Akamai maintains a series of policies and procedures to manage the network that transmits customer data securely. We maintain and enforce a Deployed Network Access Policy outlining the controls, roles and responsibilities that ensure employees only have the access privileges necessary to do their jobs.
What follows is a glimpse of the procedures Akamai uses to enhance security of software during the development process. It's a process all engineering teams follow to help minimize cases where instabilities may be introduced during the build process. While Akamai uses multiple QA tests, the entire Internet sometimes exercises edge cases that only apply to one geographic area, ISP or customer.
One of the goals of Akamai InfoSec is to make as much of our compliance documentation as public as possible. To get there, customer feedback will be crucial in determining which documents to tackle first.
Chief Security Officer, Andy Ellis, gives a brief overview of security and compliance and what they mean to Akamai. Andy's overview includes common terms along with definitions and an overview of common standards and their components.
Operation Ababil has been a thorn in the side of financial institutions this past year, costing victims both business and sleep. At Akamai Edge, we talked a lot about the attacks -- particularly the lessons we've learned and the fresh security measures companies have put in place.
Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales. But sometimes, these attacks are simply a cover operation to distract the victim while something else is going on.
As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason that we provide this as a service to our customers.
Akamai's Bill Brenner, Dave Lewis and Martin McKeay discuss the pros and cons of Google Glass Detector, software designed to detect Google Glass and boot it from any local Wi-Fi network. They also discuss the iCloud/4Chan controversy and look ahead to upcoming security conferences.
Bill Brenner finishes off a series on volunteers in the security community - particularly those who organize and volunteer at security conferences around the world. His guest is Brian Bourne, co-founder of the Security Education Conference in Toronto, more popularly known as SecTor. Bourne is also president of CMS Consulting Inc.
Air Comm Networks CTO Joshua Marpet discusses the importance of volunteering at security conferences and what kind of role he plays at such events. He also talks about the growing family atmosphere at the conferences - including the steady increase in activities for children.
Bill Brenner and Martin McKeay Discuss Web Security
This week's episode is with Akamai Senior Security Advocate Martin McKeay. He's an old friend with more than a decade of experience in information security. At Akamai, he spreads awareness about security and privacy, helping customers understand our approach to both.
In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca, on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.
Bill Brenner and Michael Smith Discuss Akamai CSIRT – Part 2
Bill Brenner continues his discussion with CSIRT Director Michael Smith. In this installment, Mike describes the process by which CSIRT delivers daily threat intelligence to our customers, along with the defensive measures needed to block attacks.
Bill Brenner and Michael Smith Discuss Akamai CSIRT
Bill Brenner interviews CSIRT Director Michael Smith. They discuss the role of CSIRT in researching threats and vulnerabilities, as well as keeping customers and the wider public informed of defensive measures they can take.
Bill Brenner talks to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry discusses the mechanics of his job and the particular threats he and the team have been tracking and defending against.