February 2014 Archives

Each year at RSA Conference 2014, I team up with David Spark, founder of Spark Media Solutions. Specifically, he creates a bunch of clever, high-quality videos from the showroom floor and then I share them. So far, he has sent me four videos done for Ziff-Davis. Do yourself a favor and check them out.

Guest Post by Mary Karnes, Manager, IBM Cloud Security Services 

Distributed denial-of-service attacks that congest Internet connectivity and disrupt online services topped unprecedented levels in 2013; and the tactics used were varied in both size and method.  One example of methods used included attackers seeking to shut down access by targeting DDoS attacks on DNS providers, which in turn caused downtime for customers using those services for their DNS infrastructure.

DDoS is not the only threat to the online web presence; in other cases, attackers were able to target websites with otherwise strong security in place by hijacking DNS requests at the DNS provider. This allowed them to redirect traffic going to the legitimate site. From there, the attackers had several options: they could do something fairly benign such as display a defaced version of the website; they could do something more insidious like detect user cookies as a man-in-the-middle-type attack; or they could expose endpoints to malware before they reached the host site.

For RSA Conference 2014, we partnered with IBM to create content that's beneficial to customers of both our companies. As part of the effort, I was interviewed by Mary Karnes, a product manager with IBM Security Services. The ultimate question: how best to respond to DDoS attacks.

Karnes primarily focuses on services that help defend against web attacks (including distributed denial of service) and targeted attacks. Information security has been her focus for more than 13 years, as the leader of a penetration testing team, manager of a security intelligence team, and as a security transformation executive. She holds two patents and a masters degree in telecommunications.

• Read her interview with me HERE.

The second and final day of BSidesSF was crammed with great talks. Here's a round-up of the discussions that caught my attention. As always, thanks to the volunteers and organizers who consistently make this a must-attend event.

Two good friends are delivering a talk at RSA Conference 2014 that's near and dear to my heart. The subject: work-life balance, mindfulness and happiness in the security profession. 

This is the first of what will be several posts on MIT's 2014 STAMP Conference. Staff from Akamai InfoSec will participate in this event, which makes perfect sense given our close ties and history with MIT.

Our ongoing series of RSA Conference 2014 previews brings us to a topic we've told you about before: the battle to establish a bug bounty program at Microsoft.

An overview of the evolving threat landscape with Akamai Director of Web Security Solutions Product Marketing, Dan Shugrue. Dan also shares how Akamai's Kona Site Defender service handles the increasing frequency, volume and sophistication of Web attacks.

It feels like it's been an eternity, but just 79 days ago, Akamai announced the acquisition of Prolexic. Now that the acquisition has officially closed, we can finally start talking more about what it all means.

With a week to go before RSA Conference 2014, various tech publications are launching their annual what-to-expect articles. What follows are a few articles that offer some decent analysis. 

One of the coolest things about Security B-Sides, in my opinion, is the effort that goes into giving industry newbies a hand up. The BSides Las Vegas Proving Ground Speaker Development Program is a powerful example of that. And the organizers need your help.

Yesterday we saw the news outlets light up with breathless reports of a massive distributed denial of service that was directed at the boutique company, Cloudflare. There was much ado about the volume of the attack peaking at 400 Gbps according to the numbers released by them. But, was this little more than hyperbole? This would not be without precedent.

Welcome to the Akamai Security Podcast. I'm your host, Bill Brenner. This week I finish off a series on volunteers in the security community -- particularly those who organize and volunteer at security conferences around the world. My guest is Brian Bourne, co-founder of the Security Education Conference in Toronto, more popularly known as SecTor. Bourne is also president of CMS Consulting Inc.

• Listen to the episode HERE.

Microsoft's patch Tuesday has arrived and further to our post from Feb 7th there have been a couple updates for the release this month. The revised bulletin contains two additional patches which address remote code execution issues in Internet Explorer and the Windows operating system.

Find out how Akamai can help you with your patch management via origin offload. 

We're often asked where people should go to find out about security conferences scheduled for the coming year. It's a question I've had as well, and during a recent project to prioritize which events Akamai staff should attend and how much free stuff to give out in our travels, I managed to find some good resources.

In recent months I've told you about the new security section we've been developing for the Akamai website. We're adding the finishing touches, and it's time for a preview. 

All our attention may be on RSA and BSidesSF right now, but it's worth noting that the 14th annual CanSecWest conference will be held shortly after, from March 12-14 at the Sheraton Wall Centre Hotel in downtown Vancouver, British Columbia.