Posts tagged ‘Bill Brenner’

Coming Soon: New Security Whiteboard Videos

September 23, 2014 3:40 am


Last year, we released a bunch of videos containing security whiteboard lessons on a variety of topics. This Thursday we shoot four new episodes.

Below is a preview of each episode.
  • To see previous security whiteboard videos, go here and here.

Incident Management 101
At every company, Akamai included, incidents happen daily. Despite strong controls, it’s inevitable that problems will arise when — in our case — so much content is being handled, processed and distributed within Akamai and on behalf of customers. Bill Brenner will walk viewers through the incident management process Akamai uses to minimize problems and maintain security.

Vulnerability Assessment vs. Penetration Testing
Vulnerability assessment and pen testing both deal with finding and fixing security holes. But they are not the same thing. Patrick Laverty will walk viewers through the differences between the two.

FedRAMP 101
James Salerno will tell viewers about FedRAMP — why it was created and why it’s become an important part of Akamai’s security and compliance process.

SSL Certificate Security and Trust
Meg-Grady Troia will teach viewers about the SSL certificate system and some of its strengths and weaknesses.

Next month, we’ll shoot a fifth video, where CSO Andy Ellis walks through one of the data centers housing Akamai servers and explains the myriad security procedures in place to protect those deployments.

Security Kahuna Podcast, Episode 3

September 10, 2014 4:02 am

1 karma points

Akamai’s Bill Brenner, Dave Lewis and Martin McKeay discuss the pros and cons of Google Glass Detector, software designed to detect Google Glass and boot it from any local Wi-Fi network. They also discuss the iCloud/4Chan controversy and look ahead to upcoming security conferences.

  • Listen to the full episode

1 karma points
Podcast: Tom Leighton on Danny Lewin, Akamai’s Security Goals

September 9, 2014 4:00 am

Last year I launched the Akamai Security Podcast. Episode 1 was an interview with Akamai CEO Tom Leighton, who discussed the legacy of Co-Founder Danny Lewin, Akamai’s role on 9-11-01, and his vision of Akamai as a major player in the security industry. This week being the anniversary of 9-11, it seems appropriate to re-share.

Listen HERE.

Related content:

9-11 Anniversary: Danny Lewin’s Life and Legacy
Internet Security Central To Danny Lewin’s Legacy

Public Compliance Docs: The List So Far (Updated Sept. 4)

September 4, 2014 8:25 am


As previously noted, Akamai InfoSec has been working to make its most sought after compliance documents publicly available. The goal is to make it easier for customers to access the answers they regularly seek, and also to show potential new customers how we operate.

We’re building the foundation in the form of a compliance page on the Akamai Security microsite, and hope to publish up to two fresh public docs a month. What follows is a list of what we’ve done so far.

Account for Risk in your ROI for Web Application Firewalls

August 26, 2014 12:57 pm


Earlier this week, we published a new white paper titled, “Weighing Risk Against the Total Cost of a Data Breach,” on Ordinarily, a white paper wouldn’t be a particularly interesting subject for a blog post, but this one explores a topic that has generated a lot of questions from our customers – how do I financially justify a Web application firewall solution to my management?
We normally get this question from technology people who know that they need a solution to protect their Web applications against bad things like SQL injections, cross-site scripting, or remote file inclusions, but don’t know how to tie that protection to the business goals that their upper management cares about. This question is particularly vexing because a Web application firewall doesn’t follow the same ROI model that our customers are used to using when evaluating a technology solution. A Web application firewall doesn’t increase revenue, productivity, or customer engagement. Nor does it reduce CAPEX or OPEX in a regular, predictable manner.

What a Web application firewall does do is reduce risk. It reduces the risk of a harmful event occurring – in this case, of a data breach that can present a financial cost several orders of magnitude greater than of the solution itself. The white paper dives into all of the different sources that can contribute to that cost and offers a simple (and industry-accepted) formula to estimate it up front.

Does it provide an exact calculation of those costs? No – we’ve found that this is different for every customer and varies between industries, size of organization and region or geography. For example, in the US (and in Europe), the costs are particularly high, while in Asia the costs are more contained but seem to be rising.

Does implementing a solution guarantee that a data breach will never occur? Again, no – Bill Brenner recently made a great post that, while tongue-in-cheek, tried to explain that no security solution is ever 100 percent effective. In addition, we’ve seen that attackers utilize a variety of methods to get past IT defenses, including social engineering tactics like spear phishing, malware installed at the point of sale, as well as exploiting vulnerabilities of Web applications. However, Verizon’s 2014 Data Breach Investigations Report showed that more data breaches went through the Web application in 2013 (35 percent) than any other category, making it the largest risk to organizations and the area that we recommend our customers address first.

What the white paper does is present a method through which you can estimate the financial cost of a business-threatening event against your organization, allowing you to then weigh that against the cost of a solution and the risk that such an event will occur. This can be a great resource to help justify the purchase of a Web application firewall that can help you better protect your data. Because at the end of the day, a Web application firewall is all about reducing the risk and possible financial impact of a data breach, and having a better understanding of the financial impact and a sound method to estimate it upfront can only lead to a more informed decision.