The Akamai Blog

In our update to Guardicore Hunt see how you can enhance your ransomware protections as well as Zero Trust.

The increased use of smart devices, improved connectivity, and today’s hyper demanding customers are driving the need for digital transformation in the finance sector. Emerging technologies like open banking are creating new opportunities for both incumbent banks and fintechs.

The first-ever Akamai EdgeWorkers Coding Challenge gave participants the opportunity to harness the power and potential of serverless computing using the Akamai Intelligent Edge Platform. Winning developer teams built functions using Akamai EdgeWorkers and EdgeKV products that ranged from DNS acceleration and cost-reducing traffic efficiencies to personalized experiences for news and cloud gaming.

During the pandemic, organizations became more geographically dispersed, even if that only means people working from home instead of the office. As businesses begin to open up again, the trend is leaning toward mobility as a means to support a hybrid working environment, in which employees have more flexibility to work wherever it suits them best. The remote user, who was once the exception, has become the norm.

Over the past five years, we’ve grown Akamai’s security portfolio from point solutions into a comprehensive platform that provides defense in depth to address our customers’ biggest threats. The unique breadth of our defenses is important to our customers who want the most effective security capabilities, and more of them from fewer vendors.

“Wellness” is something that many employers are racing to embrace. Good for both their organizations and their people, wellness is an investment in creating a happier and more engaged workforce, as well as reducing the effects of stress and burnout. It has the potential to increase productivity, foster ideas, and reconnect to a sense of purpose – for both individuals and the business.

National Hispanic American Heritage Month (September 15 to October 15) is a time to recognize the achievements and contributions of trailblazing Hispanic Americans whose legacies have inspired the world. Akamai stands with our American colleagues whose ancestors came from Spain, Mexico, the Caribbean, and Central and South America in celebrating those achievements. And with groups like the Ohana ERG, we’re able to use this month to share insights that help make our company a better place to be.

One of the greatest signs of the success of the internet as a technology is how little the average person thinks about it. I’m not talking about the content itself. The streaming videos, online shopping sites, news and educational content, workplace productivity tools, and many other pieces of content we view and interact with online garner a great deal of attention. I’m instead talking about what’s involved in getting that content delivered reliably, quickly, and securely to a device.

Building incredible digital experiences often involves leveraging serverless edge computing, microservices-based architectures, IaaS environments, client-side functionality, and APIs. These modern development practices, while designed to produce highly personalized, fast, and always-on user experiences, also inextricably introduce new vulnerabilities and risks.

With Wednesday’s sweeping cybersecurity mandates issued by the Biden administration, patching Common Vulnerabilities and Exposures (CVEs) are top of mind — for both federal and private-sector companies alike — to help prevent damaging intrusions. Intensifying the pressure surrounding the latest round of mandates, federal agencies are required to address high-risk vulnerabilities discovered in 2021 within two weeks. However, for the vast majority of organizations and their security teams, addressing every critical vulnerability at the software or infrastructure level quickly is not feasible. Instead, many enterprise defenders look to virtual patching via solutions like WAF policy updates and rule changes as a quick fix to help reduce immediate risk, while longer-term software updates are issued.

Ransomware attacks increased by over 150% in 2020. As criminals find new ways to attack networks and systems, protect work-from-home employees with Akamai.

November is here. Now it’s crunch time. Hopefully, implementing the solutions in parts one through three of this series has kept you busy over the last few months. In those articles, we covered security, flash crowd management, disaster recovery, and performance optimization checklists. If you are not in a code freeze yet, work with your Akamai account team to review the content to determine what features you still have time to enable.

During the pandemic, it was reassuring to see businesses demonstrating resilience and enabling remote working for their employees — in some cases, practically overnight. As businesses slowly reopen their doors, it is clear that many things have changed, key amongst them the increasing risks to the enterprise network as more work is carried out from mobile devices.

For decades, Akamai has been focused on solving tough problems for our customers. We started by addressing the challenges of the “World Wide Wait,” and quickly started to leverage our edge network’s scale, proximity to users, and expert operations staff to mitigate security threats for our customers. Today, Akamai has category-leading solutions including DDoS, web app and API protection, bot management, and Zero Trust Network Access. Given the incredible surge in ransomware attacks, we are excited to be adding Zero Trust segmentation to our portfolio through the acquisition of Guardicore.

Last year, Akamai released research on obfuscation techniques being used by cybercriminals to create malicious JavaScript. The code is unreadable, un-debuggable, and as a result, much more challenging to analyze and detect.

Microsoft Bing today announced the rollout of IndexNow, a new protocol designed in conjunction with Yandex that can allow “websites to easily notify search engines whenever their website content is created, updated, or deleted.” The goal is to reduce the amount of time it takes for search engines to discover and index website changes — a process often measured in days and even weeks — to mitigate traffic loss and the potential adverse effects on customers and even revenues.

Akamai mPulse is a real user monitoring solution, providing detailed information about the user experiences delivered by your web applications. mPulse can be configured within your Akamai property to automatically start collecting data from your customer visits. This initial setup will gather the data required to use advanced features in Adaptive Acceleration such as Script Manager, Automatic Server Push, and Automatic Preconnect.

Breaking news: we just completed an 850-user pilot with Akamai MFA. In this blog, the first in a series, I’ll explain why we switched to Akamai MFA, how we ran our pilot, and employee feedback so far. Check back for my next blog, when we’re midway through our global deployment. A burglar checks for open windows. Neglecting to lock just one is like leaving the door wide open. In the same way, cyber attackers look for the easiest user accounts to take over — whether that’s network access credentials, email, on-premise applications, or cloud/SaaS applications. If they’re lucky, they can also use the stolen credentials to breach other systems, an action known as lateral movement.

On September 29, Ash Daulton, along with the cPanel Security Team, reported a path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.29 to the Apache security team. The issue was fixed within two days, under CVE-2021-41773, and the patch was released on October 4. Apache urged to deploy the fix, as it is already being actively exploited.

Every day, Akamai’s Threat Research team tracks and mitigates phishing attack campaigns to help keep our customers — and their reputations — protected. Recently, they tracked an orchestrated attack campaign comprising more than 9,000 domains and subdomains, mainly targeting victims located in China. The phishing scam was abusing more than 15 high-profile and trusted brands spanning ecommerce, travel, and food & beverage industries. By using well-known brand names, the threat actors attempted to engage victims to participate in a quiz that, once completed, would result in winning an attractive prize. Akamai refers to this malicious modus operandi as a “question quiz” phishing attack campaign.