The Akamai Blog Subscribe
Akamai Platform Update: New Security Enhancements Th ...
Today is Day 2 of Akamai's Platform Update. Yesterday, we talked about the acceleration of modern app development and how we're empowering users to shift more compute and data to the edge. From the core to the cloud to the edge, the applications and APIs that power modern web experiences must also be protected from threats. That's the focus for today. Let's shift gears and discuss Akamai's platform improvements to
Platform Update: Akamai Boosts Edge Application Powe ...
Welcome to the Akamai Platform Update -- two days of new capabilities and innovations across our edge technology and security product portfolios. Today, we look at our edge technology products, which include edge computing, edge delivery (CDN), and other complementary products and services that help customers drive great digital experiences. Akamai is announcing new products and capabilities as part of the Platform Update to help customers build more powerful edge
The Adaptive Security Engine -- A Quantum Leap Forwa ...
At Akamai, our mission is to make application and API security highly effective and easy. As part of that effort, we are excited to announce the Adaptive Security Engine -- a new core technology powering Akamai's application and API protection offerings, designed to enable a hands-off approach to protecting web applications and APIs with the highest degree of confidence. Our North Star while architecting the new engine was to give
Trusting Locations Bites Us Yet Again
Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020. Thankfully, this latest attempt was not as impactful as those in the past. It was discovered early on and largely mitigated through several protections. However, as I read through the security briefing, two things stand out. First, Nobelium
Now Available: EdgeKV Distributed Key-Value Store
We're excited to announce the availability of EdgeKV, a distributed key-value store database that enables EdgeWorkers to leverage data stored at the edge when deploying custom code across our serverless computing platform. This solution is fully distributed, meaning it runs in 1,400+ networks and in 135 countries. As more application functionality moves to the edge, quick access to data will be critical to ensuring low latency and great user experience.
The Rapid Resurgence of DDoS Extortion (That Didn't ...
Just when we thought DDoS extortion was fading into the rearview mirror, it's time to circle up the trucks again (gas tanks full). Starting last week and rapidly accelerating, we began seeing in our data and hearing firsthand from organizations about a new wave of extortion activity -- new Bitcoin demands; new threat actor names; and new attacker tactics, techniques, and procedures (TTPs). Perhaps the rapid resurgence in DDoS extortion
How Enigmo Moved Logic from Client to Origin to Edge ...
By: Hideki Ito Enigmo owns BUYMA, a Japanese fashion C2C marketplace that helps people buy and sell high-quality goods from overseas on www.buyma.com. BUYMA has 8.21 million members and deals with 5.62 million items across 140,000 fashion brands. Its website uses EdgeWorkers to manipulate cookies, a typical use case at the edge. In 2020, Enigmo decided to use EdgeWorkers for dynamic content delivery. Previously, it set cookies at an origin
SOGo and PacketFence Impacted by SAML Implementation ...
Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, CVE-2021-28091, which impacted Akamai's Enterprise Application Access (EAA) platform, incident responders assessed the impact on other Akamai software including the code maintained by Inverse, who Akamai recently acquired. During the impact review of Inverse, we
Akamai EAA Impersonation Vulnerability - A Deep Dive
In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the impact to EAA customers and actions required, please see our companion report. Overview In this section, we will walk you through the history and anatomy of this vulnerability. Some