Akamai Diversity

The Akamai Blog

Akamai Response To "Forwarding-Loop" Issue

Akamai is aware of the research paper titled "Forwarding-Loop Attacks in Content Delivery Networks" published by Jianjun Chen et. al on Feb. 29.  We have reviewed the researchers' findings, and are confident that we already have adequate counter-measures in place to thwart any attempt to use Akamai as an attack vector in the manner described by the paper.

The paper describes four types of forwarding-loop attacks against CDNs: self-loop, intra-CDN loop, inter-CDN loop and dam flooding. The paper acknowledges that Akamai is not vulnerable to the first two. The third attack (the "inter-CDN loop attack") is described as a looping between multiple CDNs.  Finally, the fourth -- "dam flooding" -- is described as coupling "forwarding-loop attacks with timely controlled HTTP responses to significantly increase damage."

While Akamai does not publically disclose or discuss our security countermeasures, we would like to reiterate that we have sufficient countermeasures in place to detect and defend against all these attacks, as well as substantial capacity to absorb traffic spikes. If you have any additional questions/concerns, please reach out to your Akamai representative.

Going Big with eSports

Electronic Arts recently announced the launch of their new division, focused entirely on esports. Within weeks, Activision, who had already launched its own esports department, announced they were acquiring MLG, one of the key brands in competitive gaming.

Monday, Akamai released the Q4 2015 State of the Internet Security (SOTI Security) Report (download here). I've been writing posts throughout the week focusing on specific parts of the report. For this installment, let's take a look at Web application attacks by industry.


This quarter, the retail sector suffered the vast majority of web application attacks: 59%. Media and entertainment suffered 10% of attacks, as did the hotel and travel industry. Financial services suffered 7% of attacks, followed by high technology (4%), consumer goods (3%), manufacturing (2%), the public sector (1%), and gaming (1%).

Join me over the next few posts as I talk about how to provide fast, reliable, and secure applications in the branch while protecting end-users and promoting a transparent and open Internet. Let's start with the basics.

So what is SSL/TLS & how does it work?

Yesterday, Akamai released the Q4 2015 State of the Internet Security (SOTI Security) Report (download here). I'll write posts throughout the week focusing on specific parts of the report. For this installment, let's take a look at mega-DDoS attacks from last quarter.


In Q4, five DDoS attacks registered more than 100 Gbps. This number was down from the eight we saw in Q3 2015, and still more of a drop from the record-setting 17 mega attacks of Q3 2014.

If you're headed to the RSA Conference 2016, be sure to stop by the Akamai booth #4000, in Moscone North Hall. We're very excited about the recent launch of our Bot Manager web security technology and we'll show you firsthand how it works in a live demo. You'll see how Bot Manager provides, for the first time, the capability to categorize bot types and manage bot activity on your website. This is a significant advance over the simple detection and blocking techniques commonly available today. The result? You'll be in control of both the business and technological impact of bot traffic - without blindly mitigating everything and potentially escalating the bot problem.

Akamai's State of the Internet Security Report with Andy Ellis

The State of the Internet Security report by Akamai is issued four times a year with information on the types of online attacks that Akamai Technologies protects its customers from every day. In this free report, you can read about changes in Distributed Denial of Service (DDoS) attacks with multiple different metrics. In addition, we look at the various types of web attacks against our customers and a spotlight on a specific technique or attack group. 

In this video, Akamai CSO Andy Ellis gives a breakdown:

Today Akamai released the Q4 2015 State of the Internet Security (SOTI Security) Report (download here). I'll write posts throughout the week focusing on specific parts of the report, but let's begin with an overview in the form of an infographic.

#RSAC 2016 State of Internet Security Presentations

Today, as RSA Conference 2016 opens, Akamai is releasing its Q4 2015 State of the Internet Security Report.

At the Akamai Booth in Moscone Center's North Exhibit Hall, I'll give overviews of the report and we'll hand out printed copies. If you want to check out a presntation, here's the schedule:

  • Tuesday - 10 -6, noon and 3 p.m. PT
  • Wednesday - 10-6, noon and 4 p.m. PT
  • Thursday - 10-3, noon and 2 p.m. ET

Hope to see you there! 

You can also check this blog throughout the week for further alalysis. To download the full report, click here.

Not a single member of the Akamai automotive team has been to a Super Bowl party in the last 12 years. It's not because we're anti-social - quite the opposite - during each Super Bowl, we find ourselves in the same location where we are collectively sitting with one eye on the game, one eye on our screens and usually on a call (or several) with our automotive customers.  We are waiting with bated breath after their television ads run during the game and hoping for huge spikes in visitors to their sites. Our singular aim during Super Bowl is to ensure that the traffic our customers drive online is as large, error-free, secure, high-performing and successful as possible.