2387 matches found
Demystifying API Rate Limiting
APIs are the “digital glue” that integrates and connects infrastructure, services, devices, and users. With the proliferation of APIs in almost every organization, it‘s essential to have a mechanism in place to manage and govern them. That’s why we introduced Akamai API Gateway, which makes it...
Akamai CEO Leighton Calls Cybersecurity 'Fantastic Growth Engine'
Akamai CEO and co-founder Tom Leighton discusses the company's cybersecurity and data protection business. He speaks with Caroline Hyde from the Boston Institute of Contemporary Art on Bloomberg Technology. Source: Bloomberg...
Are VPNs a thing of the past?
Attention world: In 2018, we officially surpassed 4 billion internet users1 - and there are no signs of adoption rate slowing down. Yet the Internet as we know it has only been around since the 1990s. Along with it, different iterations of virtual private networks VPNs have been created and...
Learn How Trillions of DNS Requests Help Improve Security
Akamai's global platform is comprised of 240,000 servers in 3,750 locations within 134 countries. Additionally, our platform interacts with 1.3 billion client devices every day and we ingest 2.5 exabytes of data a year. So why are these stats important? The answer is that this visibility provides...
Yin and Yang of the Zero Trust Model
It may seem strange to apply concepts from Chinese philosophy to an IT security model, but representing complex ideas in simple terms can be a powerful tool for understanding and communicating. By viewing zero trust through the lens of Yin and Yang, we see that to be complete, the scope of the...
Election Readiness 2018
2018 is a pivotal year for the integrity of our electoral process. The threat to the digital infrastructure of our elections is proliferating to a level that has not been seen before. Officials are working tirelessly to protect your vote by proactively identifying vulnerabilities and targeting...
New State of Online Retail Performance Report Available
It's springtime, and the only people with the holidays on their minds are in the retail business. This holiday season was a record-breaking one, with combined revenue for Black Friday and Cyber Monday alone exceeding $11.5 billion. To build on that momentum, smart retailers will take a closer loo...
Significant retail spending on Mother's Day sets a stage for major holidays in 2018
The second Sunday in May is a special day for everyone because it's Mother's Day. It's also a special day for retailers, as it represents another peak period and serves as the halfway point between the prior year's Black Friday and Cyber Monday and the upcoming year's retail holidays. The retail...
Your Users Have Left the Building: Now What?
The dramatic growth of mobile devices, the widespread availability of always-on fast wireless networks, and the rapid adoption of cloud applications have transformed the viability of remote working. Employers are increasingly adopting flex schedules, implementing work from home options, and...
John Summers Q&A - Evanta Global CIO Executive Summit
Akamai's John Summers, VP & CTO, spoke at the recent Evanta Global CIO Executive Summit, a gathering of 75 major organization CIOs. His session was titled, "Cloud Security - Adopt Zero Trust and Put Asset-Level Safeguards in Place." Here are some of the key questions he addressed. How do you...
Introducing New WhoAmI Tool DNS Resolver Information
The Domain Name System DNS tools “whoami.akamai.net” and its alias “whoami.akamai.com” have been used for many years, often as a step in the process for diagnosing how a content delivery network CDN is directing traffic, locality, and network reachability issues. Whoami was originally introduced ...
Make Application Access IT-Friendly
More and more companies are looking at alternatives to VPNs due to the security risks associated with network level access. And increasingly, the goal is to eliminate network trust through a zero trust architecture - which is one of the primary reasons many of these organizations are deploying...
Zero Trust and the Identity
Digital transformation is occurring faster than most people realize, and is impacting every component of the IT organization. Some of the many catalysts include users and applications moving outside the traditional perimeter, users accessing applications that are anywhere, and utilizing many...
Phishing in the Wild: A New Threat Research Paper
Phishing is an extremely common attack vector that has been used for many years, and the potential impact and risks involved are well known to most Internet users. Despite this, phishing is still a highly relevant attack method being used in the wild, affecting many people. The question is, how c...
How to Make Your Demo Environment Easy, Accessible...AND Secure
A common misconception I've heard in the field is that a tradeoff exists between easy access for applications and network security. For example, companies want to allow their sales team, partners, and prospects access into demo environments. With traditional access solutions, there is a question ...
How-To: Add Timing-Allow-Origin Header to Improve Your Website Performance Measurements
...
Who is doing what on your network?
Over the past few months, while talking to customers, the topic of Zero Trust Architecture keeps coming up. Seemingly everyone is thinking of implementing the model - which we fully encourage! One of the core components of the principle is the ability to inspect and log all network and system...
Addressing the Availability of the ACAEngine
In my experience as a Solutions Engineer, I've seen many companies strive for 100% uptime of enterprise applications. However, this is a goal that cannot happen by itself. Careful thought must be put into the underlying architecture that delivers these critical enterprise applications. Recently,...
Take a Tour of New Routed Dashboard
As a product manager, there are few things more rewarding than finally putting your product into the hands of your customer for the first time. We've been working on the new Routed Dashboard for some time, and I've personally spoken to many of you in terms of what would make our new interface mor...
Actionable Threat Intelligence, Tailored to You
We are very excited to be launching the next generation of our Client Reputation product. This update takes Client Reputation a huge step further in providing our customers with truly actionable intelligence tailored for them. It computes an even better assessment of the real risk that every...
How You Get There Matters: "Middle-Mile" RUM to Drive CDN Strategy
Traditional RUM products make use of APIs Navigation-Timing, Resource-Timing, etc. built into browsers to help measure the performance characteristics of the loading of a web page. That is, they do their best to quantify the work required by the browser when rendering a web page. APM products use...
Akamai 2018 Spring Release, In A Nutshell
Progressing Towards Our Future in The Cloud, Together As organizations continue to fuel and execute on their digital transformation ambitions, they're increasingly finding significant business agility and cost savings by adopting cloud, multi-cloud, or hybrid architectures. Availability, security...
TLS 1.3 support is coming this spring
While March brings NCAA Madness, this year it also brought TLS 1.3, which will be coming to all Akamai customers soon! Let's give some background. TLS 1.3 is latest revision of the TLS protocol. It is also known by its older name, SSL. It is the protocol used for all secure HTTP connections on th...
Perception Matters: Making RUM More Real
Traditional nav timing metrics have given us a lot in the way of understanding how our pages and apps are performing, but as users' expectations rise and page complexity grows, you need to really understand how users are perceiving the performance of your website beyond traditional page load...
Introducing Web Security Analytics
Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...
The Recipe for Web Performance Starts with the Right Ingredients: Page Construction Metrics
You can't manage what you can't measure. As devices grow in capacity and innovations allow us to do more with web apps, the complexity of our pages has grown, too. It becomes a balancing act to increase functionality while maintaining a performant and responsive site. Just like a great recipe, to...
Measure What Matters: Your Competitive Advantage May Lie in Your Understanding (or Lack of Understanding) of What Users Are Really Experiencing
Attracting and retaining customers lies in your ability to offer an exceptional digital experience. Now that digital channels are increasingly preferred over channels of the past, the climate is increasingly competitive -- and businesses are fighting to maintain loyalty and keep users engaged...
What's New with Prolexic
There have been two constants in DDoS over the last 10+ years: an ever-changing threat landscape and continuous growth in attack sizes. Akamai's Prolexic platform has stood the test of time, but we are continuing to invest in ways to make our customers' experience more valuable and relevant. I'm...
Introducing Web Security Analytics
Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it...
Akamai and Duo have announced a technology partnership for Zero Trust
Akamai continues to build a zero trust ecosystem by integrating it's Enterprise Application Access EAA with Duo's Multi-Factor Authentication MFA solution. Duo now natively integrates into EAA and augments access with push-based MFA, phone call delivery of MFA tokens, and additional device level...
Part 2: The Dark Side of APIs
Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai During its research into Credential Abuse attack campaigns, Akamai's threat research team conducted an analysis of web logins to gain insights into how widespread the adoption of API-based logins ...
Effectively Detecting Low Throughput and Malicious DNS Exfiltration
In a previous blog post, we described how the DNS protocol, mainly designed for hostname to IP addresses resolution, can be abused for arbitrary data exchange. Based on throughput i.e., bytes per hour, we distinguish between two classes of data exchange over the DNS protocol. The first of the two...
The Dark Side of APIs: Part 1, API Overview
Application Programming Interfaces API are a software design approach which enables software and system developers to integrate with other systems based on a defined set of communication methods. APIs serve as software building blocks and allow for software reuse - essentially allowing fast...
Climbing the Ladder: Zero Trust, Single Sign-On, Multiple Applications
It is understood that there is a significant amount of complexity to securing today's enterprise, especially as more services and applications move to the cloud and a Zero Trust security model is employed. We at Akamai are actively engaged in helping enterprises adjust to a Zero Trust security...
Coin Mining Malware and What Akamai Can do About It
It has been a busy few months for crypto-mining! The advent of cryptocurrency1 has resulted in a rollercoaster ride of interest in the last 18 months, with millions of people making and losing millions in physical currency. Through all of this, cryptocurrency has been a heavy target for...
Universal Plug and Play (UPnP): What you need to know
Universal Plug and Play UPnP is a widely used protocol with a decade-long history of flawed implementations across a wide range of consumer devices. In this paper, we will cover how these aws are still present on devices, how these vulnerabilities are actively being abused, and how a...
The Dark Side of APIs: Part 1, API Overview
Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai API Overview Application Programming Interfaces API are a software design approach which enables software and system developers to integrate with other systems based on a defined set of...
How smart is my smart TV?
Some weeks ago, my friend asked me the headlining question while we were having a random argument about electronics. I found it to be an interesting one, particularly because it underlines the current mindset towards security of electronic devices communicable over computer networks. We are...
What You Need To Know: "SNIPR" Credential Stuffing Tool
Overview Credential abuse CA is a trend that is here to stay. It affects almost every one of us. There are attackers trying to break into every online account and the vast majority of these attacks are happening silently in the background. In the past, credential abuse tools were written and...
Illuminating the Path to Digital Maturity
Research By Akamai and Forrester Sheds New Light on Digital Experience Challenges and Opportunities Nearly every business today is striving to create and deliver digital experiences that stand apart. But it's no small task turning those visions into reality. Moreover, there's little room for erro...
Illuminating the Path to Digital Maturity
Research By Akamai and Forrester Sheds New Light on Digital Experience Challenges and Opportunities Nearly every business today is striving to create and deliver digital experiences that stand apart. But it's no small task turning those visions into reality. Moreover,...
Zero Trust and the Slowly Boiled Frog
Disclaimer: No actual frogs were harmed in the writing of the blog post. We wouldn't do that. We like frogs. What is Zero Trust Networking? The Zero Trust security model was proposed by John Kindervag of Forrester Research back in 2010. The concept is that the traditional trust model of "trust, b...
Recovering Plaintext Passwords from Azure Virtual Machines
Security design flaw in the VM Access plugin that may enable a cross platform attack impacting every machine type provided by Azure. Read More...
Experiments with Browser Preconnects
...
Smart DNS Resolution for a Better Safer Internet
By Arlen Frew Top-level Domain TLD operators are focused on making the Internet a better and safer place, enabling name registrations, and maintaining the DNS namespace in support of their stakeholders. The entire Internet ecosystem, including TLDs, is always looking for ways to improve security...
Make way for HTTPS - Starting July 2018, Google Chrome will mark all HTTP sites as "not secure"
Days of clear-text HTTP, the original but insecure foundation for data communication over the web, are numbered. Over the past few years, Google and others such as the Internet Architecture Board, Mozilla, and Apple have nudged developers to encrypt and authenticate their websites using HTTPS whi...
memcached, now with extortion!
Over the past week, memcached reflection attacks have taken the DDoS scene by storm. With several attacks hitting organizations across many industries, including a record breaking 1.3Tbps attack against an Akamai customer. Akamai has observed a new trend in extortion attempts using memcached...
Memcached-fueled 1.3 Tbps attacks
At 17:28 GMT, February 28th, Akamai experienced a 1.3 Tbps DDoS attack against one of our customers, a software development company, driven by memcached reflection. This attack was the largest attack seen to date by Akamai, more than twice the size of the September, 2016 attacks that announced th...
Survey Says: So Long Grey Skies - Telecoms 2018 Outlook
Nominum, a part of Akamai, recently partnered with Telecoms.com to survey over 1,500 telecom professionals to get a sense of their concerns, initiatives and expectations for 2018. The findings are captured in the report Telecoms.com Annual Industry Survey 2017. Top concerns, outlined A top concer...
How do I know if I'm Secure?
Remember those commercials for excessive cell phone roaming coverage? The ones with clever skits highlighting the end user having no idea that their phone had crossed an invisible border and switched from primary to roaming coverage? Immediately incurring increased costs for calling, texting and...