Akamai Diversity

The Akamai Blog

Amol Mathur

Amol Mathur

June 14, 2021 9:00 AM

The Adaptive Security Engine -- A Quantum Leap Forwa ...

At Akamai, our mission is to make application and API security highly effective and easy. As part of that effort, we are excited to announce the Adaptive Security Engine -- a new core technology powering Akamai's application and API protection offerings, designed to enable a hands-off approach to protecting web applications and APIs with the highest degree of confidence. Our North Star while architecting the new engine was to give

Charlie Gero

Charlie Gero

June 7, 2021 12:00 PM

Trusting Locations Bites Us Yet Again

Recently, Microsoft announced the discovery of yet another attack being launched by the now infamous Nobelium group, which has been responsible for numerous successful attacks, including the widespread SolarWinds breach in 2020. Thankfully, this latest attempt was not as impactful as those in the past. It was discovered early on and largely mitigated through several protections. However, as I read through the security briefing, two things stand out. First, Nobelium

Tom Emmons

Tom Emmons

June 1, 2021 12:00 PM

The Rapid Resurgence of DDoS Extortion (That Didn't ...

Just when we thought DDoS extortion was fading into the rearview mirror, it's time to circle up the trucks again (gas tanks full). Starting last week and rapidly accelerating, we began seeing in our data and hearing firsthand from organizations about a new wave of extortion activity -- new Bitcoin demands; new threat actor names; and new attacker tactics, techniques, and procedures (TTPs). Perhaps the rapid resurgence in DDoS extortion

Akamai

Akamai

June 1, 2021 8:00 AM

SOGo and PacketFence Impacted by SAML Implementation ...

Part of Akamai's incident management process for vulnerabilities in third party software involves verifying potential impact in other systems using the same or similar libraries. While following that process when addressing the SAML impersonation vulnerability, CVE-2021-28091, which impacted Akamai's Enterprise Application Access (EAA) platform, incident responders assessed the impact on other Akamai software including the code maintained by Inverse, who Akamai recently acquired. During the impact review of Inverse, we

Akamai

Akamai

June 1, 2021 8:00 AM

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access (EAA) platform. We cover our investigation, remediation and disclosure process for the vulnerability. For an overview of the vulnerability, the impact to Akamai, the impact to EAA customers and actions required, please see our companion report. Overview In this section, we will walk you through the history and anatomy of this vulnerability. Some

Akamai

Akamai

June 1, 2021 8:00 AM

SAML Implementation Vulnerability Impacting Some Aka ...

This blog post provides an overview of a vulnerability discovered in Akamai's Enterprise Application Access (EAA) product which has been patched. This vulnerability could have allowed an actor to impersonate an authorized user when interacting with an application that used Security Assertion Markup Language Version 2 (SAMLv2, referred to as SAML in this document) to authenticate users. Following the initial notification from a third party, Akamai engineers identified that the

Jim Black

Jim Black

May 21, 2021 6:00 AM

Why FIDO2 Is the Answer to Better Security

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President Biden acknowledged that the United States and many other governments around the world are facing increasing malicious cyberattacks. In order to prevent, and recover

Hitoshi Kaneko

Hitoshi Kaneko

May 12, 2021 9:00 AM

Visualize and Analyze Bots with Real User Monitoring

You interact with more than just customers on your website. Bots make up a disproportionate amount of traffic, which can skew human behavior analysis data -- and cause you to make the wrong business decisions. In fact, one Akamai customer with 30% of total traffic from bots noticed a huge gap in business metrics like bounce and conversion rates. Since human and bot behaviors are unique, you need to analyze

Ian Munford

Ian Munford

May 6, 2021 9:00 AM

Defeating the Pirates

In Akamai's paper, "Inside the World of Video Pirates," we discovered why digital intellectual property theft (aka "piracy") is possibly the most misunderstood form of cybercrime facing the TV, sports, and film industries. The paper explored how piracy strategically impacts the industry, how the various financially motivated criminals groups operate, and why many seemingly law-abiding people still continue to participate in what is often perceived as a victimless crime. Despite