Akamai Diversity
Home > December 2013

December 2013 Archives

Akamai at the International CES: 5 Predictions

Since the International CES has become such a focal point for the convergence of content and technology, the lead-up to the show tends to generate a fair amount of buzz around Akamai about what's to come (and, frankly, what may have passed), how the industry sees content delivery and consumption evolving, and what might be the "next big thing" coming out of the event. In what's becoming an annual prediction - and occasionally snark - contest, we invited some Akamai staffers with particularly keen interests in CES to forecast a few trends for the January confab.

Without further ado, here are five predictions for next week's CES:

  1. Connected cars for the always-on consumer. We're seeing more and more auto announcements at CES, as opposed to auto shows, because of the impressive technology they sport. As consumers, we're increasingly reliant on our mobile devices, and auto manufacturers are finding new ways to connect our cars and smartphones - and many of our other devices. We're certainly going to see lots of connected cars and their new technologies at the event this year. It might be a stretch for this year's show, but what if, someday, cars could talk to each other? Just imagine how that would impact traffic patterns! - Kris Alexander, Chief Strategist, Connected Devices and Gaming
  2. A pair of 4K eyeballs to go with those snazzy new ultra high-def TVs, because I'm still seeing the same HD stuff I did with my ol' $600 HD TV from last year. OK, it's not likely, but there's going to be a lot of talk about how we can deliver 4K content on these impressive screens. - Troy Snyder, Vice President of Ecosystem/Executive Producer
  3. The death of 3-D. You can stick those glasses in your time capsule because 3-D was a short-lived fad. I doubt we'll see much advancement or interest in 3-D this year. - Will Law, Principal Architect, Media Engineering
  4. 4K is here to stay - and there are new use cases for it. 4K or ultra high-definition screens are cool, but this tech is about much more than crisp content on your TV. It doesn't make sense for screens smaller than 65 inches, so the uses of it will be different than the average TV screen. Think a wall-sized interface, like the slick living room demo Cisco showed at NAB this year - there will likely be more examples of that use case at CES in 2014. - Kurt Michel, Director of Product Marketing, Digital Media Solutions
  5. Who will become the "Kayak" of content? Various set-top boxes and services stream over-the-top video today, and with every new offer comes a new "thing" consumers need to get. With the arrival of new, highly connected devices like game consoles, the question becomes: Who will make consumers' lives easier and do it all within one device? - Frank Childs, Director of Product Marketing, Aura Network Solutions
Do you agree? Disagree? Care to share some predictions of your own? Feel free to use the comments section below.

Akamai will again be at CES and we expect to have a few interesting things to talk about in the coming days. Stay tuned to this space for more on that as well as updates and observations from the show itself.

Chris Nicholson is a senior public relations manager for Akamai.

Top Tweets of the week: 12/13 - 12/20

We had a lot of great things happening at Akamai this week, from various talks to a new web technology video. Check out the top 10 tweets of the week below. Happy Friday! 

A round-up of the first nine episodes of the Akamai Security Podcast:

Episode 1: CEO Tom Leighton discusses the legacy of Co-Founder Danny Lewin, Akamai's role on 9-11-01, and his vision of Akamai as a major player in the security industry.

Episode 2:  I talk to Meg Grady-Troia about her role in Akamai InfoSec, particularly the security training she does for new hires. 

Episode 3: I talk to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry discusses the mechanics of his job and the particular threats he and the team have been tracking and defending against.

Episode 4: A few months ago, Akamai Senior Enterprise Architect David Senecal wrote a post about ways to identify and mitigate unwanted bot trafficIn this episode, I went into more detail on the subject with Matt Ringel, an enterprise architect in Akamai's Professional Services team. Check out the related post, "Bots, Crawlers Not Created Equally."

Episode 5: I interview CSIRT Director Michael Smith. We discuss the role of CSIRT in researching threats and vulnerabilities, as well as keeping customers and the wider public informed of defensive measures they can take.

Episode 6: I continue my discussion with CSIRT Director Michael Smith. In this installment, Mike describes the process by which CSIRT delivers daily threat intelligence to our customers, along with the defensive measures needed to block attacks.

Episode 7: In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.

Episode 8: This week's episode is with Akamai Senior Security Advocate Martin McKeay. He's an old friend with more than a decade of experience in information security. At Akamai, he spreads awareness about security and privacy, helping customers understand our approach to both. 


Akamai Security Compliance: The Story So Far

Continuing our weekly series of security anthologies, we focus today on Akamai compliance procedures. We're currently in the midst of an ongoing series on how Akamai approaches it, but the following content presents the story thus far.

Four Things to Ask Before Seeking FedRAMP Certification
For a look at how we reached FedRAMP certification, I spoke with Akamai InfoSec's Kathryn Kun, the program manager who played a critical role in getting us certified.

Making Compliance Docs Public
To give customers better tools for self service, we're working to make compliance documentation public.

How Akamai InfoSec Answers Customer Compliance Questions
The process to address customer security and compliance questions used to be somewhat chaotic. Questions would float around in random emails and elsewhere, and which ones got answered was a luck of the draw. We found this unacceptable, and did something about it.

Everything You Want To Know About Akamai Security & Compliance
About our series on Akamai InfoSec compliance efforts.

Video: Security and Compliance 101
Chief Security Officer Andy Ellis gives a brief overview of security and compliance and what they mean to Akamai. Andy's overview includes common terms along with definitions and an overview of common standards and their components.

Akamai FedRAMP Compliance is Huge for Security
Why achieving Federal Risk and Authorization Management Program (FedRAMP) compliance as a cloud services provider was a major move for us.

Experiencing Compliance From The Inside Out
Bill Brenner's early lesson in how Akamai does compliance.

Lessons From Akamai InfoSec Training
How our compliance efforts shape the training of new employees.

Thumbnail image for Medical-Billing-Compliance-Checklist.jpg

Introduction to Front End Optimization (FEO)

Front-End Optimization is made up of myriad of different techniques, all aiming to optimize the speed users perceive and are able to interact with the page. While different, these techniques all share a few high level goals aimed to achieve this acceleration. In this video, Ravi Maira, VP Web Experience Products at Akamai, will outline those shared techniques, using a fun analogy.

Security at Planetary Scale: An Anthology

We continue this week's series of anthologies with a collection of posts about security at planetary scale.

Environmental Controls at Planetary Scale

Each data center in a planetary scale environment is now as critical to availability as a power strip is to a single data center location.  Mustering an argument to monitor every power strip would be challenging; a better approach is to have a drawer full of power strips, and replace ones that fail.

2003 Blackout: An Early Lesson in Planetary Scale?

What the 2003 blackout taught us about security needs at planetary scale.

The Power Of Redundancy

How Akamai keeps Internet traffic secure with redundancy across servers, server racks, data centers, cities, countries, and even continents.

Mapping Networks and Data: Safety in Numbers

This post focuses on another way we keep Internet traffic flowing smoothly in the face of attempted attacks: network and data mapping.

Ten Years After the Blaster Worm

A look at how the world -- and our approach to security -- has changed in the decade since Blaster.


Attack Techniques and Defenses: An Anthology

Akamai's security team defends customers from a variety of threats 24 hours a day, seven days a week. You name it: DDoS attacks, DNS-related attacks, vulnerability exploitation -- we've seen it all.

What follows is a collection of posts focusing on attack techniques and the defenses we have deployed and/or suggested.

Indonesian Attack Traffic Tops List; Port 445 No Longer Main Target

Indonesia replaces China as the top producer of attack traffic.

Dissecting Operation Ababil at Akamai Edge

Operation Ababil has been a thorn in the side of financial institutions this past year, costing victims both business and sleep. At Akamai Edge, we talked a lot about the attacks -- particularly the lessons we've learned and the fresh security measures companies have put in place.

Manipulating PHP Superglobal Variables

How attackers are able to use vulnerabilities in PHP applications to exploit superglobals -- pre-defined variables in PHP -- to launch malicious code.

Bots, Crawlers Not Created Equally

How to squeeze the maximum usefulness out of bots and other Web crawlers.

Was This Really One of the Internet's Biggest Attacks?

story in eWeek about "one of the largest attacks in the history of the Internet" describes a 9-hour barrage against an unnamed entity that swelled to 100 Gigabits of traffic at its peak. But does it really qualify as one of the biggest in Internet history?

Defending Against Watering-Hole Attacks

A look at "watering-hole" attacks and what Akamai's CSIRT team has learned in tracking them.

SEA Attacks Illustrate Need for Better DNS Security

The Syrian Electronic Army (SEA) -- a pro-Assad hacking group -- is making misery for some of the biggest entities on the Internet.

Mapping Networks and Data: Safety in Numbers

This post focuses on another way we keep Internet traffic flowing smoothly in the face of attempted attacks: network and data mapping.

DDoS Attacks Used As Cover For Other Crimes

Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales. But sometimes, these attacks are simply a cover operation to distract the victim while something else is going on. 

Blunting Attacks During Olympic-sized Events

InfoSec receives many questions from Akamai customers on a daily basis. A few months ago, someone asked if we had a case study on attack vectors against the 2012 London Olympics. The customer has a big event coming up, and wanted a picture of what they're up against -- and how they can defend against it all to keep their sites running smoothly. As it turned out, we did.

As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason that we provide this as a service to our customers.

Thumbnail image for cyber-attack.jpg

Top Tweets of the Week: 12/9 - 12/13

This week, tweets about online video stole the show, thanks to a couple of webinars that were hosted this week. Didn't have a chance to watch those? Read these tweets for some of the highlights, and to learn what else happened this week.


Akamai CSIRT Warns of DNS Record Hijacking

In recent weeks, Akamai's CSIRT team has seen the Web sites of multiple businesses redirected after being hijacked by a malicious user.

CSIRT's Patrick Laverty, who authored the advisory, said the intent of these hacks can include the redirection and capture of all company email to a rogue server, or to simply cause embarrassment to the company being affected.

The problem is that the malicious user is able to get administrative control of the account that allowed changes to be made to the DNS records for the company involved. Some of these companies believe the account access was obtained through a phishing attack against a person in the company who had the account credentials to make changes. In other situations, the attack was against the domain registrars themselves.

"Companies can protect themselves from this type of attack by locking their domain with the registrar," Laverty wrote. "There are two levels of locks that can and should be enabled. There is a lock between the owner of the site and the domain registrar and there is a lock between the registrar and ICANN. To be truly safe, both levels of locks should be put in place."

Are you affected? 

You know you are affected if your domain no longer shows the Web site you expect. If all pages under a domain either return the attacker's pages or 404 messages, you may be affected by this type of attack. 

The most certain way to determine if you're affected is to check your domain's DNS records. This can be done with a simple "whois" lookup or by logging in to the site's DNS registry and check the values. Be aware, it is also possible the attacker will have changed the password into the registrar's account.

Suggested fixes

Laverty outlined a two-part solution.

First is to properly educate the people possessing the password that can update DNS records with the registrar. Many times in these attacks, the username and password were successfully phished away from someone with that level of credentials. If the credentials can be phished away, the second part of the protection won't help.

The second part is to have domain locks in place. Domains can have locks at both the registry and registrar levels. The site owner can set and control registrar locks. These will prevent any other registrar from being able to successfully request a change to DNS for a domain. The locks that can be set at the registrar level by the site owner are:

• clientDeleteProhibited
• clientUpdateProhibited
• clientTransferProhibited

The clientDeleteProhibited will prevent a registrar from deleting the domain records without the owner first unlocking the site. With the clientUpdateProhibited lock set, the registrar may not make updates to the domain and with the clientTransferProhibited set, the registrar may not allow the domain to be transferred to another registrar. The only exception to these is when the domain registration period has expired. These locks can be set and unset by the site owner and many registrars will allow these locks at no cost.

A second level of locks can also be put in place and these are set at the registry level. These are controlled by the registry and setting these can incur a cost to the domain owner. These locks are:

• serverDeleteProhibited
• serverUpdateProhibited
• serverTransferProhibited

Anomaly scoring is a better way to detect a real attack

The following is a guest post from Principal Enterprise Architect David Senecal and Principal Product Architect Ory Segal.

Internet security is constantly evolving and it's a challenge for all companies generating online revenue. Not only do they need to constantly reinvent themselves by adding more functionalities to allow their user to do more, but at the same time they need to protect their online transactions.

How to block a threat and not a real user?

One of the key problems in any security solution is how to handle false positives and false negatives - that is, how to avoid blocking valid users, while not missing malicious activity against the system. Web application firewalls (WAF) are no exception.

At Akamai, I have been working with the OWASP ModSecurity Core Rule Set for quite some time and to gain extensive mileage with the system, and the problem we've had with previous Core Rule Sets (CRS) was dealing with exactly this problem.

In some scenarios, a single rule firing on an HTTP request is often not deterministic enough to indicate a real attack. For example, finding the word "script" or "alert" independently in a request is not a good indication that a Cross Site Scripting attack is taking place.

However if you find both keywords together with some special markup characters in-between (something like "<script>alert("xss");</script>") malicious intent becomes more obvious.

Scoring 1.png

Improving the threat detection accuracy

In version 2.x of the CRS, OWASP introduced the concept of anomaly scoring as a better way to detect attacks more accurately. Each rule is built in such a way that it only holds one piece of the puzzle and is assigned a score. As a WAF parses a request through the multiple WAF rules that make up the CRS, it keeps track of the rules that fire and adds the score of each rule to compute the total anomaly score for a request. The WAF will then compare the request anomaly score with an inbound risk score rule threshold. If the score exceeded, the request is more likely to be malicious, otherwise the request is judged to be safe.

At a high level, the principle is simple, but to make it efficient there are some rules to follow:

  • Each rule in the rule set should look for specific keywords or patterns that are typical for an attack
  • Each rule cannot hold all the keywords typically used and found in an attack payload
  • Each rule must be given a score between 1 (informational) and 5 (critical). The score should then be assigned based on the risk

ModSecurity 2.x comes with 2 risk score rules: one that keeps track of all rules that fired during the request stage and another that adds to the score of the rules firing during the response stage. In practice, we discovered that it is very difficult, if not impossible, to find a single threshold that would work across the different types of attacks. The graph below shows the ideal threshold (highlighted in blue) for each type of attack.

Scoring 2.png

Akamai's Threat Research Team went back to the drawing board, and took this concept a step further, introducing attack specific risk score rules (Cross Site Scripting, SQL Injection, Command Injection, PHP Injection, HTTP Anomaly, Trojans and Remote File Include Attack). The result is the new Kona Rule Set that aims to reduce false positives and more accurately detect true attacks.

CRS 2.x in action

In order to put the new Kona Rule Set to the test, and do so by using proper methodology, Akamai's threat research team compared the accuracy of:

  • Akamai Kona Rules
  • A WAF policy running the CRS 1.6.1 ruleset with all rules in deny mode
  • A WAF policy running a standard 2.2.6 CRS rule (Vanilla OWASP CRS 2.2.6)

The testing process used both valid traffic (to measure false positives), as well as attack traffic (to measure false negatives).

We have been running an opt-in beta program with some of our customers to improve WAF accuracy for them.  As a result, we've been able to create a valid traffic sample that includes real world Internet traffic from some of the world's top 100 websites - including large amounts of real world traffic known to cause false positives. Attack traffic was also included from popular hacking tools, exploit tools, and web security scanners. These attack test cases represented 5% of the total sample set.

We consider the following measures:

  • Precision: % of blocked requests that were actual attacks
  • Recall: % of attacks that were actually blocked
  • Accuracy: % of decisions that were true
  • MCC*: Correlation between WAF decision and the actual nature of requests

* MCC is Matthews Correlation Coefficient: http://en.wikipedia.org/wiki/Matthews_correlation_coefficient

The table below shows the results of the experiment.

Scoring 3.png

Why should you use Anomaly Scoring?

The results clearly demonstrate that the policy running the Kona Rule Set blocked more real attacks than any other policy, and overall the Kona rule set is more in sync with reality and better able to detect actual attacks with a lower level of false positives.

It is worth mentioning that the measurements were done against an "out of the box" non-tuned configuration - specific WAF deployments are expected to have even better results using custom rules and more application-specific tuning.

Akamai Professional Services can help you to participate to the Kona Rule Set Beta program, we are always looking for customers to partner on our security research to improve our KONA security suite and reduce false positives even further.

David Senecal is Principal Enterprise Architect and Ory Segal is Principal Product Architect at Akamai.

The Hour of Code is Here!

This is a guest post from Jim Gemmell, Akamai's Chief Human Resources Officer.

Since our inception fifteen years ago, Akamai has been passionate about promoting math and science education among the next generation of technology innovators. To help celebrate and promote Computer Science Education Week, we're proud to be one of several global technology companies participating in the Hour of Code-- a massive movement to recruit 10 million students (and adults) to try computer science for one hour this week. Below is a picture of our HR team during their coding session this morning--way to go team!

  HR Hour of Code.jpg

This week's episode is with Akamai Senior Security Advocate Martin McKeay.

He's an old friend with more than a decade of experience in information security. At Akamai, he spreads awareness about security and privacy, helping customers understand our approach to both. 

As a self-described "recovering QSA," he's well aware of the pain many companies feel when dealing with compliance. 

He is also the host and author of a pair of the longest running podcasts and blogs in the security industry, the Network Security Podcast and the Network Security Blog.

Listen to the podcast HERE.


How Browsers Work

Loading a web page is a complicated process. Browsers need to handle malformed HTML, over-creative scripts, bloated CSS and hundreds of images, and they need to do so without fail and in record time. In this video, we'll take a look behind the scenes and see the common steps browsers take to do so, explain concepts like DOM and rendering, and show where do the browser limitations lie.


How Origin Offload Improves Patch Management

I frequently write about patching updates, believing its important for customers and the wider business world to keep their machines as updated as possible. But until now, I've never written about the direct role Akamai plays in smoothing the patch management process along.

This is a post about origin offload and how it keeps the patch downloading sites of various companies from getting crushed beneath the weight of heavy demand when the fix arrives.

First, an observation: The normal traffic pattern for a patch site is very small during most days of the month. But there's a massive spike of activity when a patch or update is first released.  Everybody tries to download patches at the same time. For a software vendor without Akamai, this means that in order to support a worldwide patch rollout, they need massive amounts of web server infrastructure. That's impractical to say the least, since most of that infrastructure wouldn't be used most of the time.

To better explain our role, I went to Akamai CSIRT Director Michael Smith, who started with a banking analogy. He noted that in the days before direct deposit and ATM machines, your average bank would be snarled by car and foot traffic when people went to withdraw cash on payday. Direct deposit and ATMs all but eliminated that phenomenon by spreading around the resources by which people could get their money.

Direct deposit and ATMs, he said, are forms of origin offload. The bank is the origin, and by offloading that traffic among resources distributed around the world and across the Internet, traffic jams are mostly eliminated.

In the case of patch management, the software vendor's web server is the origin. Instead of a bank dispensing cash, the given company dispenses patches. 

"We sit in between a website's users and our customers' web servers. When the user makes a request for the patch, they send those requests first to our servers." he says. "When a person requests a patch, they're going to us. Instead of everyone jamming the main supplier's site for patches, Akamai helps distribute the load for them. We deliver content from the edge, where our servers are deployed inside the user's ISP, which means fewer requests directly to the patch provider's site."

Though we typically think of origin offload -- and for OS patches and anti-virus updates we will see up to 99 percent origin offload -- as a tool for our customers to save on bandwidth, server licenses and hardware, there's also a security component.  

The less traffic that goes directly to an origin, the less there is to monitor. There's less traffic to inspect with IDS, fewer firewall and application logs to sift through and less data being held in a SIEM. 

More importantly, we only send requests to the origin that are for dynamically-generated pages specific to the user -- exactly the kind of traffic that is security-relevant and that you want to inspect.  

Not only do you save money on infrastructure at the origin, but it also greatly increases the signal-to-noise ratio of any kind of security monitoring that you are doing.


A Decade of Dramatic Change in Security

Since so many Akamai customers and the wider public run on Microsoft infrastructure, I frequently write about the software giant here. Most of the time, it's to give people the head's up on upcoming patches, or to explain how Akamai security protects customers from weaknesses on the Microsoft side.

Because of all the flaws and attacks Microsoft users have suffered from, picking on the company became a popular activity in the previous decade. But 10 years after the era of big worm attacks like Blaster and Sasser, Microsoft deserves a lot of credit for turning things around.

A blog post from F-Secure Chief Research Officer Mikko Hyppönen has me reviewing recent history. In his post, Mikko starts with what life was like a decade ago. He writes:

If you were running Windows on your computer 10 years ago, you were running Windows XP. In fact, you were most likely running Windows XP SP1 (Service Pack 1). This is important, as Windows XP SP1 did not have a firewall enabled by default and did not feature automatic updates.

So, if you were running Windows, you weren't running a firewall and you had to patch your system manually - by downloading the patches with Internet Explorer 6, which itself was ridden with security vulnerabilities. No wonder then, that worms and viruses were rampant in 2003. In fact, we saw some of the worst outbreaks in history in 2003: Slammer, Sasser, Blaster, Mydoom, Sobig and so on.

He goes on to describe Microsoft's turnaround: Launching the Trustworthy Computing Initiative, halting all new development for a time so it could find and fix old vulnerabilities and, of course, developing much more secure versions of Windows and Internet Explorer. Windows 7 and 8 have been a huge leap forward over Windows XP. And every version of Internet Explorer since IE 6 have brought steady security improvements.

When Blaster hit I was editing for a daily newspaper and had no idea what patch management, software vulnerabilities and malware were. But Blaster was a big enough deal to make the front page of my paper. 

Within 10 months I'd get a crash course. In fact, my first day as a security journalist happened to be the third day of attack from another worm called Sasser. An analysis of Sasser was the first article I ever wrote about anything having to do with InfoSec. 

Interestingly, one of the companies I often quoted during worm outbreaks was Akamai. Back then almost nobody thought of Akamai as a security player, but if a serious worm outbreak was clogging up Internet traffic, the company had a ring-side seat -- a vantage point like no other.

Here we are a decade on. I'm part of Akamai's security team, my home machines have Windows 8 (my work machine is a Macbook Pro) and worm attacks don't happen the way they used to.

The bad news, as Mikko correctly points out, is that we are fighting a different enemy who is financially motivated and far more sophisticated. That has made Akamai's security operation more important than ever. As attacks against commercial entities have become a 24-7 affair, Akamai has become the main line of defense between customers and the bad guys.

But Microsoft has made a huge difference and conducted a spectacular turnaround, and they deserve a tip of the hat.


Speed up time to first byte with EdgeStart

Caching on the Edge is the best way to utilize Akamai. If a resource or page is cached on the edge, the user gets a faster page while the load is removed form the website origin - perfect combo. However, some pages are simply not cacheable, for instance personalized pages or extremely dynamic information like stock quotes.

However, while not cacheable, even these pages tend to be very similar from one user to the other. They share the same page header, use similar JavaScript & CSS files, and often share many images too. A new Akamai technology called EdgeStart helps leverage this similarity, delivering the static beginning of a personalized page straight from the edge. This video explains EdgeStart, what is it good for, and how it works.

Tweets of the Week: 11/30 - 12/6

The busiest shopping days of the season did not disappoint this year. Peak traffic numbers over the Akamai network on both Thanksgiving and Black Friday were 9.2 million and 9.3 million page views per minute respectively.  Cyber Monday saw an astounding 11.2 million page views per minute at 9:00 p.m. ET.

Though overall traffic numbers were definitely impressive, the growth in mobile activity was particularly interesting. Over the five shopping days following the Thanksgiving holiday, mobile devices accounted for an average of 35% of the traffic. On Black Friday, we saw mobile use peak at 46% of the traffic at 6 a.m. ET, and mobile use continued to surge on Saturday.

This is the first year that we tracked smartphone and tablet usage throughout the holiday season.  Our mobile data was gathered by using an analysis of 30 of Akamai's top online retailers using the company's Real User Monitoring (RUM) functionality.


iPads have been particularly popular this shopping season, as they led the mobile device category (14.5%) and rivaled Mac desktop (15.2%) activity from Nov. 22 through Cyber Monday. Traffic from iPhones and Android devices followed at 11.8% and 9.8%, respectively. iPad activity was especially high on Thanksgiving day, as a majority of "couch commerce" shoppers logged on with full bellies in the post-company rush at 9 p.m. ET, pushing iPad traffic to an incredible 737 percent over our baseline from early October.

In total, in the days following Thanksgiving, mobile use peaked at nearly 400% over our baseline from early October; desktop traffic peaked at nearly 200% over normal values during the same timeframe.


Black Friday took the prize as the biggest traffic day this season. iPhone traffic surged early in the day and spiked again in the early afternoon, with averages of 400% to 625% above baseline from early October throughout most of the day on Black Friday. This data suggests that shoppers turned to their iPhones for the best and earliest deals, and likely later used their phones to compare prices and read reviews while they were in stores.

Here's a closer look at how and when consumers visited retailers' websites this past week:

Overall daily traffic peaks

  • Thanksgiving - 2013 peaked at 9.2 million at 10:00 p.m. ET
  • Black Friday - 2013 peaked at 9.3 million at 1:00 p.m. ET
  • Cyber Monday - 2013 peaked at 11.19 million at 9:00 p.m. ET
As more retail traffic and spending flowed online during this key holiday shopping period, attempted cybercrime also appeared to be on the rise.  According to data from the Akamai platform, the company was able to ascertain the following security trends for retail over the holiday: 

  • A 5x increase in Black Friday attack traffic compared to the beginning of November
  • Attack traffic climbed at twice the rate that retail traffic climbed on Black Friday
Be sure to subscribe to this blog feed to see how the rest of eCommerce unfolds, and follow #AkamaiHoliday and @Akamai on Twitter to learn about more the data and trends we're seeing.

Margaret Kuchler is Director Industry Marketing at Akamai

December Patch Tuesday Preview

Patch Tuesday is an important calendar item for Akamai customers, given how dominant Windows machines are in many companies. This month is shaping up to be a big one.

What follows is a preview of Microsoft's December 2013 Security Update.

Bulletin IDMaximum Severity Rating and Vulnerability ImpactRestart RequirementAffected Software
Bulletin 1Critical 
Remote Code Execution
Requires restartMicrosoft Windows, 
Microsoft Office,
Microsoft Lync
Bulletin 2Critical 
Remote Code Execution
Requires restartMicrosoft Windows,
Internet Explorer
Bulletin 3Critical 
Remote Code Execution
Requires restartMicrosoft Windows
Bulletin 4Critical 
Remote Code Execution
May require restartMicrosoft Windows
Bulletin 5Critical 
Remote Code Execution
Does not require restartMicrosoft Exchange
Bulletin 6Important 
Remote Code Execution
May require restartMicrosoft Office, 
Microsoft Server Software
Bulletin 7Important 
Elevation of Privilege
Requires restartMicrosoft Windows
Bulletin 8Important 
Elevation of Privilege
Requires restartMicrosoft Windows
Bulletin 9Important 
Elevation of Privilege
Does not require restartMicrosoft Developer Tools
Bulletin 10Important 
Information Disclosure
May require restartMicrosoft Office
Bulletin 11Important 
Security Feature Bypass
May require restartMicrosoft Office

There's still time to register for next week's webinar! Join IDC's Greg Ireland and Akamai's Frank Childs on Wednesday, December 11th from 11-11:45am EST to learn how Operators can better service their subscribers with the implementation of CDNs.

 As stated above, the topic will be How CDN and Video Strategies Impact Subscriber Retention and Market Share Shifts. Greg and Frank will discuss key takeaways and actions based on recently completed research from IDC. In particular, they will cover how multiscreen services impact subscriber loyalty, how caching impacts broadband speeds and user satisfaction, and how online video expectations of the all important millennial demographic have changed.

Here's a glimpse of what you'll learn by attending the webinar...

  • What percentage of subscribers that consider TV Everywhere an important complement to Pay TV
  • Video usage expectations of the millennial demographic
  • Who viewers blame when OTT video streaming fails
  • How multiscreen is affecting subscriber loyalty
  • The financial impact of every 50,000 subscribers gained or lost per year

To learn more and register for this webinar please go to:

We hope you can join us. If you can't make it on the 11th but you're interested in the topic, please register and we'll send you a link to the recording of the session.

Akamai InfoSec's Brick of Enlightenment

This is a sequel to yesterday's post -- the Akamai Security Podcast interview with Dave Lewis

Dave, one of our security advocates, is doing a lot of blogging over at CSOonline.com. He did so much blogging in November alone that I found it necessary to compile everything here. I wouldn't want you to miss anything, after all.

Here it is, a compilation of November posts from his blog, Brick of Enlightenment:

So sad to say that the impression that I get is that remote access solutions have become the backstage passes that they were really never intended to be.

Buffer Adds Two-Factor Authentication
Buffer has rolled out two factor authentication for all of their customers.

BIPS Suffers Bitcoin Heist
The world is drawn ever closer to the flame of Bitcoin and the inescapable lure of easy fortune. With that brings the criminal element that instinctually follows the scent of possible easy money.

Password Managers and Post-It Notes
Thursday night at 11:30 pm and you need to access a site to complete a large project you're working on. You should be asleep but that is something that a sane person would be doing. Instead you're playing beat the clock to get your work done for Friday at 9 am and you find that you can't remember your password.

Got Two-Factor Authentication?
Two factor authentication is not the be all end all of authentication measures but, it sure beats using just a simple password. Security practitioners have long lamented the issues that passwords bring with them. Yet here we are.

Surveillance Is About Control Not Security
When did it become accepted behaviour that we could be monitored all the time? I'm searching my memory for that moment in time where I signed the paperwork where I agreed to be a cast member of the Truman Show.

Don't Be An Ostrich, Remediate Issues
When you have a security assessment conducted on your enterprise there is always an opportunity for improvement. No enterprise is perfect. By which I mean, show me a perfect environment and I will give birth to a unicorn.

Canada's Bill C-13 Is a Trojan Horse
Canada's Harper government unveiled a proposed piece of legislation on November 20th 2013 that was trumpeted in the media as being the answer to the very real problem of cyber bullying in this country.

Who Is Practicing Best Security Practices?
There is a term in the Information Security field that tries my patience in no uncertain terms. That term is, "best practice". People love to bandy this about in discussions about their security program, widget or what have you. But, who is actually practicing?

Health Canada Exposes Medical Marijuana Users
No idea how this happened but, Health Canada has some explaining to do over a recent privacy related failure regarding, medical marijuana.

Dear John, Thoughts on the Cupid Media Breach
There has been a veritable orgy of large data breaches over the last couple years. While a lot of folks have been aware of the major breaches that have come down the pipe, there is one that stands out as a "wait, what?" moment in time. That would belong to Cupid Media.

It is (ISC)2 election time. GET OUT AND VOTE!
That time of year again. Time for (ISC)2 members to get out and vote. Frequently I get questions about the board of directors in general and I often counter with "did you vote"? This tends to be met with a glazed over look.


Image Compression: Putting your Images on a Diet

Images are quickly changing from a boring topic to one of the most debated items on the web performance world. While they appear simple, choosing the right image format and encoding it in the right way could dramatically impact the image file size and the user experience. Since images make up the bulk of the page weight, these optimizations have a huge impact on page load time and user experience. In this video I'll explain what is image compression and why is it needed, along with some specific tips regarding Progressive JPEGs, WebP, JPEG XR and more.

Akamai Security Podcast, Episode 7: Dave Lewis

In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.

Previous episodes of the podcast are available here.

Today we're officially launching the first in our Web Experience Technology video series. 

In this series we aim to help viewers better understand the many complex technologies involved in loading a web page today, with a heavy focus on web performance. The videos will cover anything form best practices & techniques to overviews of relevant public technologies to detailed looks at how Akamai technology can help. In this intro video, Mike Afergan, GM of the Web Experience BU at Akamai, will tee up the series and explain the concept of Situational Performance.

CSO Surveys: Decoding the Online Security Landscape

Akamai recently partnered with CSOonline.com to survey information security professionals on various web security topics. The surveys provide valuable insight into web security current trends and what information security professionals are doing to address them. Here are four whitepapers that explore the different threads.

The Importance of Improving and Adapting Web Security 
With so much depending on Web site availability, CSOs are considering new ways to be cost-effectively proactive and vigilant.

Improving DDoS Protection 
Survey reveals a significant disconnect between companies' concerns and their preparedness when it comes to potential DDoS attacks.

Improving Web Application Security
With employees and customers increasingly depending on corporate Websites, reliability and security have become more critical than ever.

Improving Web Security Intelligence
The importance of contextual data is growing, for protecting data as well as analyzing threats. How can companies improve and aggregate the security information they collect?


The Akamai Meetups

Holiday season is approaching and things are slowing down?  Not us here - the professional services team at Akamai.  We have been working round the clock to bring you face-to-face meetup events with our technical experts from the Akamai's Advance Solutions Group (ASG).  Our goal is to provide you with insights and expertise on the hottest topics this season.  Here's what's on the schedule as we conclude this year and we are excited for you to join, share, interact and immerse - now isn't that what the holidays are truly all about?

  • Dec 5th, New York: Addressing the challenges of online media with Akamai Sola: More than ever, audiences are consuming their entertainment online - and over an expanding array of devices.  Join our media experts David Sztykman & Frank Paolino to talk about video delivery challenges and see how Akamai can help you reach a global audience without headaches.
  • Dec 5th, Chicago: Performance Angle to Responsive Web Design - FEO design patterns and tools: The move to Responsive Web Design has put more emphasis on ensuring that users receive a high quality experience regardless of the device used to surf the web.  Our seasoned technologists Colin Bendell & Austin Thornburg will share front-end development patterns, best practices, optimizations and tools that you can use to keep your site flying through the cloud.
  • Dec 5th, San Mateo: Web Performance Best Practices - Fast Sites for a Global Audience: Come learn what industry experts are telling developers to do to optimize their web sites, and what Akamai solutions are doing to complement these efforts.  Our Web Perf specialists Javier Garza & David Bartosh provide the scoop.
  • Dec 12th, San Mateo: Learn how to improve your security posture with the latest features available in the Kona Site Defender: Keeping pace with attack trends and defense strategies while ensuring users can access the web site can be a daunting task.  In this session, we bring forth our security experts David Senecal & Harish Jakkal to talk about the latest features available in Kona site defender and how to use them to improve your security posture and avoid false positive.

Akamai's Advance Solutions Group (ASG)

Since May 2013, the ASG team has been organizing Meetups for our customers in NYC, Cambridge and San Mateo.  These "No Selling Zone" events provide unadulterated technical knowledge to our customers.  The events have been a tremendous success, as evidenced by direct feedback or the crowd of 44 people at our Cambridge office (video).

The Advance Solutions Group helps Akamai's customers meet their critical business goals and complex technological challenges by providing Akamai's innovation, thought leadership and education.

ASG services include:

  • Architecture Design: Identify and translate advanced requirements into creative out-of-the-box cloud solutions.
  • Assessment Services: Value-add consulting to provide customers with expertise and best practices in the areas of user experience, infrastructure reliability and security.
  • Education Services: Hands-on, in-depth training for customers to make them more self-reliant and increase their Akamai ROI.

Manuel Alvarez is Enterprise Architect at Akamai

Akamai to Acquire Prolexic

Akamai announced this morning that it will acquire cloud security company Prolexic for about $370 million. The move extends Akamai's reach into the world of DDoS protection.

In a press release, Akamai CEO Tom Leighton said:

"Any company doing business on the Internet faces an evolving threat landscape of attacks aimed at disrupting operations, defacing the brand, or attempting to steal sensitive data and information. By joining forces with Prolexic, we intend to combine Akamai's leading security and performance platform with Prolexic's highly-regarded DDoS mitigation solutions for data center and enterprise applications protection. We believe that Prolexic's solutions and team will help us achieve our goal of making the Internet fast, reliable, and secure."

The financial details:

Akamai will acquire all of the outstanding equity of Prolexic in exchange for a net cash payment of approximately $370 million, after expected purchase price adjustments, plus the assumption of outstanding unvested options to purchase Prolexic stock. The closing of the transaction, which is subject to customary closing conditions, including regulatory approvals, is expected to occur in the first half of 2014.

Akamai will host a conference call to discuss the acquisition of Prolexic today, December 2, 2013, at 8:45 a.m. Eastern time. The call may include forward-looking financial guidance from management. The call can be accessed through 1-800-706-7749 (or 1-617-614-3474 for international calls) using conference ID No. 19279933. 

A live Webcast of the call may be accessed at www.akamai.com in the Investor section. 

In addition, a replay of the call will be available for two weeks following the conference through the Akamai Website or by calling 1-888-286-8010 (or 1-617-801-6888 for international calls) and using conference ID No. 55460617.