akamai’s Security Specialists will make recommendations and advise on best practices.

If desired, Akamai can provide custom consultation services, beyond the standard scope of our Security Assessment Package or Managed Security services.

e) Training – Provide training for State Agency staff from basic user awareness to technical education.

Akamai Response

Training is part of any Akamai services implementation.

Additionally, Akamai holds training courses on Akamai’s service and best practices throughout the year at various locations around the county and custom onsite training can also be provided.

2) Post-Incident Services:

a) Breach Services Toll-free Hotline – Provide a scalable, resilient call center for incident response information to State Agencies.

Akamai Response

Akamai’s Managed Security Services are operated by our Security Operations Center (SOC) in Fort Lauderdale, Florida. The SOC can be contacted 24x7 to support security incident responses and mitigations.

For existing customers under our Managed Service Plans the Akamai Security Operations Center (“SOC”) provides a Single Point of Contact for your security needs and is available 24/7/365.

Akamai has developed a suite of processes and procedures that reflect our experience and best practices. These processes are designed to engage the most appropriate resource in the shortest time possible.

At any point in time for immediate customer escalations, customers can contact the SOC Manager on duty. This person can appropriate any required resources upon request.

Note that normal Akamai Services can only be provisioned during peace time. If a client is under attack without any Akamai Services we have an emergency procedures to put in place.

Akamai provides accelerated implementation and activation of selected Kona Security Services for customers in emergency situations to defend against network and application layer attacks.

b) Investigation/Clean-up – Conduct rapid evaluation of incidents, lead investigations and provide remediation services to restore State Agency operations to pre- incident levels.

Akamai Response

September 3, 2015 AKAMAI CONFIDENTIAL Page 15 of 15

For security incidents, a Post Event Summary will be sent to our customers by the SOC, describing what happened and the mitigation steps that were taken, along with any further recommendations.

c) Incident response – Provide guidance or technical staff to assist State Agencies in response to an incident.

Akamai Response

Akamai’s Security Operations Center (SOC) will provide guidance and support during security incident responses and mitigations.

d) Mitigation Plans – Assist State Agency staff in development of mitigation plans based on investigation and incident response. Assist State Agency staff with incident mitigation activities.

Akamai Response

The Post Event Summary, sent to our customers by the SOC following a security Incident will include recommendations based on the investigation and incident response. Akamai will tune and adapt DDoS mitigation equipment and processes based on individual customers' needs.

e) Identity Monitoring, Protection, and Restoration – Provide identity monitoring, protection, and restoration services to any individuals potentially affected by a cyber-security incident.

Akamai Response

Identity monitoring and protection services are not part of our portfolio.