Akamai Diversity

The Akamai Blog

It's that time of year - the Summer 2018 State of the Internet / Security: Web Attack report is now live. This new naming schema is just one of the many changes you'll notice if you're a returning reader of quarterly  report, and there are more changes coming as we work to bring you insights and intelligence from our data in as useful and timely a way as possible.

The Web Attack report is evolving into a shorter, leaner report. The Attack Spotlight was released as a stand alone paper. The statistical plots that made up a large part of the report have been published as blog posts (Web Attacks & DDoS By The Numbers). These changes will allow us to publish statistical data in a more timely manner in the future. At the same time, we are moving to more focused reports, published biannually, instead of a larger report published quarterly. 

 

Beyond the Looking Glass - The OTT Evolution in India

India, while at the cusp of becoming a digital, mobile first country, is also in the middle of evolving content consumption patterns. Hotstar's India Watch Report states that the video consumption in the country has seen a five-fold growth in just one year, with most of this growth is fuelled by mobile. In a country with close to 500 million mobile internet users, an average user spends up to 2.5 times more watch time on mobile content than the web. Now, fuse this trend with the India's love for cricket. The result: drastic increase in the number of people now watching live sports, specifically cricket, on OTT platforms. 10.3 million concurrent viewers watched the VIVO IPL 2018 Final between Chennai Super Kings (CSK) and Sunrisers Hyderabad (SRH), live on Hotstar. That's almost the entire population of the city of London tuning in at the same time to watch the match.

Mergers, Acquisitions, and Malware?

Every year, tens of thousands of mergers and acquisitions (M&A) take place across every industry and vertical. In fact, "In 2017, companies announced over 50,600 transactions with a total value of more than 3.5 trillion USD."[1] Not only is M&A complex from a business sense, it also brings the challenge of merging complex IT infrastructures and applications (which are only getting more complex) as businesses move away from a perimeter defined network to cloud networking.

Summer SOTI - Web Attacks

Continuing Changes

Welcome to the second blog post for the Summer 2018 State of the Internet / Security. If you've read the SOTI / Security report before, much of what you see here should be familiar, though the time frame we're looking at is the six months from November 2017 to April 2018, instead of the last quarter. The numbers are bigger and give us a better idea of the long-term trends we're seeing.

Summer SOTI - DDoS by the numbers

Time for a Change

The State of the Internet / Security report has been the home for Akamai's research on DDoS, attack traffic and Internet threats for over three years. While the report has evolved and expanded its scope considerably over that time, the content and how it's presented have only seen moderate changes. But as of the Summer 2018 Web Attack report, you'll see significant changes in how we present this content.  

Written by Meyer Potashman

On May 25, 2018, the EU General Data Protection Regulation (GDPR) went into effect. In preparation, Akamai, like every other company that does business with or interacts in any way with individuals in the EU, needed to re-evaluate our approach to data protection and privacy to ensure that we are compliant with the new law. Since GDPR requires that companies evaluate the privacy practices of their suppliers and subcontractors, customers have been asking us about how we protect the personal data on our platform from both a privacy and security perspective. In this blog post, we discuss how our InfoSec team approaches some of these considerations.

Earlier this year, Akamai mitigated the largest DDoS attack in its history, fueled by a new reflector, memcached. The attack targeted one of our software clients and broke through the 1 Tbps threshold for the first time. Memcached was developed to act as a distributed memory caching system. Since the protocol uses UDP, an insecure protocol, and carries the potential for tremendous amplification, it has the key traits of a successful reflection-based attack vector. This Attack Spotlight takes a deeper look into the memcached attack vector that redefined the term "largest attack" and is the first part of our State of the Internet Security Summer 2018 report.

Remote access in a software defined world

When I first ventured into technology, I wish someone gave me a heads-up about the bevy of acronyms to remember. It feels like every day a new acronym related to technology is formed. It's hard enough remembering names within my family. During Thanksgiving with a full house, I struggle to remember even my own name! When I first heard of SDN - software defined networking, I was still working for a mobile technology vendor. That was a world where even network elements had acronyms (SGSN, RNC, GGSN, HLR, etc). SDN hadn't found adoption as much as it did within the enterprise/data center space. SDN is the separation of the network control plane from the forwarding plane, moving it to a centralized point where the control plane (represented by a controller) orchestrates several forwarding devices. This separation, while leveraging network virtualization, allows for optimization of control plane workflows and also aims at making the network agile and flexible. I was enamored with the concept. For one, I could count down to days when I no longer engaged in the manual, error-prone and time-consuming process of logging into each network device via the command line interface (CLI) to program the control plane of network devices. I still wonder how I remembered the CLI commands during my networking certification exams and system administrator days.

As reported in an ISOC report last year, IPv6 adoption is now solidly in the "early majority phase" of the technology adoption life cycle by many metrics (well past "innovators" and "early adopters"), with progress beyond that in some areas. Akamai continues to see solid growth in IPv6, including significant traffic peaks during large events, and we continue to find cases where IPv6 outperforms IPv4.

Having knowledge and visibility is just as important as products and technology when it comes to detecting and combating the latest attacks on the Internet. At Akamai, we protect customers from many of the largest and most sophisticated attacks in the world, and we are launching a series of Akamai Security Summits to share what we've learned. This is an opportunity for security professionals to discuss the latest intelligence with your peers at other organizations, as well as with our experts at Akamai. We will be talking about the record-setting DDoS attacks we saw in February this year, discussing the attack surface of web APIs, and reviewing the latest techniques for dealing with credential stuffing attacks.