Akamai Diversity

The Akamai Blog

Robert Blumofe

Robert Blumofe

July 26, 2021 9:00 AM

Why Zero Trust Needs the Edge

Backhauling traffic destroys performance, and backhauling attack traffic can destroy even more. Nevertheless, in a traditional security deployment model, we are faced with the lose-lose options of either backhauling all traffic to the security stack or allowing some accesses to not go through the security stack. Of course, in the modern world where cyberattacks can cause enormous damage, the latter option is not really an option at all. All traffic

Robert Blumofe

Robert Blumofe

July 20, 2021 9:00 AM

Zero Trust Network Access Is an Oxymoron

Though Zero Trust is really quite simple and should be viewed as a very strong form of the age-old principle of least privilege, that does not mean that it is the same thing. In fact, one of the most significant differences from what came before is that when it comes to access, Zero Trust is based on application access, not network access. I was surprised, then, when Gartner's new SASE

Robert Blumofe

Robert Blumofe

July 15, 2021 9:00 AM

Zero Trust: Not As Scary As It Sounds

If the term Zero Trust has been popping up in your news feed with astonishing frequency lately, you may be tempted to think that Zero Trust must be a brand-new technology cooked up in a research lab at MIT and powered by the latest artificial intelligence, machine learning, quantum computing, and a 1.21 gigawatt flux capacitor. In this and subsequent blog posts, I want to make the case that, in

Robert Blumofe

Robert Blumofe

July 2, 2021 9:00 AM

The Countdown Has Started -- The Move Toward Zero Tr ...

In early May 2021, the President of the United States issued an executive order on cybersecurity, and though it will take some time for executive branch agencies to develop formal rules, the order itself includes a lot of what I consider to be best practice in cybersecurity, including the use of multi-factor authentication (MFA) and Zero Trust, mentioned by name. The call for adoption of cybersecurity best practices makes a

Patrick Sullivan

Patrick Sullivan

April 30, 2021 1:00 PM

CISA Emergency Directive 21-03: VPN Vulnerabilities ...

On April 20, 2021, the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) released an alert on the exploitation of Pulse Connect Secure Vulnerabilities with Alert AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities, as well as Emergency Directive (ED) 21-03, after a FireEye blog shed light on security incidents involving compromises of Pulse Secure VPN appliances. The directive outlines the specific actions all US federal agencies should take

Richard Meeus

Richard Meeus

April 14, 2021 9:00 AM

Adapting Security to Work Anywhere

"Working from home 2021" was the title of my talk at The Cyber Security Summit in January, and the strikethrough is important. After a massive shift away from common workspaces in response to the global pandemic, there is no more working remotely or working from home, there is just working. The axiom, "work is what you do, not where you go" has never before been so true. The possibility

Lorenz Jakober

Lorenz Jakober

March 15, 2021 5:15 PM

Microsoft Exchange and Verkada Hacks: Isolate Your A ...

It's been an interesting start to March in terms of public security incidents.

Jim Black

Jim Black

March 9, 2021 9:00 AM

Is MFA a Security Illusion?

A recent Akamai Security blog post, Massive Campaign Targeting UK Banks Bypassing 2FA, written by my colleague Or Katz, is a great insight into how attackers used very simple techniques to bypass two-factor (2FA) authentication security to obtain access to U.K. consumers' bank accounts.

Chinedu Egonu

Chinedu Egonu

February 16, 2021 9:00 AM

SolarWinds Hack and the Case of DNS Security

It's not news that some of the top government agencies and companies in the world were victims of the SolarWinds attack. At this point, I can say it's the reason I didn't have a smoother transition back into work-life following a long vacation. As I understand it, the breaches happened after malicious code was inserted into a software patch that was downloaded by the companies and agencies. The installation of