Akamai Diversity

The Akamai Blog

How 2015 Security Trends Will Influence 2016

I've always hated security 'predictions'; they range from scientific guesses to self-serving marketing drivel, trending mostly towards the latter.  But they do serve a purpose when done right, in that they draw attention to the trends currently happening and how they might play out in the future.  Given that there's been more focus on the field of computer security in 2015 than in any year before, it's probably not a bad idea to look at how some of the most important trends of 2015 are going to play out in the coming year.

 It's not a prediction, but rather a statement of fact to say that computer security is only going to become more important in the coming year and gain even more public attention.  We are at the start of a wave of changes that no one can accurately predict.  Security professionals around the globe have lamented for years that business leaders haven't paid enough attention to our advice, but that's changing rapidly and caught many people off-guard.  One of the things we need to be able to do is to understand some of the trends of today and where they might lead to tomorrow.  Which is why predictions can actually be valuable, if taken with a grain (or perhaps a block) of salt. 

So here is my view on how the top 5 security trends of 2015 will develop in 2016.

    Two weeks ago key players in the travel industry gathered from around the world to discover, debate and capitalize on the latest trends and opportunities in travel at the PhocusWright Conference in Fort Lauderdale. One of the hottest topics on the agenda was how to improve the travelers' experience from booking to actually traveling - and how important mobile is to that process. While mobile devices generate 25 percent of the transactions for the travel industry, that actually lags behind other retail verticals for mobile device sales.

    In my previous blog, I showed how seriously the performance of your website can be affected by your CDN, even though many don't include it in their monitoring strategy. To enable you to improve your performance tuning and rapid troubleshooting, you must monitor your CDN along with the rest of your systems and do so effectively. In this blog I'll show you how to do just that.

    Earlier you had to choose, should you personalize or cache everything... we wanted to do both. -- Fredrik Ahlen (CTO)

    The business decision had been made. Fredrik Ahlen (CTO) and Patrik Wallin (Lead Developer) of Health & Sports Nutrition Group (Gymgrossisten) were going to undergo a personalization overhaul to increase conversion rates. This meant personalizing nearly everything -- category pages, product pages, product recommendations and more. It was up to Fredrik and Patrik to make this happen on a site running on an e-commerce platform long past it's lifetime and offering poor website performance, poor stability, and limited personalization.

    WAF: Threat Intelligence, the brain behind the machine

    First time I jumped into a plane I was around 10 or 12 years old. The crew, moved by my innocent face and my dazzle, gave me a great gift: they allowed me to enter into the cabin where the pilot was commanding the flight. This is what I saw:

    Retailers can look back on the start of this holiday season and breath a sigh of relief that all signs point to another strong holiday season. According to figures released by Adobe, Cyber Monday closed with $3.07 billion in sales setting a new single day sales record. Black Friday also set records and marked the highest spike over the five-day shopping weekend with a 109 percent jump in traffic, according to Akamai's Net Usage Index.*

    Every six months I take a look at a handful of key stats from the HTTP Archive -- a fantastic repository of historical data around the size and composition of half a million of the most-visited websites in the world -- and I benchmark them against the previous six months.

    In previous posts WAF: False Positives vs. False Negatives and WAF: trade-off between false positives and false negatives, we talked about the importance of WAF accuracy and the strategy that Akamai follows when developing the system of proprietary rules (Kona Rule Set or KRS) that govern the WAF. 

    Playing Hide and Seek In the Cloud

    When we were young, we had fun playing hide and seek. As 5 year olds there were a limited number of places our friends could hide, and we could methodically check each one and then giggle when we found them. As we grew older, we expanded the boundaries of the game. Today, as security researchers, hide-and-seek is no longer so fun because the boundaries are nearly infinite. How do you find and evaluate the risk, for example, of one deadly SQL injection attempt across 200,000 daily attack events?

    WAF: trade-off between false positives and false negatives

    In the previous article, we introduced, arguably, the most important metric to measure WAF quality (in subsequent entries we will talk about WAF performance). But we left one question flying in the air: How can we achieve that our WAF rules provide a virtually null False Positive rate, keeping at the same time a very low percentage of False Negatives?