Older content on Akamai's security activities. Includes podcasts, articles, blog posts, documentation and more.
Patent: SSL Protection
Akamai's method and systems for protecting websites from public Internet threats.
Learn moreAccess Control
Akamai maintains a series of policies and procedures to manage the network that transmits customer data securely. We maintain and enforce a Deployed Network Access Policy outlining the controls, roles and responsibilities that ensure employees only have the access privileges necessary to do their jobs.
Learn moreSecure Software Development
What follows is a glimpse of the procedures Akamai uses to enhance security of software during the development process. It's a process all engineering teams follow to help minimize cases where instabilities may be introduced during the build process. While Akamai uses multiple QA tests, the entire Internet sometimes exercises edge cases that only apply to one geographic area, ISP or customer.
Learn moreMaking Documents Public
One of the goals of Akamai InfoSec is to make as much of our compliance documentation as public as possible. To get there, customer feedback will be crucial in determining which documents to tackle first.
Learn moreSecure Content Delivery Network
How Akamai secures the content it provides on behalf of customers.
Learn moreSecurity Standards and Regulations at a Glance
A glossary of the various regulations and industry standards, including brief descriptions of each.
Learn moreA Primer on Akamai Compliance
Detailed descriptions of the regulations and standards Akamai complies with.
Learn moreAkamai Services
This document outlines the definitions, billing methodologies, service descriptions and additional terms surrounding the use of our products and services.
Learn moreSteep Road to FedRamp
Yesterday was a big day around here. Akamai achieved Federal Risk and Authorization Management Program (FedRAMP) compliance as a cloud services provider.
Learn moreFour FedRAMP Questions
For a look at how we reached FedRAMP certification, I spoke with Akamai InfoSec's Kathryn Kun, the program manager who played a critical role in getting us certified.
Learn moreSecurity and Compliance 101
Chief Security Officer, Andy Ellis, gives a brief overview of security and compliance and what they mean to Akamai. Andy's overview includes common terms along with definitions and an overview of common standards and their components.
Learn moreExperiencing Compliance from the Inside Out
Bill Brenner's early lesson in how Akamai does compliance.
Learn moreLessons from Akamai InfoSec Training
How our compliance efforts shape the training of new employees.
Learn moreAbabil Phase 2
Report on the second phase of the Operation Ababil campaign waged by the hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters.
Learn moreBackdoor Trojans and RATs
Akamai's CSIRT team advises companies to check their systems for web shells, executable code running on a server that gives attackers remote access to a variety of critical functions.
Learn moreWatering-Hole Attacks
A look at "watering-hole" attacks and what Akamai's CSIRT team has learned in tracking them.
Learn moreDissecting Operation Ababil
Operation Ababil has been a thorn in the side of financial institutions this past year, costing victims both business and sleep. At Akamai Edge, we talked a lot about the attacks -- particularly the lessons we've learned and the fresh security measures companies have put in place.
Learn moreSEA Attacks & DNS Security
The Syrian Electronic Army (SEA) -- a pro-Assad hacking group -- is making misery for some of the biggest entities on the Internet.
Learn moreManipulating PHP Superglobal Variables
How attackers are able to use vulnerabilities in PHP applications to exploit superglobals -- pre-defined variables in PHP -- to launch malicious code.
Learn moreDDoS Attacks as Cover
Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales. But sometimes, these attacks are simply a cover operation to distract the victim while something else is going on.
Learn moreBypassing Content Delivery Security
As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason that we provide this as a service to our customers.
Learn moreSecurity Kahuna Podcast, 10-14
Bill Brenner, Dave Lewis and Martin McKeay ponder the explosion of critical vulnerabilities like Poodle, Shellshock and Heartbleed.
Learn moreThird-Party Attacks
Bill Brenner talks to Akamai CSIRT researcher Mike Kun about the rise of third-party attacks.
Learn moreShellshock Bash Explained
Akamai's Martin McKeay, Michael Smith and Bill Brenner discuss the Shellshock Bash bug and what Akamai is doing to keep customers secure.
Learn moreInside the PLXsert
Bill Brenner and Akamai PLXsert Manager David Fernandez discuss the latest attack research from his team.
Learn moreSecurity Kahuna Podcast, Episode 3
Akamai's Bill Brenner, Dave Lewis and Martin McKeay discuss the pros and cons of Google Glass Detector, software designed to detect Google Glass and boot it from any local Wi-Fi network. They also discuss the iCloud/4Chan controversy and look ahead to upcoming security conferences.
Learn moreMeet the InfoSec Interns
Bill Brenner interviews three interns who spent the summer working with the InfoSec team. A look at their projects and where they hope to go from here.
Learn moreSecurity Kahuna Podcast, Episode 2
Bill Brenner, Martin McKeay, Dave Lewis and some special guests report from Las Vegas during Black Hat, BSidesLV and DEF CON 2014.
Learn moreAkamai’s Israeli Research Division
Bill Brenner talks to Adi Ludmer, one of our researchers in Tel Aviv, about the nature of his team's work.
Learn moreSecurity Kahuna Podcast, Episode 1
In the first episode of the Security Kahuna Podcast, Bill Brenner, Dave Lewis and Martin McKeay discuss the big security issues of the day.
Learn moreOnline Extortion and World Cup Risks
Bill Brenner talks to CSIRT researcher Mike Kun about the latest threats his team is monitoring, including online extortion attempts and possible disruptions during the World Cup.
Learn moreCSO Andy Ellis on Heartbleed
Akamai's CSO and Bill Brenner discuss the company's response to Heartbleed, including lessons learned and next steps.
Learn moreCyber Competition in Review
Bill Brenner and Kathryn Kun review the recent Northeast Collegiate Cyber Defense Competition (NECCDC).
Learn moreHumanity in Security
Bill Brenner and Christian Ternus discuss Humanity in Security, an Akamai effort to address burnout, depression and stress in the security community.
Learn moreRSAC 2014 in Review
Bill Brenner, Stuart Scholly, SVP and General Manager of Akamai's Security Business Unit, Akamai CSO Andy Ellis and Program Manager Meg Grady-Troia recap RSA Conference 2014.
Learn moreBrian Bourne and SecTOR
Bill Brenner finishes off a series on volunteers in the security community - particularly those who organize and volunteer at security conferences around the world. His guest is Brian Bourne, co-founder of the Security Education Conference in Toronto, more popularly known as SecTor. Bourne is also president of CMS Consulting Inc.
Learn moreJoshua Marpet and InfoSec Activism
Air Comm Networks CTO Joshua Marpet discusses the importance of volunteering at security conferences and what kind of role he plays at such events. He also talks about the growing family atmosphere at the conferences - including the steady increase in activities for children.
Learn moreJames Arien at #ShmooCon 2014
At the 2014 ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.
Learn moreBill Brenner and Martin McKeay Discuss Web Security
This week's episode is with Akamai Senior Security Advocate Martin McKeay. He's an old friend with more than a decade of experience in information security. At Akamai, he spreads awareness about security and privacy, helping customers understand our approach to both.
Learn moreBill Brenner Talks With Dave Lewis
In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca, on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.
Learn moreBill Brenner and Michael Smith Discuss Akamai CSIRT – Part 2
Bill Brenner continues his discussion with CSIRT Director Michael Smith. In this installment, Mike describes the process by which CSIRT delivers daily threat intelligence to our customers, along with the defensive measures needed to block attacks.
Learn moreBill Brenner and Michael Smith Discuss Akamai CSIRT
Bill Brenner interviews CSIRT Director Michael Smith. They discuss the role of CSIRT in researching threats and vulnerabilities, as well as keeping customers and the wider public informed of defensive measures they can take.
Learn moreThe Flip Side of Bots and Crawlers – Matt Ringel Talks About Mitigating Bot Traffic
A few months ago, Akamai Senior Enterprise Architect, David Senecal, wrote a post about ways to identify and mitigate unwanted bot traffic. In this episode, I went into more detail on the subject with Matt Ringel, an enterprise architect in Akamai's Professional Services team. Check out the related post, "Bots, Crawlers Not Created Equally".
Learn moreLarry Cashdollar Discusses Akamai’s CSIRT Team
Bill Brenner talks to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry discusses the mechanics of his job and the particular threats he and the team have been tracking and defending against.
Learn moreBill Brenner Interviews Meg Grady-Troia
Bill Brenner talks to Meg Grady-Troia about her role in Akamai InfoSec, particularly the security training she does for new hires.
Learn more