Get In Touch
The other half asks "May I please have some more (application security)." Another lifetime ago, way back in 2014, I wrote that "updating WAF rules is like flossing, everybody knows they should be doing it but it can be an easy step to forget and difficult to find the time to do it." At the time my conclusion was something along the lines of "so if you don't have
I recently spent time with Joe DeFelice. Joe is a Sr. Director Enterprise Security & Infrastructure Engineering here at Akamai. He is responsible for IT risk and security, Akamai infrastructure architecture and engineering (network, voice, video, platform, messaging, etc.), as well as our Akamai On Akamai initiative, which is a program built around sipping our own champagne or how we can best utilize Akamai products in the enterprise.
On Tuesday, February 1, 2017, security vendor Sucuri disclosed a severe vulnerability in the WordPress REST API in versions prior to 4.7.2. The vulnerability allows for remote, unauthenticated and easily automated modification of blog post and page content by manipulating a parameter payload. Sucuri, Inc. notified Akamai of this vulnerability in advance of the public disclosure, which allowed the Threat Research team to internally confirm exploitability and to develop a
Many customers ask Akamai about Disaster Recovery testing and Business Continuity planning as a part of their due diligence or risk management process. Customers expect to see a governance document maintained by a central authority, a list of systems with Recovery Point Objectives (RPO), Recovery Time Objectives (RTO), and a documented testing plan that is enacted quarterly or annually. Akamai reframes these questions to better match our approach to continuity
Have you ever tried to login to your favorite website and mistakenly typed the wrong user name and password once, or even twice? I bet you have. And what about submitting a third consecutive false attempt? In most cases, at that point a secure website will start questioning the integrity of your actions. From a defense point of view, websites should suspend and limit false login attempts to confirm authenticity
As we know, enterprises have come a long way from the days when a few remote users needed access to a handful of applications. Now, applications can live in data centers, in AWS, in Azure - in reality, anywhere on the Internet. So who really needs to access these enterprise apps?
On December 29th, the United States Computer Emergency Readiness Team (US-CERT), in coordination with the FBI, released a document outlining recent attacks against US interests that have been attributed to the Russian government. To be clear, Akamai does not comment on the attribution of attacks. Rather we would like to inform our customers of what a reasonable, informed course of action should be regarding this new information.
Yearly Review 2016 was an exciting year; a year in which hazards related to the Intent of Things (IoT) became trendy small talk in many living rooms around the world. For us, the members of the InfoSec community, it was the year when the security risks of IoT devices evolved from being theoretical to becoming a practical problem to us all. It was the year in which we all realized
In the first of this two-part blog, I reported the impact that the Dyn DDoS attack had on the financial services industry. Banks, insurers, credit cards, and others had two waves of impacts on Oct. 21, with many websites clocking in with 60 second page response times, and others with outright failures, not able to service their customers. In Part 2, we'll dig into some details to better understand the