Archives

Older content on Akamai's security activities. Includes podcasts, articles, blog posts, documentation and more.

Security Compliance

Patent: SSL Protection
Akamai's method and systems for protecting websites from public Internet threats.

Learn more
Access Control
Akamai maintains a series of policies and procedures to manage the network that transmits customer data securely. We maintain and enforce a Deployed Network Access Policy outlining the controls, roles and responsibilities that ensure employees only have the access privileges necessary to do their jobs.

Learn more
Secure Software Development
What follows is a glimpse of the procedures Akamai uses to enhance security of software during the development process. It's a process all engineering teams follow to help minimize cases where instabilities may be introduced during the build process. While Akamai uses multiple QA tests, the entire Internet sometimes exercises edge cases that only apply to one geographic area, ISP or customer.

Learn more
Making Documents Public
One of the goals of Akamai InfoSec is to make as much of our compliance documentation as public as possible. To get there, customer feedback will be crucial in determining which documents to tackle first.

Learn more
Secure Content Delivery Network
How Akamai secures the content it provides on behalf of customers.

Learn more
Security Standards and Regulations at a Glance
A glossary of the various regulations and industry standards, including brief descriptions of each.

Learn more
A Primer on Akamai Compliance
Detailed descriptions of the regulations and standards Akamai complies with.

Learn more
Akamai Services
This document outlines the definitions, billing methodologies, service descriptions and additional terms surrounding the use of our products and services.

Learn more
Steep Road to FedRamp
Yesterday was a big day around here. Akamai achieved Federal Risk and Authorization Management Program (FedRAMP) compliance as a cloud services provider.

Learn more
Four FedRAMP Questions
For a look at how we reached FedRAMP certification, I spoke with Akamai InfoSec's Kathryn Kun, the program manager who played a critical role in getting us certified.

Learn more
Security and Compliance 101
Chief Security Officer, Andy Ellis, gives a brief overview of security and compliance and what they mean to Akamai. Andy's overview includes common terms along with definitions and an overview of common standards and their components.

Learn more
Experiencing Compliance from the Inside Out
Bill Brenner's early lesson in how Akamai does compliance.

Learn more
Lessons from Akamai InfoSec Training
How our compliance efforts shape the training of new employees.

Learn more

Security Research

Ababil Phase 2
Report on the second phase of the Operation Ababil campaign waged by the hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters.

Learn more
Backdoor Trojans and RATs
Akamai's CSIRT team advises companies to check their systems for web shells, executable code running on a server that gives attackers remote access to a variety of critical functions.

Learn more
Indonesian Attack Traffic
Indonesia replaces China as the top producer of attack traffic.

Learn more
Watering-Hole Attacks
A look at "watering-hole" attacks and what Akamai's CSIRT team has learned in tracking them.

Learn more
Dissecting Operation Ababil
Operation Ababil has been a thorn in the side of financial institutions this past year, costing victims both business and sleep. At Akamai Edge, we talked a lot about the attacks -- particularly the lessons we've learned and the fresh security measures companies have put in place.

Learn more
SEA Attacks & DNS Security
The Syrian Electronic Army (SEA) -- a pro-Assad hacking group -- is making misery for some of the biggest entities on the Internet.

Learn more
Manipulating PHP Superglobal Variables
How attackers are able to use vulnerabilities in PHP applications to exploit superglobals -- pre-defined variables in PHP -- to launch malicious code.

Learn more
DDoS Attacks as Cover
Protecting customers from DDoS attacks is an Akamai InfoSec specialty. When we see DDoS attempts against our customers, the typical thinking is that someone is doing it to force sites into downtime, which can cost a business millions in lost online sales. But sometimes, these attacks are simply a cover operation to distract the victim while something else is going on.

Learn more
Bypassing Content Delivery Security
As is true of every year at Black Hat there are some talks that catch our attention. Talks range from the well thought out research papers to those of the narcissistic vulnerability pimps. This year was no exception. A talk entitled "Denying Service to DDoS Protection Services" by Allison Nixon is a presentation which fell into the well thought out column. This talk caught our attention for the obvious reason that we provide this as a service to our customers.

Learn more

Podcasts

Security Kahuna Podcast, 10-14
Bill Brenner, Dave Lewis and Martin McKeay ponder the explosion of critical vulnerabilities like Poodle, Shellshock and Heartbleed.

Learn more
Third-Party Attacks
Bill Brenner talks to Akamai CSIRT researcher Mike Kun about the rise of third-party attacks.

Learn more
Shellshock Bash Explained
Akamai's Martin McKeay, Michael Smith and Bill Brenner discuss the Shellshock Bash bug and what Akamai is doing to keep customers secure.

Learn more
Inside the PLXsert
Bill Brenner and Akamai PLXsert Manager David Fernandez discuss the latest attack research from his team.

Learn more
Security Kahuna Podcast, Episode 3
Akamai's Bill Brenner, Dave Lewis and Martin McKeay discuss the pros and cons of Google Glass Detector, software designed to detect Google Glass and boot it from any local Wi-Fi network. They also discuss the iCloud/4Chan controversy and look ahead to upcoming security conferences.

Learn more
Meet the InfoSec Interns
Bill Brenner interviews three interns who spent the summer working with the InfoSec team. A look at their projects and where they hope to go from here.

Learn more
Security Kahuna Podcast, Episode 2
Bill Brenner, Martin McKeay, Dave Lewis and some special guests report from Las Vegas during Black Hat, BSidesLV and DEF CON 2014.

Learn more
Akamai’s Israeli Research Division
Bill Brenner talks to Adi Ludmer, one of our researchers in Tel Aviv, about the nature of his team's work.

Learn more
Security Kahuna Podcast, Episode 1
In the first episode of the Security Kahuna Podcast, Bill Brenner, Dave Lewis and Martin McKeay discuss the big security issues of the day.

Learn more
Online Extortion and World Cup Risks
Bill Brenner talks to CSIRT researcher Mike Kun about the latest threats his team is monitoring, including online extortion attempts and possible disruptions during the World Cup.

Learn more
CSO Andy Ellis on Heartbleed
Akamai's CSO and Bill Brenner discuss the company's response to Heartbleed, including lessons learned and next steps.

Learn more
Cyber Competition in Review
Bill Brenner and Kathryn Kun review the recent Northeast Collegiate Cyber Defense Competition (NECCDC).

Learn more
Humanity in Security
Bill Brenner and Christian Ternus discuss Humanity in Security, an Akamai effort to address burnout, depression and stress in the security community.

Learn more
RSAC 2014 in Review
Bill Brenner, Stuart Scholly, SVP and General Manager of Akamai's Security Business Unit, Akamai CSO Andy Ellis and Program Manager Meg Grady-Troia recap RSA Conference 2014.

Learn more
Brian Bourne and SecTOR
Bill Brenner finishes off a series on volunteers in the security community - particularly those who organize and volunteer at security conferences around the world. His guest is Brian Bourne, co-founder of the Security Education Conference in Toronto, more popularly known as SecTor. Bourne is also president of CMS Consulting Inc.

Learn more
Joshua Marpet and InfoSec Activism
Air Comm Networks CTO Joshua Marpet discusses the importance of volunteering at security conferences and what kind of role he plays at such events. He also talks about the growing family atmosphere at the conferences - including the steady increase in activities for children.

Learn more
James Arien at #ShmooCon 2014
At the 2014 ShmooCon conference, industry leader James Arlen discussed the need for better business etiquette among security practitioners.

Learn more
Bill Brenner and Martin McKeay Discuss Web Security
This week's episode is with Akamai Senior Security Advocate Martin McKeay. He's an old friend with more than a decade of experience in information security. At Akamai, he spreads awareness about security and privacy, helping customers understand our approach to both.

Learn more
Bill Brenner Talks With Dave Lewis
In this episode of the Akamai Security Podcast, I talk to colleague, friend and Security Advocate Dave Lewis (@gattaca, on Twitter). We talk about the past, present and future of his Liquidmatrix site, life in his new role and the big issues he's helping customers address. We also talk about all the blogging he's doing over at CSOonline.com.

Learn more
Bill Brenner and Michael Smith Discuss Akamai CSIRT – Part 2
Bill Brenner continues his discussion with CSIRT Director Michael Smith. In this installment, Mike describes the process by which CSIRT delivers daily threat intelligence to our customers, along with the defensive measures needed to block attacks.

Learn more
Bill Brenner and Michael Smith Discuss Akamai CSIRT
Bill Brenner interviews CSIRT Director Michael Smith. They discuss the role of CSIRT in researching threats and vulnerabilities, as well as keeping customers and the wider public informed of defensive measures they can take.

Learn more
The Flip Side of Bots and Crawlers – Matt Ringel Talks About Mitigating Bot Traffic
A few months ago, Akamai Senior Enterprise Architect, David Senecal, wrote a post about ways to identify and mitigate unwanted bot traffic. In this episode, I went into more detail on the subject with Matt Ringel, an enterprise architect in Akamai's Professional Services team. Check out the related post, "Bots, Crawlers Not Created Equally".

Learn more
Larry Cashdollar Discusses Akamai’s CSIRT Team
Bill Brenner talks to Larry Cashdollar, a senior security response engineer on our CSIRT team. Larry discusses the mechanics of his job and the particular threats he and the team have been tracking and defending against.

Learn more
Bill Brenner Interviews Meg Grady-Troia
Bill Brenner talks to Meg Grady-Troia about her role in Akamai InfoSec, particularly the security training she does for new hires.

Learn more

OVERVIEW

What We Do

INTELLIGENT PLATFORM

Our Cloud Delivery Platform

FREE TRIALS

Try Us Free

FEATURED

What's new with the Akamai Intelligent Edge Platform™

SECURITY

Security Solutions

WEB PERFORMANCE

Web Performance Solutions

MEDIA DELIVERY

Media Delivery Solutions

NETWORK OPERATOR

Network Operator Solutions

SERVICES

Services

DEVELOPERS

Akamai for DevOps

FEATURED

Security Solutions

CASE STUDIES

Customer Case Studies

INSIGHTS

Internet Observatory

REPORT

State of the Internet Report

DOCUMENT LIBRARY

Our Library

CDN LEARNING CENTER

About Content Delivery Networks (CDNs)

GLOSSARY

Cloud Computing Glossary

DOCUMENTATION

Technical Documentation

FOR DEVELOPERS

For Developers

AKAMAI BLOG

Akamai Blog

COMMUNITY

Community

FEATURED

Our Library

GET IN TOUCH

Global Support Phone Numbers

SUPPORT

Support Resources

UNDER ATTACK

Are You Under Attack?

UNDER ATTACK

Are You Under Attack?

LOCATIONS

Our Offices

UNDER ATTACK

Are You Under Attack?

Chat with Sales

Email Us

Security Compliance

Security Research

Podcasts