Akamai Diversity

The Akamai Blog

Linux Kernel TCP Vulnerability

On the week of July 15th researcher Juha-Matti Tilli disclosed a vulnerability he discovered in the Linux kernel to the kernel maintainers, the National Cyber Security Center - Finland (NCSC-FI), CERT Coordination Center (CERT/CC), and Akamai. The vulnerability, CVE-2018-5390, is a resource exhaustion attack triggered by a specially crafted stream of TCP segments which creates expensive processing within the Linux kernel.

In preparation for the public disclosure of the vulnerability, Akamai prepared and began deploying patches for its network.  Simultaneously, Akamai has been working with external parties to ensure that the solution works, verifying that the fix was sufficient to protect its network and customers. Akamai continues to work closely with the vulnerability coordinators at NCSC-FI and CERT/CC to aid the vulnerability disclosure, testing and notification processes.

This issue impacts nearly all current Linux systems, while versions of the Linux kernel release 4.9 or later being the most susceptible. Release version 4.8 and older, while still impacted, require more malicious traffic to exhibit the same level of resource exhaustion.

Threat Identity...The First Line of Defense

Last quarter, we discussed zero trust and identity in regard to remote application access. This focus was primarily looking at enterprise users seeking to gain access to applications on a network where there are no boundaries: The internet. In the concept of zero trust, the internet is considered hostile and users are accessing resources from multiple devices and from many different locations. With this in mind, it is critical for organizations to be able to identify:

Experts that support your digital transformation

If your business is like many, your customer's experience is a top priority. In an age of fast paced digital transformation, meeting the needs of a unique global user base while securely delivering quality web based experiences, continues to grow in complexity.

Why would customers choose me?

Competitive Differentiation Guide for Financial Services in Digital India

We are a young nation 1.3 billion strong, of which just about 500 million are active internet users. Not a small number by any means.  We have world's second largest pool of internet users and our online population is larger than the total population of United States of America!

However, what we as a nation along with the whole world, really have our eyes on, are those next billion users coming online. We all are witnessing that future in the making as India's policy makers, telecom operators, regulators and businesses across various industries are collectively and relentlessly working to make it happen. Reliance Jio added 100 million users to India's internet population just in 2017 and we continue to add 10 million users per month accordingly to Google. This incredible scale and pace of India's digital revolution, presents an unprecedented growth opportunity for all business including financial services viz. banking, asset management, credit cards, payments or insurance.

In 2014, a smart refrigerator had been caught red-handed for spawning over 750,000 spam emails after hijacked by a botnet attack. It is the first documented attack worldwide for Internet of Things to have fallen prey to hackers[i]. A more recent case in the US concerns an internet connected thermostat in an aquarium, which hackers successfully controlled to access the high-roller database of gamblers in a casino[ii].

Best security practices for Trusted TLS Intermediary

According to Google over 75% of public websites are accessed over encrypted connections using HTTPS, with the use of HTTP diminishing. As expected, the bad actors are following the crowds, and using HTTPS to hide their activities.

ARE YOU LEAVING YOUR SECURITY BACKDOOR OPEN?

Gartner predicts that enterprises will spend $96 Billion on cyber security this year, up 8% from their spend in 2017. That's a big chunk of change. To put it into context, that spend is in the same ballpark as the individual GDPs of Venezuela, Sri Lanka and Puerto Rico in 2018.

The underlying protocols of the Internet continue to evolve, and massive events such as the World Cup are a great opportunity to see this in action.  A single-match peak for live video streaming of 22.5 Tbps was set on Akamai on Tuesday July 10 during the semi-final in Russia between France and Belgium.  Akamai helps deliver World Cup coverage for a large number of broadcasters and subscription-based streaming services, meaning that we have a diverse set of customer configurations and end-user populations.  Across these customers, we're seeing an increasing use of technologies such as HTTPS (delivering streaming segments over the encrypted-and-authenticated TLS) as well as enabling content for delivery over IPv6 as well as legacy IPv4 ("dual-stacking").

Akamai Welcomes Girls Who Code

Akamai employees in Cambridge have started to see some new faces around the office for the summer - 20+ high school juniors to be specific!

For the fourth consecutive year, Akamai is partnering with Girls Who Code to host a seven-week long summer immersion program dedicated to closing the gender gap in tech. The girls will learn the basics of programming, robotics, data analysis and visualization by attending classes and workshops, going on field trips, and meeting with female Akamai employees as mentors.

We kicked off the program on Monday evening with a meet and greet to welcome both the girls and their parents to the Akamai family. We heard from Akamai CEO Dr. Tom Leighton who reiterated Akamai's commitment to encouraging more girls and women to explore careers in tech. Mallory Grider, an Akamai intern and former teaching assistant with Girls Who Code, also left us with an inspiring closing statement by reminding the girls that despite how male-dominated the tech industry is, each and every one of the them has a right to pursue a career in computer science.

No Apps Left Behind on Your Zero Trust Journey

Complexity kills productivity. When it comes to enabling application access, enterprises should not have to choose between user experience and complex techniques that ensure application security. Traditionally, perimeter security is built on an assumption that whatever is inside the perimeter is trusted and users can access any corporate application through traditional authentication approaches. That's a big assumption that has become outdated based on the amount of recent attacks and data breach post mortems. The old model of perimeter security has lost its relevance. We are moving from a "trust, but verify" mantra to a "never trust, always verify" one.