Akamai Diversity

Akamai Security Intelligence & Threat Research

A Year of Research

As the year draws to a close, our team decided Issue 5 of the State of the Internet report should take a look back at what we've done over the previous 12 months.  The State of the Internet Security report is one of the most visible efforts of the research efforts at Akamai, but it is far from the only research we do and is not always the most important work that we publish.  That honor should be properly given to the threat research we're constantly striving to bring to our readers.

Akamai averaged more than one publication a week about the threats we're observing and fighting over the last year.  Many of these are relatively straight forward blog posts about an interesting anomaly. However there have been multiple major incidents and vulnerabilities where Akamai was central to the story, or the organization leading the way.  I'd be lying if I said we don't live for the moments when a team makes a groundbreaking discovery, but the combined impact of the a series of smaller findings might just be more important over time. Occasionally a small story turns into a huge one.

 

Research is a fundamental element of any organization's reputation as a "security company".  Delving into the myriad of problems that need to be solved to protect our organization is vitally important for product direction. But it's turning that internal research and publish it for the rest of the world to see that builds a reputation as a security leader.  

Another reason to look back on our research is to understand the nature of the threats we'll be facing in 2019.  As our Chief Security Officer, Andy Ellis, highlights in his essay on change in this issue of the State of the Internet Security report, truly revolutionary changes in security are few and far between.  The majority of the changes we see are evolutionary and "the same, just more of it" is a valid supposition of what the future may bring. Although, sometimes even more of the same takes on twists and turns no one would have predicted.

It's hard to overstate the breadth of stories we've covered in the last twelve months.  The authors of the Mirai botnet were arrested, sentenced, and began cooperating with law enforcement.  The Meltdown and Spectre vulnerabilities were discovered, with new methods of exploitation arising as soon as another is closed.  Memcached was used to fuel the biggest DDoS attack the world has seen (so far). Our researchers discovered UPnProxy, a vulnerability that allowed home routers to be used as proxies by attackers.  The same UPnProxy vulnerability was recently discovered being used to create routes into home networks instead. Another researcher discovered a significant vulnerability in a JQuery project that had over 7,800 projects that spread vulnerability.  

It was an eventful year.

So, what have you and your team accomplished in 2018?  Take a little time to reflect on your victories, learn from your failures, and celebrate as we bring another year to a close.

Leave a comment