2387 matches found
When Looking for SWIFT Audit Guidelines, Beware of the Customer Security Controls Framework
...
Choosing the right application access solution for a hybrid IT world
This Guest blog was written by Martha Gomez Vazquez, a Senior Research Analyst for IDC's Infrastructure Services research practice focusing on Security Services and Hardware & Software Support and Deployment. The widespread success of security breaches over the past few years has proven beyond a...
Cybersecurity Executive Order 13800: More than a Risk Assessment?
Written by Sr. Solutions Engineer, Micah Maryn. Most folks around the Washington DC beltway have heard the cybersecurity Executive Order EO 13800 - Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure referred to as a simple risk assessment. But the reality is that it i...
Akamai's DNS Contribution to Internet Resiliency
Background Akamai Technologies recently contributed its "Serve Stale" DNS algorithm to Version 9 of the Internet Systems Consortium's ISC Berkeley Internet Name Domain BIND open source Domain Name System DNS project. As the Internet's most widely used DNS implementation, BIND operates ubiquitousl...
WireX update: UDP attack capabilities
Akamai would like to acknowledge the research by F5 containing additional information on the capabilities of this malware, released September 2nd. Finding new features The WireX botnet was discovered due to its role in a series of prolonged attacks against several organizations. It was brought to...
Girls Who Code: That's a Wrap!
The Summer Immersion Program for Girls Who Code at Akamai wrapped up this past week. The girls finished their final projects and presented them at a graduation ceremony attended by friends and family as well as supporters and mentors from Akamai. The girls were divided into five teams for their...
Game Crunch Doesn't Always Have to be a Thing
You've been dreading the conversation. You know there's no way out of it, given the timeline. Your execs have made it clear that the very large marketing spend is going to hit during the week when two of your engineers were planning to be on vacation. You've got a brilliant team that has helped y...
The WireX Botnet: An example of cross-organizational cooperation
Introduction On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises...
The WireX Botnet: An Example of Cross-Organizational Cooperation
On August 17th, 2017, multiple Content Delivery Networks CDNs and content providers were subject to significant attacks from a botnet dubbed WireX. The botnet is named for an anagram for one of the delimiter strings in its command and control protocol. The WireX botnet comprises primarily Android...
What makes a good "DNS Blacklist"? - Part 2
In "What makes a good 'DNS Blacklist'? - Part 1", we explored the background and factors that have gone into Akamai's thinking behind New security products like Enterprise Threat Protect ETP. This article continues with a list of factors and questions to ask any DNS Threat Feed providers, includi...
What makes a good "DNS Blacklist"? - Part 1
Reflections on Modern Actionable Threat Intelligence used to turn a DNS Resolver into a Critical Security Tool Akamai has just launched the Enterprise Threat Protection ETP platform. ETP is built on Akamai's global AnswerX Cloud that now reaches 28 countries and is expanding to new countries ever...
Week 6 of Girls Who Code: Artificial Intelligence and Human Expertise at Watson Health
Week 6 of the Girls Who Code summer-immersion program at Akamai featured a field trip to IBM's Watson Health, where the girls learned about the concept of "cognitive computing," and how this technology is being used by IBM to help doctors help their patients. The girls met some of the women at IB...
Access and Delivery different sides of the same coin
We are often so caught up in our own realities that we miss obvious similarities or synergies. Luckily when various people look at the same situation, different perspectives emerge. I was reminded of that recently during a conversation with one of our large pharma customers. Akamai helps our...
To Keep Players Happy, First Seek Understanding
Me: To keep your players happy - you need to understand why they're not. You: Uh, yeah obviously. Thanks. So what? Actually, I have a lot to say on the topic of keeping players happy. A few months back I wrote a quick post about Friction. Friction, as I defined it, is anything that prompts your...
Akamai Is Named A Leader In Gartner's Magic Quadrant For Web Application Firewalls
"Don't work for recognition, but do work worthy of recognition" - H. Jackson Brown. A friend sent this quote to me after I explained to her my ambivalence about being recognized by Gartner as a "Leader" in their Web Application Firewall Magic Quadrant. I had mixed feelings because I wanted to...
Girls Who Code at Akamai, Week 5: Designing the User Experience!
Week 5 of the Girls Who Code program at Akamai was action-packed. The class attended a User-Experience UX workshop onsite at Akamai's headquarters in Cambridge, Mass. The instructors, formerly of Twitter and currently Google UX experts, led the girls through an activity in which they designed the...
Part 2: Reading SPAM For Research
A couple weeks ago, I posted a blog that is a follow up of an article I published in Information Security Magazine. In that post I wrote about collecting phishing samples and identifying domain squatters that might be looking to harvest information from their target. This is the final blog entry...
Girls Who Code Weeks 3 and 4: Robots, the Internet and College
The summer is flying by, and we have reached the mid-point of our Girls Who Code Summer Immersion program. Our students are smart, engaged, learning a ton, and seem to be having a lot of fun! Last week was about robotics. The girls wired and programmed Arduino robots to perform a variety of tasks...
Get Ready For The Holidays With Cloudlets
It's summer, which means it's time for hitting the beach, enjoying outdoor barbeques with friends and family, going for hiking, biking, kayaking and savoring cold craft beers. But for savvy retailers like you, summer is the ideal time to start getting your apps, websites and infrastructures ready...
Larry's Cabinet of Web Vulnerability Curiosities
One of my responsibilities as a member of the Akamai Security Intelligence Response Team SIRT is to research new web application vulnerabilities. For the last year, I have focused on Wordpress plugin vulnerabilities, and looking for any interesting code tidbits in my box of Wordpress toys. There...
Winning at Launch Time
Your extraordinary work on game development through concept to crunch, your tireless community building, brand awareness, and engagement all converge on one moment: Launching the game. Is it possible to ever finish building a video game? The longer the dev cycle, the more likely it is you'll run...
Part 1: Reading SPAM for Research
I recently wrote an article for Information Security Magazine where I explained how internet security researchers could use their spam folders as a resource tool. It got me thinking about going into greater detail on what I've found in my inbox. Phishing Sites I noticed an increase in "free gift...
Girls Who Code Week 2: Let the Coding Begin!!
The Akamai-sponsored Girls Who Code program is well under way! Week 2 featured lots of activity in the Girls Who Code classroom at Akamai's Cambridge, MA headquarters. The girls learned to use Scratch, a visual programming language that was developed at MIT to help people learn to code. They used...
Don't Say Goodbye to Your OTT Viewers
Takes a second to say goodbye Say goodbye, oh, oh, oh It takes a second to say goodbye Say goodbye, oh, oh, oh, say bye bye Where you going to now When U2 penned the lyrics to its song, "Seconds," in 1983, there was no such thing as online video. In fact, video had killed the radio star only four...
The Myth of the self tuning / machine learning Web Application Firewall
There's an old adage that if something seems too good to be true, it probably is. If you're like me, you can apply this to your own experiences. For example, about 5 years ago a small chain of gyms that exclusively used vibrating exercise machines popped up near my home. Their gym goers would sta...
Unwelcome Interruptions
Imagine your player's first experience with your game. Finally, after waiting all these years, she's got the game in hand. She tears the cellophane, cracks the case, slots the disc, and . . . "Game is now updating. Please wait." Watching 20 GB load onto a machine is not anyone's idea of fun. I ha...
Superior and safe user experiences with the Akamai Cloud Delivery Platform
Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...
Girls Who Code Summer Immersion Program - Week One
Written by Lisa Adams The Girls Who Code Summer Immersion program at Akamai Technologies is off to a great start! During Week 1 we welcomed the class of 20 girls and the teaching team of three instructors from Girls Who Code. The girls began learning how to program in the Scratch language, and...
The Slippery Slope Starts with "Get 2 Free Airline Tickets"
Written by Or Katz and Raviv Perets A widespread phishing scam that offers free airline tickets has been spotted in the wild by Akamai's Enterprise Threat Protector ETP security research team. The campaign uses a number of social engineering techniques to trick people into providing their private...
AnswerX - Akamai's 'Secret' DNS Platform
As I work with Operators all over the world, I'm amazed at two worrying. First, Operators are still treating DNS as an afterthought. Everyone knows that if DNS is down, the network is down. Too many people are taking DNS's resiliency for granted. DNS "just works" is assumed to be norm until it do...
Dealing with Petya
Akamai is aware of and is tracking the malware threat known as "Petya". Petya is ransomware spread using several methods, including PSexec, Windows Management Instrumentation Command-line WMIC, and the EternalBlue exploit used by the WannaCry family of ransomware. The malware spreads via port 139...
Akamai Launches New Solution to Help Enterprise Security Teams Address the Impact of Malware, Ransomware, and DNS-based Data Exfiltration
Today, we are proud to introduce Akamai Enterprise Threat Protector ETP. ETP is designed to provide customers quick-to-deploy and easy-to-manage cloud-based protection against the impact of complex, targeted threats such malware, ransomware, phishing, and DNS‑based data exfiltration. One...
How to Build Virtual Python Environment
In the DevOps world, getting a consistent development environment is crucial. In this post, I'll show you how to set up a virtual Python environment and install the correct libraries to achieve a consistent development environment...
Enterprise Security: EAA Exceeds Compliance Standards
I sat down again with John Payne, Akamai's Chief Architect of Infrastructure and Security, as well as Keith Hillis, Director IT Risk & Security. We spoke about enterprise security compliance, and how Enterprise Application Access EAA exceeds Akamai's requirements and simplifies the process for...
Balance traffic intelligently by leveraging Application Layer (Layer 7) and DNS Layer (Layer 3) logic
Gaining new customers and retaining existing ones is at the core of every business. In the past few years, two major trends have emerged in this drive towards customer centricity To meet the ever increasing customer demands, most modern digital applications leverage microservice architecture to...
Telegraph delivers better experience with Image Manager
The Telegraph Media Group TMG is a multi-media news publisher and its titles include The Daily Telegraph, The Sunday Telegraph and The Telegraph website. Today, its site serves more than 380 million pages to over 84 million unique visitors every month across the globe, featuring on average about...
Reducing Infrastructure Cost with new Enterprise Application Access Architecture
In an earlier blog, "Remote Access no longer needs to be Complex and Cumbersome", I wrote about the new game-changing remote access solution available from Akamai called Enterprise Application Access EAA. My thesis was that in our cloud-first, mobile-dominated world, providing access to...
Comey testimony generates massive interest, massive traffic
Online viewers of former FBI Director James Comey's live testimony last week generated a massive peak of 2.5 Tbps of live streaming video traffic on the Akamai platform, despite the hearing occurring in the middle of the work week, in the middle of the work day. To put this in perspective, that 2...
Advanced, Targeted Threats: What do They Mean for Your Bottom Line?
Too often, we are so focused on our day-to-day that we neglect to consider the bigger picture. I have been writing about recursive DNS and threat intelligence, Domain Generation Algorithms DGAs, and DNS-based data exfiltration assuming that the vast majority of readers are familiar with the...
Passive HTTP2 Client Fingerprinting - White Paper
HTTP2 is the second major version of the HTTP protocol. It changes the way HTTP is transferred "on the wire" by introducing a full binary protocol, made up of TCP connections, streams and frames, rather than simply being a plain-text protocol. Such a fundamental change between HTTP/1.x to HTTP/2,...
20 Years of DNS Data Exfiltration: Why, How, and What's Next?
In the last few posts, I talked about why recursive DNS rDNS combined with threat intelligence makes for such a simple-to-deploy security solution that effectively mitigates and prevents advanced, targeted threats. Not to belabor the point, but the recent punycode phishing news makes the...
The State of the Internet: A Decade of Change
The State of the Internet Report is growing up - with this issue, it enters its tenth year of publication. Over time, it has matured in many ways, including its length, design, and the content it includes. Looking back at that first issue all 17 pages of it, for the first quarter of 2008, we find...
Consuming Cyber-security: The Beginning of a New Era
Overview Can you imagine anyone buying a car without airbags and without seat belts? I bet you can't! So why is it that we buy computers without Antivirus software already installed, home routers without a firewall already installed or connected devices IoT that are lacking proper security...
Spotlight on Malware DGA Communication Technique
Written by Avi Aminov and Or Katz Overview Imagine you are standing in the middle of a crowded train station and want to have a private conversation with an old friend. You've been waiting for the perfect time to contact him and get some advice on how to move forward with some important life...
What Are Domain Generation Algorithms (DGAs) And Why You Should Care?
Last time I talked about how a proactive approach to defending against targeted threats using cloud-based recursive DNS and threat intelligence just makes sense. Taking this proactive approach early in the killchain can help mitigate known and unknown threats before any IP connection, file downlo...
WannaCry: What We Know
On Friday, May 12, news agencies around the world reported that a new ransomware threat was spreading rapidly. Akamai's incident response teams and researchers worked quickly to understand this new threat and how to mitigate it. This blog post is a summary of what Akamai knows at this point...
DDoS Attacks against DNS Infrastructure in the News
DNS-based DDoS attacks have gained mindshare among Akamai customers lately, most recently with last year's Dyn attacks written about on the Akamai Blog here and here and this week's attack against Cedexis. DNS infrastructure is a ripe target for malicious actors hoping to disrupt a digital...
The Bondnet Army: Questions & Answers
The following is a select list of questions and answers that we hope will shed more light on the botnet...
Strengthening Network Access Security with Multi-Factor Authentication
As technology continues to develop, more and more applications become not just convenient, but necessary. It was less than a decade ago that it was inconceivable we would 'need' to carry a consumer device to access the internet in our pockets. Today, it is essential. The same is true with the...
Not all Cloud Solutions are Created Equal
The errant swing of a backhoe in a New Jersey field cuts through a major cloud provider's underground cable, bringing activity along the U.S. Eastern Seaboard to a crashing halt. The outage hits some businesses hard. Every minute of downtime means thousands of dollars of lost revenue and hordes o...