Akamai Lines Background

Archives

Older content on Akamai's security activities. Includes podcasts, articles, blog posts, documentation and more.

Security Compliance

  • Patent: SSL Protection

    Akamai's method and systems for protecting websites from public Internet threats.

    Learn more
  • Access Control

    Akamai maintains a series of policies and procedures to manage the network that transmits customer data securely. We maintain and enforce a Deployed Network Access Policy outlining the controls, roles and responsibilities that ensure employees only have the access privileges necessary to do their jobs.

    Learn more
  • Secure Software Development

    What follows is a glimpse of the procedures Akamai uses to enhance security of software during the development process. It's a process all engineering teams follow to help minimize cases where instabilities may be introduced during the build process. While Akamai uses multiple QA tests, the entire Internet sometimes exercises edge cases that only apply to one geographic area, ISP or customer.

    Learn more
  • Making Documents Public

    One of the goals of Akamai InfoSec is to make as much of our compliance documentation as public as possible. To get there, customer feedback will be crucial in determining which documents to tackle first.

    Learn more
  • Secure Content Delivery Network

    How Akamai secures the content it provides on behalf of customers.

    Learn more
  • Security Standards and Regulations at a Glance

    A glossary of the various regulations and industry standards, including brief descriptions of each.

    Learn more
  • A Primer on Akamai Compliance

    Detailed descriptions of the regulations and standards Akamai complies with.

    Learn more
  • Akamai Services

    This document outlines the definitions, billing methodologies, service descriptions and additional terms surrounding the use of our products and services.

    Learn more
  • Steep Road to FedRamp

    Yesterday was a big day around here. Akamai achieved Federal Risk and Authorization Management Program (FedRAMP) compliance as a cloud services provider.

    Learn more
  • Four FedRAMP Questions

    For a look at how we reached FedRAMP certification, I spoke with Akamai InfoSec's Kathryn Kun, the program manager who played a critical role in getting us certified.

    Learn more
  • Security and Compliance 101

    Chief Security Officer, Andy Ellis, gives a brief overview of security and compliance and what they mean to Akamai. Andy's overview includes common terms along with definitions and an overview of common standards and their components.

    Learn more
  • Experiencing Compliance from the Inside Out

    Bill Brenner's early lesson in how Akamai does compliance.

    Learn more
  • Lessons from Akamai InfoSec Training

    How our compliance efforts shape the training of new employees.

    Learn more

Security Research

  • Ababil Phase 2

    Report on the second phase of the Operation Ababil campaign waged by the hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters.

    Learn more
  • Backdoor Trojans and RATs

    Akamai's CSIRT team advises companies to check their systems for web shells, executable code running on a server that gives attackers remote access to a variety of critical functions.

    Learn more
  • Indonesian Attack Traffic

    Indonesia replaces China as the top producer of attack traffic.

    Learn more
  • Watering-Hole Attacks

    A look at "watering-hole" attacks and what Akamai's CSIRT team has learned in tracking them.

    Learn more
  • Dissecting Operation Ababil

    Operation Ababil has been a thorn in the side of financial institutions this past year, costing victims both business and sleep. At Akamai Edge, we talked a lot about the attacks -- particularly the lessons we've learned and the fresh security measures companies have put in place.

    Learn more
  • SEA Attacks & DNS Security

    The Syrian Electronic Army (SEA) -- a pro-Assad hacking group -- is making misery for some of the biggest entities on the Internet.

    Learn more
  • Manipulating PHP Superglobal Variables

    How attackers are able to use vulnerabilities in PHP applications to exploit superglobals -- pre-defined variables in PHP -- to launch malicious code.

    Learn more
  • DDoS Attacks as Cover

    Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales. But sometimes, these attacks are simply a cover operation to distract the victim while something else is going on.

    Learn more
  • Bypassing Content Delivery Security

    As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason that we provide this as a service to our customers.

    Learn more

Podcasts

  • Security Kahuna Podcast, 10-14

    Bill Brenner, Dave Lewis and Martin McKeay ponder the explosion of critical vulnerabilities like Poodle, Shellshock and Heartbleed.

    Learn more
  • Third-Party Attacks

    Bill Brenner talks to Akamai CSIRT researcher Mike Kun about the rise of third-party attacks.

    Learn more
  • Shellshock Bash Explained

    Akamai's Martin McKeay, Michael Smith and Bill Brenner discuss the Shellshock Bash bug and what Akamai is doing to keep customers secure.

    Learn more
  • Inside the PLXsert

    Bill Brenner and Akamai PLXsert Manager David Fernandez discuss the latest attack research from his team.

    Learn more
  • Security Kahuna Podcast, Episode 3

    Akamai's Bill Brenner, Dave Lewis and Martin McKeay discuss the pros and cons of Google Glass Detector, software designed to detect Google Glass and boot it from any local Wi-Fi network. They also discuss the iCloud/4Chan controversy and look ahead to upcoming security conferences.

    Learn more
  • Meet the InfoSec Interns

    Bill Brenner interviews three interns who spent the summer working with the InfoSec team. A look at their projects and where they hope to go from here.

    Learn more
  • Security Kahuna Podcast, Episode 2

    Bill Brenner, Martin McKeay, Dave Lewis and some special guests report from Las Vegas during Black Hat, BSidesLV and DEF CON 2014.

    Learn more
  • Akamai’s Israeli Research Division

    Bill Brenner talks to Adi Ludmer, one of our researchers in Tel Aviv, about the nature of his team's work.

    Learn more
  • Security Kahuna Podcast, Episode 1

    In the first episode of the Security Kahuna Podcast, Bill Brenner, Dave Lewis and Martin McKeay discuss the big security issues of the day.

    Learn more
  • Online Extortion and World Cup Risks

    Bill Brenner talks to CSIRT researcher Mike Kun about the latest threats his team is monitoring, including online extortion attempts and possible disruptions during the World Cup.

    Learn more
  • CSO Andy Ellis on Heartbleed

    Akamai's CSO and Bill Brenner discuss the company's response to Heartbleed, including lessons learned and next steps.

    Learn more
  • Cyber Competition in Review

    Bill Brenner and Kathryn Kun review the recent Northeast Collegiate Cyber Defense Competition (NECCDC).

    Learn more
  • Humanity in Security

    Bill Brenner and Christian Ternus discuss Humanity in Security, an Akamai effort to address burnout, depression and stress in the security community.

    Learn more
  • RSAC 2014 in Review

    Bill Brenner, Stuart Scholly, SVP and General Manager of Akamai's Security Business Unit, Akamai CSO Andy Ellis and Program Manager Meg Grady-Troia recap RSA Conference 2014.

    Learn more
  • Brian Bourne and SecTOR

    Bill Brenner finishes off a series on volunteers in the security community - particularly those who organize and volunteer at security conferences around the world. His guest is Brian Bourne, co-founder of the Security Education Conference in Toronto, more popularly known as SecTor. Bourne is also president of CMS Consulting Inc.

    Learn more
  • Joshua Marpet and InfoSec Activism

    Air Comm Networks CTO Joshua Marpet discusses the importance of volunteering at security conferences and what kind of role he plays at such events. He also talks about the growing family atmosphere at the conferences - including the steady increase in activities for children.

    Learn more
  • James Arien at #ShmooCon 2014

    At the 2014 ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.

    Learn more
  • Bill Brenner and Martin McKeay Discuss Web Security

    This week's episode is with Akamai Senior Security Advocate Martin McKeay. He's an old friend with more than a decade of experience in information security. At Akamai, he spreads awareness about security and privacy, helping customers understand our approach to both.

    Learn more
  • Bill Brenner Talks With Dave Lewis

    In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca, on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.

    Learn more
  • Bill Brenner and Michael Smith Discuss Akamai CSIRT – Part 2

    Bill Brenner continues his discussion with CSIRT Director Michael Smith. In this installment, Mike describes the process by which CSIRT delivers daily threat intelligence to our customers, along with the defensive measures needed to block attacks.

    Learn more
  • Bill Brenner and Michael Smith Discuss Akamai CSIRT

    Bill Brenner interviews CSIRT Director Michael Smith. They discuss the role of CSIRT in researching threats and vulnerabilities, as well as keeping customers and the wider public informed of defensive measures they can take.

    Learn more
  • The Flip Side of Bots and Crawlers – Matt Ringel Talks About Mitigating Bot Traffic

    A few months ago, Akamai Senior Enterprise Architect, David Senecal, wrote a post about ways to identify and mitigate unwanted bot traffic. In this episode, I went into more detail on the subject with Matt Ringel, an enterprise architect in Akamai's Professional Services team. Check out the related post, "Bots, Crawlers Not Created Equally".

    Learn more
  • Larry Cashdollar Discusses Akamai’s CSIRT Team

    Bill Brenner talks to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry discusses the mechanics of his job and the particular threats he and the team have been tracking and defending against.

    Learn more
  • Bill Brenner Interviews Meg Grady-Troia

    Bill Brenner talks to Meg Grady-Troia about her role in Akamai InfoSec, particularly the security training she does for new hires.

    Learn more