In The News

The latest articles, blog posts and newscasts mentioning Akamai

  • Edge security is a paradox
    SD Times
    February 6, 2020

    The security of edge devices presents both a major challenge and an opportunity for building more modern edge security practices. Edge devices exist outside of the protections that IT data centers provide, according to Patrick Sullivan, the global director of security at Akamai.

    One of the most prominent concerns is the physical security of the devices, which are more vulnerable to malicious attacks and mishaps of all kinds than typical office equipment and technology safely held within corporate walls.

    However, because edge computing distributes processing, storage, and applications across a wide range of devices and data centers, it’s difficult for any single disruption to take down the network.

    “This is a very impactful architecture for people as they’re building modern security,” said Sullivan. “So that edge model allows you to kind of have a homogeneous level of visibility and protection regardless of where that computing is. If it’s across a couple of cloud providers and a couple of colocation or data centers, that edge architecture allows you to accommodate all of that compute form factor and it gives you tremendous architectural flexibility.”

  • Streaming Super Bowl 2020 could have you delayed by up to a minute
    February 2, 2020

    Streaming the 2020 Super Bowl is sure to be a popular way for cord cutters and other fans who don't pay for cable or satellite TV service to experience the big game. But there's a catch. No matter which livestreaming app you choose to watch the Super Bowl, from the Fox Sports app to the NFL app to a live TV streaming service like YouTube TV or Hulu with Live TV, you won't exactly be watching live. Instead, the stream will be delayed by up to a minute.

    Current streaming technology delivers the video not in real time but in chunks of files, each typically four to six seconds in length, which are then assembled in the buffer memory of the device, such as a Fire TV or Apple TV media streamer or smart TV. “You can expect typical live streams to be between 20 and 30 seconds behind linear delivery methods,” said Peter Chave, principal media architect at Akamai, a company that delivers content over the internet.

  • Watch CNBC’s full interview with Akamai CEO Tom Leighton
    CNBC (video)
    February 12, 2020

    Akamai CEO Tom Leighton joins “Squawk Alley” to discuss the company’s earnings and data security push.

  • Day in the Life of a Bot
    Dark Reading
    February 10, 2020

    Back to the grind — time to review what needs to get done today. As a botnet, I have a very interesting job in some ways, but in others, it feels like the movie Groundhog Day. I originally was built by a criminal organization to conduct distributed denial-of-service (DDoS) attacks and then demand "protection" money to make sure it didn't happen again. Not a very innovative business model, but why fix what isn't broken?!

    I'm fortunate in that my owners have kept my code on the cutting edge, so I can be used for newer attacks like credential stuffing, brute-force password cracking, cryptomining, and even as a ticket bot to scoop up the best seats for resale. Some of my friends work as aggregators, spam bots, web scrapers, or search engines, and while we all do similar functions, I'm doing the truly exciting stuff.

    Over time, both the systems I'm made of and the types of criminal business models I'm used for have changed. Today, some of my network of hacked computers are part of the Internet of Things, such as home video surveillance cameras. As long as they have good computing power and connectivity, I'm an equal opportunity employer.

    Byline article by Akamai Senior Director Security Technology and Strategy Steve Winterfeld.

  • Lessons to be Learned from Iowa Caucuses
    NECN (video)
    February 7, 2020

    Patrick Sullivan, CTO Security Strategy for Akamai, talks with us about the Iowa caucuses App disaster and lessons to be learned beyond elections.

  • DPP announces industry scores 2/5 for sustainability
    IBC 365
    February 14, 2020

    The DPP has unveiled the first average score for participants in its Committed to Sustainability programme, which was launched last November to promote environmentally sustainable practices.

    Akamai Technologies is among the latest companies to be awarded the DPP Committed to Sustainability mark.

    Akamai director of sustainability Mike Mattera said: “We’re delighted to be a part of the DPP Committed to Sustainability programme.

    “Here at Akamai, environmental sustainability speaks to our core values as an organisation. And being able to demonstrate our dedication to reducing our impact publicly is important to us and our customers.”

  • APIs are becoming a major target for credential stuffing attacks
    CSO Online
    February 19, 2020

    New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. This trend is even more pronounced in the financial services industry where the use of APIs is widespread and in part fueled by regulatory requirements.

    According to a report released today, between December 2017 and November 2019, Akamai observed 85.4 billion credential abuse attacks against companies worldwide that use its services. Of those attacks, around 16.5 billion, or nearly 20%, targeted hostnames that were clearly identified as API endpoints. However, in the financial industry, the percentage of attacks that targeted APIs rose sharply between May and September 2019, at times reaching 75%.

  • Mass. cyber cluster’s strength will be underscored at Calif. trade show
    Boston Globe
    February 20, 2020

    Akamai Technologies will be among the biggest local companies at RSA next week. It was initially known as an online media-delivery business, but cybersecurity is now a major part of Akamai’s portfolio. (Nearly one-third of the Cambridge company’s $2.9 billion in revenue last year came from cloud security.) Akamai’s chief security officer, Andy Ellis, will give a keynote address at the RSA Conference that reflects on how the fundamental problems the industry faces haven’t changed all that much over the years.

    Ellis sees Greater Boston as one of the world’s top cybersecurity hubs, probably only behind Silicon Valley and Tel Aviv. The Massachusetts Institute of Technology drives much of the sector’s success here. But Ellis said many other local institutions play key roles, as well: Northeastern, WPI, and Wentworth, to name just a few.

  • Pre-RSA 2020: Tony Lauro on Software Development
    Security Guy TV
    February 17, 2020

    Tony Lauro appeared on Security Guy TV, a weekly live radio/TV show about all things security with host Chuck Harold where they discussed software development and fixing appsec flaws before they are created.

  • Akamai’s Rob San Martin on zero trust and the change in security
    February 19, 2020

    San Martin spoke with FedScoop at the Duo Zero Trust Security Summit.

  • Hackers Are Hammering The Financial Sector With Login Attacks
    February 22, 2020

    It should come as no surprise that banks and other financial service providers are a favorite target of hackers. The volume of attacks they face, however, is truly shocking.

    A new report (PDF link) from Akamai Technologies released this week revealed some staggering figures about one kind of attack: fraudulent logins. Over a two-year period ending in November of last year, Akamai tracked more than 85.4 billion malicious login attempts.

    On August 7th of last year, however, a single financial service business was faced with a full-on assault. Akamai reported over 55 million malicious login attempts during the attack.

    You read that correctly: one victim, one day, more than twice the number of fraudulent login attempts Akamai logged on an average day for every entity it monitored for such attacks.

  • Sports games are primed to take off in India: Paul Jackson, Akamai EMEA
    February 26, 2020

    Paul Jackson from Media Industry Strategy Team, Akamai EMEA and Industry Evangelist spoke to exchange4media on the factors that are driving the growth of gaming industry in India, spending capability trends, the popularity of PUBG, and categories of games that are most likely to succeed in 2020.

    Speaking about the factors that are driving the growth of the gaming industry in India, Jackson said, “There are more and younger consumers who are typically drawn towards gaming. Earlier an individual had to buy a gaming PC or a gaming console. Now, with a decent smartphone, you can play good online games. The mobile handsets have decreased the barriers for online game players and are the driving force of the online gaming industry. The availability and accessibility to these devices have taken the gaming industry by storm and also making the gaming industry change their business model -- from making a player buy an expensive game for $60 to ‘here's a free game, once you start playing, there may be some things you want to customize is an option for you to pay $1 or $2 to do those things’. So again, the barrier to entry has come so down.”

  • Trust is vital to the future of the media publishing industry
    February 26, 2020

    In 2020, media companies will continue to redefine what it means to be a publishing brand. Traditional broadcast providers are evolving into software companies, with cloud delivery mechanisms such as Infrastructure as a Service supporting this transition. Major TV networks are set to launch stand-alone, direct-to-consumer streaming services in mid-2020. And virtually every news media brand is evolving beyond its core and pivoting to paid, through digital subscriptions and ad-supported content.

    The Australian Government’s response to the ACCC’s Digital Platforms Inquiry report and the much publicized failings of trust across the social media landscape have played a big part in this shift. To support the growth of these new businesses in a more stringent regulatory environment, investment in the delivery of content and managing the risks of operating in the digital media supply chain is critical.

    In the world of digital ads, IP-based TV and over-the-top (OTT) streaming, attacks are more complex to manage, and the stakes are higher: loss of subscribers, revenue, eyeballs, brand reputation and trust. The potential for media companies to lose rights to broadcast major sporting events or face legal action on the basis of failing to adequately protect content, means security must be a top priority. Here are three types of threats media brands and publishers will need to respond to over the next 12 months.

    Byline article by Akamai Product Marketing Manager Sandeep Singh.

  • Why Silicon Valley is obsessed with ‘The Lord of the Rings’
    February 22, 2020

    Although it’s been more than 16 years since “The Return of the King,” the final film in the series, premiered, “The Lord of the Rings” fandom in Silicon Valley has continued to swell.

    In Silicon Valley, LOTR serves as a common ground, a shared passion that tech workers can reference to communicate with and relate to one another.

    Perhaps the most popular hobbit in the tech industry is Samwise Gamgee. Although Sam is a secondary character and his main purpose is to help fellow hobbit Frodo destroy the one ring, he delivers one of the most powerful lines of the series, said Andy Ellis, chief security officer at Akamai Technologies.

    “I can’t carry it for you, but I can carry you,” Sam tells Frodo before lifting him up and carrying him up Mount Doom.

    “To me that’s the true hero,” said Ellis, who can recite the inscription written on the one ring in Tengwar, a script in LOTR that was created by Tolkien. “We don’t celebrate the people who get up every day and do the work that needs to be done and support somebody else.”

  • Two employment scams are hiding in plain sight—here’s how to spot them
    Fast Company
    January 24, 2020

    Job hunting is stressful enough, but when the job you’re hoping for turns out to be a scam, the sense of embarrassment and loss compounds things. Not to mention costing you money. The Better Business Bureau estimated employment scams resulted in a median loss of $1,200 per victim.

    Recruiters are particularly valuable to criminals, both as a target and as a resource for their access to open communication with corporations, as well as job seekers vying for their attention and willing to part with sensitive information because that’s how the process works.

    For employers, employment scams can create reputation and compliance problems, since criminals will leverage established brands for legitimacy. If someone in the hiring chain is compromised, data breaches can cost companies millions of dollars.

    Two employment scams that target recruiters and job seekers are a mix of social engineering and phishing. The result is the same: The victim is left with compromised personal information and/or financial resources.

    Read Full Story
  • Deconstructing Web Cache Deception Attacks: They're Bad; Now What?
    Dark Reading
    January 23, 2020

    "Web cache" refers to any technology that fronts an origin web server and temporarily stores frequently accessed content so that subsequent requests for the same content can be served efficiently. Be they centralized caching proxies deployed on-premises at an enterprise or content delivery networks (CDNs) with massively distributed caching edge servers, caches have become critical Internet infrastructure that enable scalable traffic delivery.

    Attacks targeting caches are nothing new. However, it wasn't until 2017 that web cache attacks saw a significant surge in popularity, with novel exploits regularly making the headlines. Works such as "Web Cache Deception Attack", "Practical Cache Poisoning", and "CPDoS: Cache Poisoned Denial of Service" demonstrate disastrous vulnerabilities that are easy for miscreants to exploit.

    In our own research with academics from the University of Trento and Northeastern University, we homed in on the aforementioned web cache deception attack, or WCD for short. WCD is a particularly damaging threat, where the adversary tricks a cache into storing the victim's sensitive data, therefore leaking it on the Internet. We analyzed 340 popular websites and found that 37 were affected by WCD, also finding that simple tweaks to existing attack techniques are sufficient to discover new exploitable targets. (We will present this work, titled "Cached and Confused: Web Cache Deception in the Wild," at Usenix Security Symposium in August 2020.)

    Byline article by Akamai Security Architect Kaan Onarliogl.

    Read Full Story
  • Mass. employers earn high marks in LGBTQ-friendly workplace index
    Boston Business Journal
    January 21, 2020

    Dozens of Massachusetts companies were among top-scoring employers for LGBTQ-inclusive workplace policies in the most recent report by the Human Rights Campaign Foundation.

    The 2020 Corporate Equality Index rated 1,059 companies in total. Employers and law firms based in Massachusetts seeing an average score of 95 percent.

    The top-scoring Massachusetts companies on the index include Akamai Technologies Inc. (Nasdaq: AKAM), Biogen (Nasdaq: BIIB), Dunkin’ Brands Group Inc. (Nasdaq: DNKN), Eaton Vance, Eastern Bank Corp., State Street Corp. (NYSE: STT), Tufts Health Plan, and Vertex Pharmaceuticals Inc. (Nasdaq: VRTX). All received a “100” rating.

    Read Full Story
  • 11 DevOps trends that will matter most in 2020
    January 21, 2020

    DevOps is about constant improvement, and many trends are maturing this year and becoming pervasive. In a field as fast moving as DevOps, it's valuable to find out what might lie ahead.

    TechRepublic turned to the experts to ask their opinions on the top 11 DevOps trends worth watching in 2020:

    1. A focus on end-to-end lifecycle management will streamline DevOps workflow complexity Sid Phadkar, senior product manager at Akamai, said, "With the emergence of microservices and CI/CD toolchains, there has been an emphasis on developing and leveraging many different tools to tackle small tasks spread across similar parallel workflows. For example, two different teams within an organization often have their own CI/CD pipelines consisting of many different tools catering to version control, build automation, monitoring analytics, early testing, code review processes, and more. While organizations have reaped the benefits of catering to customized workflows, this has also led to incredible tool sprawl within often dispersed teams that can hinder productivity. DevOps vendors are often tasked with ensuring compatibility with tools from other vendors. In 2020, the number of tools will continue to increase, but there will be a movement toward end-to-end lifecycle management and single applications that streamline tooling and workflows to ultimately improve software development speed and agility."

    Read Full Story
  • Experts discuss the strategies companies are putting in place to invest in cyberskills
    Intelligent CIO
    January 20, 2020

    Business leaders are seemingly doing more towards closing the skills gap as the growing demand for cyberskills and a more socially mobile and diverse workforce increases. BAE Systems and the National Cyber Security Centre (NCSC) hosted a CyberFirst event in Manchester and their work to close the gap can be read in more detail here. Industry experts offer their opinions on the subject.

    Richard Meeus, Security Technology and Strategy Director, EMEA at Akamai: If you’re a cybersecurity professional, there’s never been a time where your skills have been more in demand. As companies are growing increasingly aware of the threats out there and the implications of what could happen if they get breached, the onus on having a top-notch team is getting higher on the agenda. While things are positive for those trying to find a role, the other side is less so with demand far outstripping supply.

    Read Full Story
  • Managing Customer Identity in the Era of CCPA
    January 15, 2020

    California’s Consumer Privacy Act (CCPA) went into effect on January 1, 2020. California is the most recent jurisdiction to add privacy legislations, but it will not be the last. Industry experts offer their opinions on the subject.

    More than 40% of Americans live in a state that is considering privacy legislation and U.S. senators from California are proposing U.S. Federal Privacy legislation. Internationally, Brazil, China, Australia, India, Japan, and, of course, Europe (GDPR) all have or have proposed privacy legislation.

    It can be a full-time job keeping track of the many nuances of all these laws. As details about CCPA began to come into focus, I spoke with numerous security and privacy executives who found themselves wrestling with a bit of confusion. Some lawyers interpreted early drafts of CCPA to prohibit Loyalty Programs, though that appears to have been clarified in later drafts. While many of the privacy regulations are similar, there are nuances specific to local regulations. There are still some steps that can be taken to make it easier to comply with evolving regulations.

    Byline article by Akamai CTO, Security Strategy Patrick Sullivan.

    Read Full Story
  • The Evolving Threat Landscape: Five Trends To Expect In 2020 And Beyond
    January 14, 2020

    As we head into the new decade, cyberattacks will continue to grow in scale and volume. Cybersecurity is a fast-evolving industry, as hackers and security providers both continuously try to outsmart each other. Cybersecurity Ventures estimates that organizations will spend an estimated $1 trillion on cybersecurity from 2017 to 2021.

    More than 40% of Americans live in a state that is considering privacy legislation and U.S. senators from California are proposing U.S. Federal Privacy legislation. Internationally, Brazil, China, Australia, India, Japan, and, of course, Europe (GDPR) all have or have proposed privacy legislation.

    Let's look at some of the innovations and emerging technology trends that are likely to shape the cybersecurity industry in 2020.

    Phishing attacks beyond email. Phishing is the No. 1 cause of data breaches in 2019. 2020 will see no abatement, as phishing attacks will become even more sophisticated and highly targeted than ever before. Email is no longer the only means of a phishing attack. Attackers might also send an SMS or launch targeted social engineering attacks via social media. New research from Akamai (via Dark Reading) has uncovered that 60% of all phishing kits found on the dark web are active for 20 days or less, indicating that cybercriminals will continue to develop new evasion techniques to keep their kits undetected.

    Read Full Story
  • These 3 Chromium Browsers Are Impacting Customer Experience: What Retailers Need to Know About Them
    Total Retail
    January 14, 2020

    In March, we examined the impact of “rogue” mobile browsers that look like Chrome (but aren’t) on retailers’ digital performance, their user experiences, and their bottom lines. Now, new data looks at the performance of three Chromium-based browsers — Google Chrome, Samsung Internet, and the Miui Browser by Xiaomi — and how they stack up against one another in terms of user experience.

    But first, why is this information important for retailers? The fact is, each Chromium browser performs differently across four key criteria, all of which are critical to providing an optimized user experience that’s consistent across browsers and devices:

    • Total loading time: The time it takes for a web page to completely load.
    • The domcontentloaded (DCL) event: Determines whether a page is technically ready for interaction. For example, when core elements of a page have loaded, but images and scripts are still rendering.
    • Time to Interactive (TTI): Measures the moment at which the user can safely start interacting with the page. For instance, when the page has reached TTI, a user clicking on a “Watch Video” button will actually trigger a media player to fire up and play the desired video.
    • Longtasks: Aptly named, these are tasks that take a long time to load, and tie up a browser’s resources as they execute. For example, if a customer clicks on a link during a long task, the browser would finish the long task first and then react to the click.
    Byline article by Akamai Global Vice President of Product and Industry Marketing Ari Weil.

    Read Full Story
  • Akamai: Cyber Attacks Now Being Weaponized
    Security Boulevard
    January 3, 2020

    A report published by Akamai at the close of 2019 advises cybersecurity teams to expect to see many more weaponized cyber attacks in the New Year.

    Larry Cashdollar, an Akamai security researcher, said going into 2020 an overlap between criminal developers and nation-state actors is creating a steady stream of zero-day tools targeting specific organizations and individuals.

    As the entities that launch these attacks become increasingly more professional in how they operate, attacks stemming from credential abuse, phishing and exploitation of vulnerabilities in popular systems will only continue to grow in scale and size, Cashdollar said. In the last 17 months, Akamai has observed 55 billion credential stuffing attacks with no signs of slowing down.

    Overall, Akamai research identifies the U.S. as the top source for credential stuffing, followed by Russia. In terms of phishing attacks aimed at compromising credentials, thwarting these efforts is becoming more difficult because 60% of the phishing kits monitored by Akamai were active for only 20 days or less, according to the company.

    Read Full Story
  • Trust and privacy in 2020 - how should brands approach CCPA, and privacy-assured marketing?
    January 3, 2020

    Is the rush to compliance affecting a brand's view of trust? The CMO Council whitepaper, “Exceeding The Requirements of the Trust Economy - Identifying opportunities to secure the trust in brand experiences,” noted that 57% of global marketing leaders said data security, privacy and accountability are the most critical demands of customers.

    A new term popped up in this paper: privacy-assured marketing. It comes from John Summers, VP and Chief Technology Officer at Akamai Technologies, and it means “fulfilling the contract of digital trust forged between customer and business.” Essentially, you must become a privacy-first organization, with privacy a key component of every interaction or engagement and every strategy.

    Summers: Brands need to make it explicit that they are a privacy-first organization, implementing the proper governance and distribution of data across brands, channels and touchpoints.

    Read Full Story
  • Content security: Keeping one step ahead of the pirates
    January 3, 2020

    ‘A war in which new fronts are opening up all the time’ might not be an original metaphor for the challenges facing content protection, but in reality, it’s hard to identify one that is more apt. Recent years have seen the number of potential threats confronting content creators – both from organised ‘for profit’ piracy and more casual, between-consumer sharing – growing in precisely the same period that the advertising market supporting many of them has become significantly more fragmented and uncertain.

    Amit Kasturia, senior product manager at Akamai, observes: “We do see that customers are a lot more concerned now about the ill-effects of piracy, be that in the form of loss of subscribers, revenue, eyeballs or reputation.”

    The possibility of service providers losing rights (for example, to major sporting events) or facing legal action on the basis that they have failed to adequately protect content is also shaping a landscape in which “content services are definitely looking to invest more resources into anti-piracy. You only need to look at how many organisations now have dedicated roles, such as content protection managers, to recognise that,” adds Kasturia.

    Read Full Story
  • 6 Security Team Goals for DevSecOps in 2020
    Dark Reading
    January 2, 2020

    In the DevOps world, the biggest gains have been achieved through an "everything-as-code" approach that has made it so much easier to spin up and down reliable, repeatable infrastructure components.

    Sid Phadkar, a senior product manager at Akamai, agrees that many organizations are going to be building security policies directly within code to help deal with big compliance demands set upon them by regulations like GDPR.

    "There will be an uptick in DevOps tools that cater to automating more compliance-related tasks within infosec teams, thus incorporating security and compliance measures into everyday CI workflows," Phadkar says.

    Read Full Story

View Previous Stories