Akamai Diversity
Home > October 2015

October 2015 Archives

With the holiday season quickly approaching, retailers are thinking through every element of their company's eCommerce plans to significantly boost sales during the busiest shopping time of the year. One of the biggest drivers of online retail sales is user experience, so retailers should place increased emphasis on bolstering the following customer touchpoints during the holiday rush to ensure positive brand interactions that convert browsing into sales:

Bill Murphy of the RedZone Podcast interviewed me a couple weeks ago. We discussed everything from super vulnerabilities to incident response to the creation of Akamai's Security Intelligence Response Team (SIRT).

From Murphy's program notes:

In this podcast episode I interview Bill Brenner, who is an expert at digesting threat intelligence information and making this information available to a wide pool of people from C-Suite Executives to coders and developers. Bill is a Senior Technical writer for Akamai and has been a writer for CSO Online, and Liquid Matrix Security Digest. Additionally, he created and writes in a blog called the OCD Diaries where he discusses mental health issues with IT Executives and staff within the technology industry.

Three musts for an IT security decision maker that we discussed:

  1. Super-vulnerabilities like Heartbleed, Shellshock, Poodle and OpenSSL - Identify the risks these pose your assets within your company and remediate them.
  2. Incident Response - Remember to develop a BCP/DR plan for IT Security Incidents
  3. Protect Your Brand - Which hacking groups don't like your company or brand that leave you vulnerable to DDoS, cyber espionage, and ransomware style of attacks?
I also shared some of my favorite infosec resources.

NetBIOS, RPC Portmap and Sentinel Reflection DDoS Attacks

By Bill Brenner, Akamai SIRT Senior Tech Writer


Akamai's Security Intelligence Response Team (SIRT) released a new advisory today about three new attack vectors digital miscreants have used to target Akamai customers. The main researchers for this advisory were Jose Arteaga and Wilber Mejia.


In the third quarter of 2015, Akamai mitigated and analyzed the following vectors:


  • NetBIOS name server reflection DDoS

  • RPC portmap reflection DDoS

  • Sentinel reflection DDoS, which reflects off of licensing servers.

Consumers shop on the web for its convenience, savings and efficiency. Expectations continue to rise on retailers to deliver exceptional experiences anytime, anywhere, on any device.

Akamai Technologies - 2014 Consumer Web Performance Expectations Survey revealed that 30 percent of users expect pages to load in one second or less and 49 percent expect pages to load in two seconds or less. When expectations are not met, nearly 48 percent will abandon the site and 22 percent will not return.

I've had countless conversations with SaaS providers to discuss the major challenges they face as a business, and specifically, what metrics they track. I expected to hear a similar story from providers, that their top priorities were security and performance, followed closely by features and functions and competitive pressures. While providers agree that these are all important aspects of their overall solution, and are ultimately required to be monitored for the optimal delivery of their applications to the end users, they see their two major challenges more generally: customer acquisition and customer retention. 

Dear Developer: Are you ready for the holidays?

Dear Web & App Developer,

 

I trust that by now you have completed all your design, development and testing for the changes you've made to your web sites, e-shops and mobile apps and are planning to take time off during the holiday season.

Dynamic Page Caching: Beyond Static Content

Caching static content at the edge, like images and scripts, is only the beginning in terms of offloading requests from the origin and giving users the best experience. Dynamic content has long been thought of as a web resource that can serve different content for the same URI (Uniform Resource Indicator). A common misconception is that this content is always non-cacheable. When you break it down further, you realize that often times there are specific conditions that need to be met to produce different content, and that these conditions can be predefined. Caching more content not only reduces page load times, providing a more responsive site for its users, but also frees up computing cycles at you origin infrastructure to service transactional requests such as inventory checks, adds to the cart, and check-out more effectively.

Cloudpiercer Discovery Tool

Researchers have released details of a tool that allows users to discover origin servers. Researchers call it Cloudpiercer, which uses a number of techniques to locate origin servers' IP addresses.


The Cloudpiercer tool bundles several previously known methods with some stated new ones to simplify the reconnaissance against targets. It's a reconnaissance tool, not an attack tool. A potential attacker may use similar methods to search for a customer's datacenter IP addresses or netblock(s) but will have to use other services or technologies to perform an actual DDoS or web application attack.


Akamai's Security Intelligence Research Team (SIRT) has analyzed the methods used by the tool and offers the following observations.

It seems like holiday promotions have already started for many retailers and the promotion timetables are even earlier than last year. On a recent trip through my local big box retailer I noticed that Christmas decorations are already out, just one aisle down from the Halloween decorations. 

Akamai Earns Perfect Fives in Streaming Media 100

We're humbled and honored that Akamai was one of only three companies to earn a perfect '5' rating from every judge in this year's Streaming Media 100. The annual list includes "The One Hundred Companies that Matter Most in Online Video," highlighting those considered to be the "most interesting, important and influential" in the industry, according to the publication.

For close to two decades now, businesses have discovered opportunities to use Internet-based interactive applications to improve or expand their "brick and mortar" businesses. Now, whether its retail, wholesale, manufacturing or services, the vast majority of businesses in North America, Europe and Asia have found a way to use web and mobile to change their economics and operations.

All of this is pretty obvious, even to the casual observer, but there is a problem.

A pharmaceutical company decides to go global for a lot of reasons: Perhaps they want to expand into developing markets that are less saturated. Or they may need to conduct global clinical trials to get broader and more diverse participant base.

The KPI You're Not Measuring But Should Be

As we head into the holiday season, retailers have begun preparing their organization and technology for the surge in online and offline traffic. New hires, new technologies and new procedures are being implemented to ensure a smooth, successful selling period. Success won't only be measured by revenue, though that is the primary figure, but also by traffic, conversion rates, average order value, and numerous data points around customer loyalty (how many repeat visitors, buyers, how much (more) did they buy, etc.)

Akamai and Quantum Dawn 3 - That's a Wrap!

On September 16, 2015 the Securities Industry and Financial Markets Association (SIFMAconducted Quantum Dawn 3, the third in a series of cyber attack exercises against the capital markets industry.  Over 650 people from more than 80 firms and government agencies participated in the exercise.  And this year, for the first time, Akamai was invited to take part.