Get In Touch
April 2014 Archives
Akamai recently released the Prolexic Q1 2014 Global DDoS Attack Report. What follows are some of the key points, including a 114-percent increase in the average peak bandwidth of attacks.Download the full report HERE
Good news: I got another look at how well Akamai's security procedures work. Bad news: It's because I made two simple mistakes. And I knew better.
The following is a post from Director of Product Marketing, Kurt Michel, and Senior Solutions Architect, Nicolas Weil. It has been a very busy first quarter for the media team here at Akamai, where the technical folks have been elevating the quality of online video to all-new heights. In January at CES, we demonstrated 4K/Ultra HD streaming video with help from Qualcomm and Elemental. Last week at the NAB Show
The Akamai Prolexic Security Engineering & Response Team (PLXsert) has discovered a new tool attackers could use to target Microsoft Windows. The PLXsert advisory describes it this way: The Storm kit is capable of infecting Windows XP (and higher) machines for malicious uses, including execution of DDoS attacks. Once a PC is infected, the Storm Network Stress Tester crimeware kit establishes remote administration (RAT) capabilities on the infected machine, enabling
This year, we decided to do something a little different to accompany the year-end State of the Internet Report. In addition to the analysis we do on the numbers for the world as a whole, we're breaking out a particular region to look at in more detail. Although it is not the target of the largest number of attacks, we chose Europe because, like the rest of the world,
Cisco and Akamai Announce Solution to Enable Digital Experiences and Relieve Network Congestion Today marks another important milestone in Akamai's relationship with Cisco. Together we are enabling IT to respond to the business challenges to support the huge traffic increases brought on by the digital era. Specifically, the IT challenge of supporting business leaders who are innovating at the branch office. Consider a retailer engaging customers with mobile assisted
The previous two blog posts in this series reviewed how key connectivity metrics have trended over the last six years and trends in IPv6 adoption/IPv4 exhaustion. Unfortunately, as connectivity has improved over the years, attacks on Internet infrastructure have become more commonplace. This includes targeted DDoS attacks, application layer attacks, brute force login attempts, and attempted exploitation of known vulnerabilities (both new and those patched long ago). In today's post,
The fastest HTTP request is the one never made. And a great way to avoid making the request is to fetch it before the user ever requested it! This video explains the different prefetching technologies Akamai offers, how each helps, and how they differ from one another.
Yesterday's blog post reviewed how key connectivity metrics have trended over the last six years. In general, average and peak connection speeds, as well as high broadband and broadband adoption, have all grown over time, although the growth rates in some regions have clearly been more aggressive than in other regions. However, without IPv4, none of that connectivity would have been possible. Going forward, IPv6 will be a key enabler
The joint statement issued in early April by the FFIEC should come as no surprise to the banking and finance community in the U.S. Beginning in 2012 and continuing throughout most of 2013, banks suffered massive DDoS attacks, with dozens of banks attacked during 2013, and up to 50 banks attacked in a single week. A response from regulators such as this is part of the ongoing evolution of DDoS
Over the last few years, we have included a "Historical Lookback" section at the end of the 4th Quarter issues of the State of the Internet Report. The section has generally included data aggregated at a continental level (where appropriate), with graphs showing how particular metrics have trended over time. This year, we are publishing the the historical lookback content as a series of blog posts, including interactive graphs that
One of the most interesting aspects of working at Akamai is the sheer volume of opportunities within the company. Since I started here in my own role last July I have had no end of interesting challenges that have managed to keep me thoroughly engaged. Akamai is a company that allows you to grow and never has a shortage of amazing projects to work on. This sort of excellent working environment invariably brings
A new variant of DNS amplification attack relies on home gateways with open DNS proxies to forward DNS queries to ISP resolvers. To launch this exploit attacker can deploy their exploit code anywhere on the Internet that allows address spoofing, a compromised server in a hosting facility for example. From there DNS queries can be targeted at any network with open home gateways. These queries enter ISP networks at border
Great panel session at the Argyle Executive Forum last week around Next Generation of Customer Care. My peers continue to see technology and the Internet as tools to enable and strengthen the customer experience across all industries, yet they still see relationships at the heart of customer intimacy. Folks came from all disciplines are looking for ways to create the ultimate experience through their Customer Care centers. Web experience continues
In the interest of providing an update to the community on Akamai's work to address issues around the Heartbleed vulnerability, we've put together this outline as a brief summary: Akamai, like all users of OpenSSL, was vulnerable to Heartbleed. Akamai disabled TLS heartbeat functionality before the Heartbleed vulnerability was publicly disclosed. In addition, Akamai went on to evaluate whether Akamai's unique secure memory arena may have provided SSL key protection
Recent studies and reports show a dramatic increase in the prevalence of denial of service attacks in general, and application layer attacks in particular. As a result of this increase, DoS protection and mitigation solutions have evolved both on the technological side as well as in their ability to scale and protect against larger and more distributed attacks (DDoS).
Over the weekend, an independent security researcher contacted Akamai about some defects in the software we use for memory allocation around SSL keys. We discussed Friday how we believed this had provided our SSL keys with protection against Heartbleed and had contributed the code back to the community. The code that we had contributed back was, as we noted, not a full patch, but would be a starting point for
Update 2014-04-13: Our beliefs in our protection were incorrect; update here. Today, we provided more information to our customers around the research we've done into the Heartbleed vulnerability. As our analysis may inform the research efforts of the industry at large, we are providing it here. Summary: Akamai patched the announced Heartbleed vulnerability prior to its public announcement. We, like all users of OpenSSL, could have exposed passwords or session
If you follow us on Twitter, you may have noticed that we were live tweeting at the NAB Conference in Las Vegas this past week. There was plenty going on, and 98,000 people attending from 150 different countries. Weren't able to make it out to Las Vegas this year? We've compiled all of our tweets from this past week, to get you up to date on what was talked about
If you're attending SOURCE Boston, there's a discussion Thursday at 11 a.m. you should attend. It deals with a subject we've been working hard to address at Akamai: burnout in the security industry, and how we can make things better by tapping into the better angels of our nature.Related audio: Humanity in Security
It was only six months ago that Akamai opened its core technology, revealing the Open Platform Initiative strategy. The main idea was to enable everyone; every developer, every customer and every partner, to access Akamai technology and benefit from its amazing power. You may arguably say that this was a small step on a long path. But let's look back and see how much we walked, using the evolution of
Attention, SOURCE Boston attendees: If you or anyone you know needs a job, come by our booth. Recruiters are on hand, and they have several positions to fill, including:A program manager for InfoSec;A senior manager for Enterprise Security;A security architect for Adversarial Resilience; and A principal application software engineer for the Security Products Group.We're also giving away an iPad at 5 p.m., so come put your business card in the raffle
Akamai CSO Andy Ellis wrote about how we're protecting customers from the much-publicized Heartbleed vulnerability OpenSSL fixed in an update Monday. At SOURCE Boston 2014, there's plenty of personal proof that this bug is a big deal. You could say it ruined the first day of the conference for some.
Update 2014-04-11: Updated information on our later analysis here. We're getting a lot of questions about the OpenSSL Heartbleed fix. What follows are the most commonly asked questions, with our answers. The Heartbleed bug affects a heartbeat functionality within the TLS/DTLS portion of the library. It allows the attacker to -- silently and without raising alarms -- dump portions of the servers memory to the client. This can allow the
A fix is now available for a serious Open SSL flaw known as Heartbleed. The vulnerability, covered in CVE-2014-0160, affects OpenSSL 1.0.1 through 1.0.1f with two exceptions: OpenSSL 1.0.0 branch and 0.9.8.
SOURCE Conference 2014 runs tomorrow through Thursday at the Marriott on Tremont Street, Boston. Akamai is a platinum sponsor of the event and we hope to see you there. To help attendees acclimate, we're sharing the following talk descriptions, which are also available on the conference website.
In today's financial world, smart organizations face tremendous pressure to deliver mission critical Web applications quickly, reliably and securely. Malicious attacks against the Financial Services industry are increasing daily. Financial institutions must meet regulatory requirements and protect their clients. Don't leave your brand to chance.... learn how IBM Edge Delivery Services powered by Akamai transforms the Internet into an Enterprise class network with superior performance, visibility, security and control.
For years, I've despised the so-called booth-babe phenomenon, in which vendors hire women to stand at their booths in skimpy attire at conferences. I've focused on what I see at security events, but the problem is universal.If you want to know how I feel about it, read this Salted Hash write-up from a couple years ago. For the rest of this post, I direct your attention to this message from two
As of 31 March 2014, the UK officially has a governmental Computer Emergency Response Team (CERT) that is responsible for being the central point for communication between a variety of governmental and business within the confines of the UK, as well as beyond. While this is the 'birthday' of CERT-UK, the organization has already been working hard since November to create infrastructure and hiring personnel, this was simply an official
Akamai is a platinum sponsor of next week's SOURCE Boston conference, and we'll have an army of security staff on hand to answer questions, show people around and help with introductions.Full SOURCE Boston schedule
Caching is, at the end of the day, at the core of Akamai's business. As such, the more a website can cache on the edge, the more value they get out of Akamai, and the happier its users are. Dynamic Page Caching is a powerful capability that lets you cache content that appears to be uncacheable, and is explained in this video by Ravi Maira, VP Web Experience Products at
My guest this episode is Kathryn Kun, manager of our Adversarial Resilience team. She reviews the recent Northeast Collegiate Cyber Defense Competition (NECCDC), of which she was an organizer.Listen to the full episodeAs part of the competition, each team -- along with a new "CIO" -- was hired to take over IT operations for the fictional company EnV research Inc. The competition packet described the following scenario: "At the request of