Akamai Diversity
Home > Web Security

Recently in Web Security Category

Let's make one thing absolutely clear at the outset: the time to think about the best options for cyber-threat mitigation is NOT when your network is being attacked. In the best-case scenario you will already have a mitigation strategy in place for defending against both network-layer and application-layer attacks. The most important thing to know when you are building a multi-layered approach to securing web applications is that security solutions aren't one-size-fits-all. You have several options to mix and match. Akamai's free eBook, "Threats and Mitigations: A Guide to Multi-Layered Web Security", gives you options for making the choices that best fit both your business and IT infrastructure requirements.

Reminder: Social Engineering Isn't Just An Online Threat

Shortly after DEF CON last month, friend and journalist Steve Ragan made an observation in his Salted Hash blog: People standing in the many long lines at the event were forgetting a basic social engineering risk.

6 Ways Young Upstarts Can Get Their Big Security Break

Interviewing Akamai InfoSec's summer interns recently, I was reminded of a six-step guide I wrote a few years ago for CSOonline on how young people can get their break in the industry. I think the suggestions are as valid today as they were then.

Also see:

What a Broken Arm Teaches Us About Incident Response

I originally wrote this for CSOonline's Salted Hash blog in 2011. But given all my focus on incident management of late, a re-share seems appropriate.

You might find it weird that I'd find a teachable infosec moment in my son breaking his arm. But he did do it at a security meet-up, after all.

Earlier this week, we published a new white paper titled, "Weighing Risk Against the Total Cost of a Data Breach," on Akamai.com. Ordinarily, a white paper wouldn't be a particularly interesting subject for a blog post, but this one explores a topic that has generated a lot of questions from our customers - how do I financially justify a Web application firewall solution to my management?

Is Your Web Security in the Dark Ages?

The data center perimeter is dead - web assets cannot be protected by a fortress wall - but a historical view of web protection lives on in the way many IT departments continue to defend their infrastructures. Websites and web applications increasingly live outside the data center. Cloud-based applications and websites are at constant risk from web threats that are becoming more damaging and sophisticated by the day.

Meet Akamai InfoSec's 4th Intern

Last week I recorded a podcast interview with three of Akamai InfoSec's four summer interns. Due to a schedule conflict, the fourth intern -- Boston University Computer Science major Allan Wirth -- was interviewed separately.

Wirth will be a senior this fall and hopes to embark on a career in web security. The work he did for Akamai will serve him well to that end. Under the supervision of InfoSec's Kathryn Kun and Tim April, he studied Akamai BGP data.      

"I worked on aggregating BGP data in real time to identify routing hijacks," Wirth said. "I've never handled this breadth of data before, so it was an eye opener."

Wirth's passion for information security goes back to high school. By the time he started his Akamai internship, he had already participated in Capture-The-Flag contests and dabbled in penetration testing.

"I'm hoping to engage in some more advanced cryptography after graduation," he said. "Security is what I want to do."

We wish Allan the very best in his future endeavors. I doubt we've seen the last of him around here.

Public Compliance Docs: The List So Far (Updated)

As previously noted, Akamai InfoSec has been working to make its most sought after compliance documents publicly available. The goal is to make it easier for customers to access the answers they regularly seek, and also to show potential new customers how we operate. 

We're building the foundation in the form of a compliance page on the Akamai Security microsite, and hope to publish up to two fresh public docs a month. What follows is a list of what we've done so far.

Microsoft's Patch Tuesday Release for August 2014

Microsoft released its August 2014 Security Update Tuesday. The company's OneNote note-taking software, Internet Explorer browser, Server software, and .NET Framework were most affected this time.

Akamai Security Podcast: Meet the InfoSec Interns

In the latest episode of the Akamai Security Podcast, I interview three interns -- Yuan Jiang, Chae Won Lee and Tom Boning. They spent the summer working with our InfoSec team. They talk about their projects and where they hope to go from here.

  • Listen to the full episode HERE.