Akamai Diversity
Home > January 2017

January 2017 Archives

Many customers ask Akamai about Disaster Recovery testing and Business Continuity planning as a part of their due diligence or risk management process. Customers expect to see a governance document maintained by a central authority, a list of systems with Recovery Point Objectives (RPO), Recovery Time Objectives (RTO), and a documented testing plan that is enacted quarterly or annually. Akamai reframes these questions to better match our approach to continuity and recovery, all of which we include under the umbrella of "resilience."

Improving Credential Abuse Threat Mitigation

Have you ever tried to login to your favorite website and mistakenly typed the wrong user name and password once, or even twice? I bet you have. And what about submitting a third consecutive false attempt? In most cases, at that point a secure website will start questioning the integrity of your actions. 

From a defense point of view, websites should suspend and limit false login attempts to confirm authenticity once abnormal usage is detected.

TLS 1.3 FTW

In common slang, FTW is an acronym "for the win" and while that's appropriate here, I think a better expansion is "for the world."

We're pleased to announce that we have sponsored the development of TLS 1.3 in OpenSSL. As it is one of the most widely-used TLS libraries, it is a good investment for the overall health and security of the Internet, so that everyone is able to deploy TLS 1.3 as soon as possible.

As we know, enterprises have come a long way from the days when a few remote users needed access to a handful of applications. Now, applications can live in data centers, in AWS, in Azure - in reality, anywhere on the Internet.

So who really needs to access these enterprise apps?

JAR: What You Need To Know

On December 29th, the United States Computer Emergency Readiness Team (US-CERT), in coordination with the FBI, released a document outlining  recent attacks against US interests that have been attributed to the Russian government.  To be clear, Akamai does not comment on the attribution of attacks. Rather we would like to inform our customers of what a reasonable, informed course of action should be regarding this new information.

The Year of Attacking "Things"

Yearly Review

2016 was an exciting year; a year in which hazards related to the Intent of Things (IoT) became trendy small talk in many living rooms around the world. For us, the members of the InfoSec community, it was the year when the security risks of IoT devices evolved from being theoretical to becoming a practical problem to us all. It was the year in which we all realized that the lack of security surrounding IoT is not just a liability on the consumer owning the device, it is a problem for the entire Internet.