The Akamai Blog Subscribe
September 2013 Archives
Security Webinars for SMBs
I'm pleased to announce a trilogy of webinars set for next month on web app security for SMBs: small-to-medium-sized businesses. We'll discuss the basic ingredients of web security for SMBs and eCommerce, common problems found at the mom-and-pop level, and ways to better prepare for security audits. Common hacking techniques and ways to defend your networks against them will also be covered. And, with the holiday shopping season coming up, we'll examine common
5 Noteworthy Security Headlines
Every morning I scan the news headlines for stories that may have an impact on Akamai customers and the wider security community. Today I direct you toward five items worth keeping an eye on. Data Broker Giants Hacked by ID Theft Service By Brian Krebs, Krebs on SecurityAn identity theft service that sells Social Security numbers, birth records, credit and background reports on millions of Americans has infiltrated computers at
Why should I care about Rendering Engines?
The following is a guest post from Enterprise Architect Matt Ringel, Senior Enterprise Architect Joseph Morrissey and Enterprise Architect Manuel Alvarez. This is a follow up post to the Boston Web Performance Meetup presentation by the Professional Services team - The Render Chain and You. There are many factors that affect your site performance and one of the less discussed ones is the Rendering Engine. There are a lot of
Get Inspired at Akamai Edge 2013!
Edge is a must-attend event for global Internet business leaders looking to take their online operations to the next level. In addition to great networking events and amazing speakers, Edge connects you with the tech experts and innovation engineers who are available for hands-on lab sessions, 1:1 consultations, or an informal chat. All have the insight and know how to address your technical challenges head-on - no matter what they
Akamai InfoSec at Several Security Cons This Week
There are several important security conferences this week and this coming weekend, and Akamai InfoSec will participate in all of them. Security Advocate Dave Lewis is at two events in Chicago: ASIS 2013 and the (ISC)2 Congress.London-based Security Advocate Martin McKeay is attending BruCON 2013 in Ghent, Belgium. Meanwhile, Akamai CSO Andy Ellis and Security Intelligence Director Joshua Corman are headed to DerbyCon 3.0 in Louisville, Kentucky. Andy will give a
Building a Security Page
Earlier this month, I told you about the second phase of efforts to raise Akamai's profile as a security company. This post is an update on the last goal I mentioned: creating a security page on the Akamai website.The page will allow InfoSec practitioners to access all our security content in one place. There will be easier access to the security blog posts, podcasts and videos we already produce daily
Podcast: Akamai InfoSec's Larry Cashdollar
In this week's Akamai Security Podcast, I talk to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry discusses the mechanics of his job and the particular threats he and the team have been tracking and defending against. Listen here.
The Bouncer and the Concierge
Most of the readers of this blog already know Akamai and our connection to e-Commerce. We've been helping IR 500 companies accelerate traffic for 15 years. Today 96 of the Top 100 retailers (as measured by Internet Retailer) take advantage of the Akamai Intelligent Platform to optimize content and deliver traffic. What many of you may not know is that in addition to delivering performance, Akamai also protects etailers
Defending Against Watering-Hole Attacks
A researcher at Cisco Systems published a blog post yesterday that Akamai customers and the larger security community should be aware of. The subject: "watering-hole" attacks. It's something Cisco researchers -- and Akamai's CSIRT team -- have been tracking for some time. In May, Threat Research Engineer Jaeson Schultz wrote about the increasing popularity of the attack technique. He wrote at the time, "Watering-hole attacks, as evidenced by the recent attack
Akamai Edge 2013: The Deeper Security Dive
A few days ago I told you about all the security awesomeness planned for the Akamai Edge customer conference. Today, I'm delving deeper into the agenda for a look at the more technical talks. For the overview, see the post "Security Front and Center at Akamai Edge 2013." Now for that deeper dive... Wednesday, Oct. 9: Noon-1:30 p.m.: Financial Services Roundtable Lunch: Security Information Sharing - Lessons Learned from Financial
How to increase the size of your page without affect ...
The following is a guest post from Director Global Service Delivery Patrice Boffa and Associate Solutions Architect Seema Puthyapurayil.We know that the average page size tends to increase overtime; we can confirm this statement using the available Web performance data in Google BigQuery and HTTP Archive. Analyzing the HTTP Archive data for + 300,000 popular sites in the last nine months, we can validate that the average page size increased
Attacks Lighter Than Expected Amid 9-11 Anniversary, ...
A couple weeks ago, Akamai's CSIRT team warned that chaotic actors could use the anniversary of 9-11 and news of potential military action in Syria as an excuse to unleash a fresh wave of DDoS attacks. Fortunately, the week turned out to be pretty quiet.The Syrian Electronic Army (SEA), a pro-Assad hacking group, mostly held its fire, and those wanting to exploit the 9-11 anniversary were nowhere to be found. I asked Mike Kun
Podcast Interview: Akamai InfoSec's Meg Grady-Troia
I recently spoke with Meg Grady-Troia about her role in Akamai InfoSec, particularly the security training she does for new hires. In addition to training, Meg works to inform and educate Akamai sales staff and customers about platform security at Akamai. She also develops white papers, short documents and other materials, as needed, to support Akamai's development as a security company.She also explains how she shifted from a career in restaurant
Security Front and Center at Akamai Edge 2013
At this year's Akamai Edge Conference, taking place Oct. 7-11 in Washington DC, security will be a central part of the agenda. One of the three tracks this year is a Web Security Symposium, tailored to meet the needs of security professionals looking to protect their organization from unwanted network or application layer attacks, while improving the exchange of information between employees, customers and business partners on any device, anywhere.
Slow DoS on the Rise
The following is a guest post from Senior Enterprise Architect David Senecal and Sr. Solutions Architect Aseem Ahmed Recent years have been very dramatic in security landscape with emerging threats; the application layer is now a more prominent target. The new (and deadly) Layer 7 attacks called slow HTTP Denial of Service (DoS) attacks are on the rise. Although they are not as new as they might sound, anything that
Microsoft's September Patch Matrix
Microsoft released it's monthly patch load this week. To help identify and deploy the security fixes, here's a table showing the different bulletins, the severity of the flaws, and the products impacted.Bulletin IDBulletin Title and Executive SummaryMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected SoftwareMS13-067Vulnerabilities in Microsoft SharePoint Server Could Allow Remote Code Execution (2834052) This security update resolves one publicly disclosed vulnerability and nine privately reported vulnerabilities in Microsoft Office
Internet Security Central To Danny Lewin's Legacy
With the 14th anniversary of 9-11 this week, I'll be focusing on posts about the legacy of Danny Lewin -- Akamai co-founder and casualty of that terrible day. I'll also look at Akamai's crucial role in keeping the Internet afloat that day and in the aftermath, and how it shaped the way we operate today. Let's begin with this post, originally written in June, as I was getting up to
Multiple DDoS Attacks Possible Amid Action in Syria, ...
Emotions will already be high next week with the 12th anniversary of the 9-11 attacks. On top of that, Congress is expected to debate and possibly authorize military action in Syria. This has Akamai InfoSec's CSIRT team on high alert.In recent weeks we've told you about the activities of the Syrian Electronic Army (SEA), a pro-Assad hacking group. Mike Kun and Patrick Laverty, two of our CSIRT team members, have been tracking the potential
Mobile Computing... Convenient but Maybe Not So Gree ...
Just when I thought the trend toward smaller, more efficient mobile computing was taking us in a greener direction, a recent study by the Center for Energy-Efficient Telecommunications (CEET) finds, in fact, we're creating a monster. To date, attention to the rapidly expanding energy consumption and concomitant carbon emissions of the Internet has been focused on data centers. A New York Times series targeted the data centers of major Cloud players such
Learn about the Brand New Developer Track at Akamai ...
This October at the Edge Global Conference I'll be joined by technology visionaries from a wide range of industries and organizations discussing topics related to creating cutting edge experiences ... faster. I'm specifically excited to share details about the new Developers' Track we'll be introducing. We have some fantastic presenters lined up, including Geoffrey Moore - Author and Business Strategies; Gene Kim - VisOps Author and Entrepreneur; Jason Grigsby -
No Matter Your Experience, Adversaries Will Occasion ...
One of the challenges of working in the security community is that you are expected to be fully aware of risk at all times. But as humans we all slip up sometimes. I was reminded of that yesterday when I helped out with a training session for new Akamai employees.In these training sessions, we go over Akamai security procedures and how employees are to conduct themselves. There are the obvious
Crush the Rush - Maximizing Holiday Performance
The following is a guest post from Senior Solutions Engineer Eric Mingorance* This is the third blog post to our "Crush the Rush" holiday readiness webinar seriesChristmas started in July this year. Not just because "Drugstores ‛R Us" and the "ShopMarts" of the world are ever expanding the holiday window in hopes of more consumer revenue, but because Online Marketing, IT, eCommerce and Network departments in the Internet-retail-world started preparing
Telling Akamai's Security Story: Part 2
Three months ago when I started at Akamai, I told you the goal was to tell some Akamai InfoSec stories and make it clear how A.) we make sure our own house is secure, and B.) we provide an ironclad defense for customers. Here's an update to explain how we're doing that.There are the almost-daily posts in this blog. There's plenty going on in our security department every day, which means