Akamai Diversity
Home > February 2014

February 2014 Archives

RSAC: Video Updates Worth Watching

Each year at RSA Conference 2014, I team up with David Spark, founder of Spark Media Solutions. Specifically, he creates a bunch of clever, high-quality videos from the showroom floor and then I share them. So far, he has sent me four videos done for Ziff-Davis. Do yourself a favor and check them out.



DDoS: Prepare to be Distracted

Guest Post by Mary Karnes, Manager, IBM Cloud Security Services 

Distributed denial-of-service attacks that congest Internet connectivity and disrupt online services topped unprecedented levels in 2013; and the tactics used were varied in both size and method.  One example of methods used included attackers seeking to shut down access by targeting DDoS attacks on DNS providers, which in turn caused downtime for customers using those services for their DNS infrastructure.

DDoS is not the only threat to the online web presence; in other cases, attackers were able to target websites with otherwise strong security in place by hijacking DNS requests at the DNS provider. This allowed them to redirect traffic going to the legitimate site. From there, the attackers had several options: they could do something fairly benign such as display a defaced version of the website; they could do something more insidious like detect user cookies as a man-in-the-middle-type attack; or they could expose endpoints to malware before they reached the host site.

RSAC Q&A: Fighting Off DDoS Attacks

For RSA Conference 2014, we partnered with IBM to create content that's beneficial to customers of both our companies. As part of the effort, I was interviewed by Mary Karnes, a product manager with IBM Security Services. The ultimate question: how best to respond to DDoS attacks.

Karnes primarily focuses on services that help defend against web attacks (including distributed denial of service) and targeted attacks. Information security has been her focus for more than 13 years, as the leader of a penetration testing team, manager of a security intelligence team, and as a security transformation executive. She holds two patents and a masters degree in telecommunications.

  • Read her interview with me HERE.

Day three of RSA Conference 2014 has begun at the Moscone Center in San Francisco. Yesterday was an eventful day, so let's have a look at some of the high -- and low -- points in the news:

Highlights from Day 2 of BSidesSF

The second and final day of BSidesSF was crammed with great talks. Here's a round-up of the discussions that caught my attention. As always, thanks to the volunteers and organizers who consistently make this a must-attend event.

RSA 2014: Privacy, Property Under Threat

A Boston news station did a story about foreign governments stealing secrets in New England, and Akamai's security efforts are featured prominently. The attacks CSO Andy Ellis describes to the reporter tie in with a lot of the concerns we're hearing about at RSA Conference 2014 in San Francisco this week. 

Most of the conversations I've been having with security practitioners involve the threat to privacy and intellectual property, and their concerns are consistent with what we're seeing in our own daily research, monitoring and defense. 

Watch CBS Boston's report here.

Screen Shot 2014-02-25 at 10.55.48 AM.png

Bringing the Sochi Games Home - Internationally

As the Sochi winter games draw to a close, I'd like to share a live streaming experience I had Sunday, which truly puts the spirit of the games into perspective for me.
 
My 12-year-old daughter, Stephanie, is a ski racer with the Jay Peak Ski Club in Vermont, USA. Jay Peak is much closer to Montreal than to my residence near Boston, so I have a number of Canadian friends in the club. Sunday morning, my daughter had a race at Burke Mountain, VT, home of Burke Mountain Academy, where American skier Mikaela Schiffrin graduated this past year. My daughter and I have been tracking Mikaela's Olympic progress with great interest, and we watched Mikaela's gold medal slalom run live. And thanks to NBC's terrific iOS applications, we have watched her amazing second run recovery on demand, providing me with a great teachable moment about practice and never giving up. But I digress.
 
While in the Burke ski lodge preparing their children for the race, my Canadian friends were unfortunately missing the men's hockey gold medal final between Canada and Sweden. Since the game was being played on Sunday morning here in Vermont, the bar with the TV was not yet open. And since the race was in the U.S., rights restrictions prevented my friends from streaming the game through their Canadian provider. As their inability to enjoy their national sport's ultimate contest became apparent, I saw a real opportunity to strengthen international relations. I pulled out my iPad, connected it to Burke Mountain's complimentary WiFi, started up my NBC Live Extra app, and played the live stream. Suddenly, my Canadian friends began swarming around my iPad, asking, "Is that really live?" and complementing the high quality that we were getting in a ski lodge with a few hundred people sharing WiFi in rural upstate Vermont. One even said, "It looks like TV!" Of course, I let them know that Akamai played a big role in helping NBC to deliver the experience; and they were truly grateful. Luckily the game finished with a Canadian victory before the ski race began, precluding any need for tough choices.

RSAC/BSidesSF 2014: Akamai Web Security Giveaways

For this year's RSA and BSidesSF, Akamai staff will be giving out a lot of cool stuff. We have stickers, T-shirts, pens and special sleeves for your credit and other cards. If you want any of these items, come find me or one of my Akamai InfoSec teammates. Visit our booth in the RSA exhibit hall for such additional items as foam rocket launchers. I also hear there are cool giveaways at the booth of our new Prolexic colleagues.

BhMWsLBCUAA26zS.jpg

RSAC/BSidesSF 2014: Ask About Our New Security Section!

Today is the day I've been planning for since starting at Akamai in June: The launch of a new Akamai.com security section. Please check it out and give me feedback.

RSA 2014: A Talk InfoSec Curmudgeons Should Attend

Two good friends are delivering a talk at RSA Conference 2014 that's near and dear to my heart. The subject: work-life balance, mindfulness and happiness in the security profession. 

Top Tweets of the Week: 2/14- 2/21

It's been a whirlwind of a week. Akamai announced that we have officially acquired Prolexic, the Olympics are streaming full steam ahead and we are looking forward to another busy week at RSA Conference in San Francisco next week. Want to see some of the social highlights from this week? Check out this week's installment of "Top Tweets of the Week"!

Brobot: Alive and Well in 2014

2013 was an absolute nightmare for many US banks, as they were targeted with massive DDoS attacks by the QCF as part of their Operation Ababil attacks. At Akamai we observed up to 20 banks being attacked in some weeks in 2013, and Akamai successfully protected our banking customers from these large attacks.

MIT's 2014 STAMP/STPA Workshop and Conference

This is the first of what will be several posts on MIT's 2014 STAMP Conference. Staff from Akamai InfoSec will participate in this event, which makes perfect sense given our close ties and history with MIT.

RSA Preview: How Data Defeated Dogma

Our ongoing series of RSA Conference 2014 previews brings us to a topic we've told you about before: the battle to establish a bug bounty program at Microsoft.

Prolexic Acquisition: More Research to Share

Now that Akamai's acquisition of Prolexic is official, I can answer a question I've gotten repeatedly: How will the addition of Prolexic impact the new Akamai Security site we're launching next week? It's an easy question to answer, but first some background:



Video: The Evolving Threat Landscape

An overview of the evolving threat landscape with Akamai Director of Web Security Solutions Product Marketing, Dan Shugrue. Dan also shares how Akamai's Kona Site Defender service handles the increasing frequency, volume and sophistication of Web attacks.

What is your Page Load Time?

We always talk about having a fast Page Load Time. However, determing the actual time a page is loaded, let alone standardizing that across the industry, is not simple. In this video Mike McCall, Product Architect at Akamai, explains the differences between the main interpretations of Page Load Time.

Kona + Prolexic = Akamai Web Security Solutions

It feels like it's been an eternity, but just 79 days ago, Akamai announced the acquisition of Prolexic. Now that the acquisition has officially closed, we can finally start talking more about what it all means.

RSA Conference 2014: Previews from Around the Web

With a week to go before RSA Conference 2014, various tech publications are launching their annual what-to-expect articles. What follows are a few articles that offer some decent analysis. 

Top Tweets of the Week: 2/7 - 2/14

Happy Friday and Happy Valentine's Day! We had a lot going on this week, so check out some of the highlights on this week's installment of "Top Tweets of the Week". Have a great weekend and keep on tweetin'!

The Winter Games - Your Way

Here at Akamai, six days into the winter games, we have been reliably streaming the events in high quality - much of it in HD - for more than 20 broadcasting rights holders around the world. Since each of these broadcasters has their own unique requirements and workflows, our teams have been working with them for over nine months so that we can meet their expectations, as well as their audiences', over these 17 days. Video streams from the Akamai network are reaching devices around the globe in all of the major streaming formats, providing stream security and analytics capabilities. And of course, this all requires 24/7 support. 

HQL Statement Tampering

Executive Summary

"Hibernate is an object-relational mapping (ORM) library for the Java language, providing a framework for mapping an object-oriented domain model to a traditional relational database. Hibernate solves object-relational impedance mismatch problems by replacing direct persistence-related database accesses with high-level object handling functions." (Wikipedia)

According to a recent Java developer survey, Hibernate was ranked as the 2nd most popular Java framework.

InfoSec Mentors: #BSidesLV Needs You

One of the coolest things about Security B-Sides, in my opinion, is the effort that goes into giving industry newbies a hand up. The BSides Las Vegas Proving Ground Speaker Development Program is a powerful example of that. And the organizers need your help.

NTP Reflection Attacks

Yesterday we saw the news outlets light up with breathless reports of a massive distributed denial of service that was directed at the boutique company, Cloudflare. There was much ado about the volume of the attack peaking at 400 Gbps according to the numbers released by them. But, was this little more than hyperbole? This would not be without precedent.

Podcast: Brian Bourne and SecTOR

Welcome to the Akamai Security Podcast. I'm your host, Bill Brenner. This week I finish off a series on volunteers in the security community -- particularly those who organize and volunteer at security conferences around the world. My guest is Brian Bourne, co-founder of the Security Education Conference in Toronto, more popularly known as SecTor. Bourne is also president of CMS Consulting Inc.

2846fb2.jpg

Patch Tuesday Revision

Microsoft's patch Tuesday has arrived and further to our post from Feb 7th there have been a couple updates for the release this month. The revised bulletin contains two additional patches which address remote code execution issues in Internet Explorer and the Windows operating system.


Find out how Akamai can help you with your patch management via origin offload

ShmooCon Presentations Now Available

Last month I was fortunate enough to attend the annual ShmooCon security conference in Washington DC. I wrote as much as I could, but in the end there's no substitute for seeing the full, raw presentations. With that in mind, I'm happy to let you all know the video recordings are now available. 


Security Conference Locators

We're often asked where people should go to find out about security conferences scheduled for the coming year. It's a question I've had as well, and during a recent project to prioritize which events Akamai staff should attend and how much free stuff to give out in our travels, I managed to find some good resources.

Top Tweets of the Week: 1/31 - 2/7

It's that time of week again - time for the top tweets of the week! What happened this week? The Olympics in Sochi kicked off, someone reviewed our brand new State of the Internet App and we were nominated as one of the "Most Admired Public Technology Company" in Massachusetts. Want to learn more? Read this week's edition of "Top Tweets of the Week.

Microsoft's February Patch Load

Patch Tuesday is an important calendar item for Akamai customers, given how dominant Windows machines are in many companies. What follows is a preview of Microsoft's February 2014 Security Update. 

Cloud Management & Brokering

Cloud platforms, such as Amazon AWS, are extremely powerful tools in getting hardware up and running. However, maintaining a scalable and reliable system in the cloud is still quite complicated, and requires a fair bit of effort. In this video Gary Ballabio, Director of Enterprise Products at Akamai, explains some of the challenges involved, how Cloud Management tools play into it, and how Akamai fits into the picture.

Preview: Akamai.com's New Security Section

In recent months I've told you about the new security section we've been developing for the Akamai website. We're adding the finishing touches, and it's time for a preview. 

Podcast: Joshua Marpet and InfoSec Activism

Air Comm Networks CTO Joshua Marpet discusses the importance of volunteering at security conferences and what kind of role he plays at such events. He also talks about the growing family atmosphere at the conferences -- including the steady increase in activities for children.


Thumbnail image for target+joshua+marpet.jpg

STEM Professions - Share your Passion!

I recently attended an Akamai Women's Forum where Tom Leighton (Akamai co-founder & CEO) and Jim Gemmell (Chief HRO) came to discuss diversity in Akamai. Jim talked about the overall availability of STEM (Science, Technology, Engineering and Mathematics) candidates, and it made me reminisce about how I got interested in a technology career.

CanSecWest Vancouver and PWN2OWN 2014

All our attention may be on RSA and BSidesSF right now, but it's worth noting that the 14th annual CanSecWest conference will be held shortly after, from March 12-14 at the Sheraton Wall Centre Hotel in downtown Vancouver, British Columbia.

Will a Cost on Carbon Darken our Cloud?

A cost on carbon is looming in the U.S. as urgency to address climate change intensifies.  What are the implications of this for our energy-hungry Cloud industry? 
  
California implemented a cap and trade program in 2012 introducing a market-based price tag on carbon pollution(1), currently at $13 per ton.  A bill in the U.S. Senate, the Climate Protection Act, would establish a fee on manufacturers, producers and importers of carbon-emitting substances.  And it's not just governments taking action to account for carbon pollution.  Last year, 700 businesses signed a declaration, including Akamai, urging national action on climate change.  A growing list of major companies, including nine major oil and gas companies - think Exxon, BP, Shell - are applying an internal cost of carbon ranging from $6-$60 per ton, to account for this inevitable cost as part of their financial analysis of projects.