Akamai: How to Defend in the Cybersecurity Battlefield

Akamai has been tracking how cybersecurity threats and the risks they pose are changing – hardly surprising for a company that protects up to 30% of global internet traffic and large business customers every day.

By closely monitoring internet traffic and using special detection technologies, it has found an increasingly complex threat environment that, in 2024, included everything from basic botnets using stolen passwords to large-scale hacking groups exploiting new software vulnerabilities. 

For defenders, those cybersecurity practitioners on the frontline of combating, mitigating and repelling threats, the landscape is more diverse and sophisticated. This makes defence more challenging than ever. 

Recognising this, Akamai has compiled The Defender’s Guide, a first-of-its-kind resource for cybersecurity leaders that the company says ‘cuts through the noise to speak directly to people on the front lines’. 

The guide brings together the expertise across Akamai’s security research teams including researchers, operations professionals, product architects, data scientists and internet responders. The company says its goal is to provide practical intelligence and ‘arm businesses with the real-world strategies necessary to protect your systems in 2025’s increasingly complex battlefield’. 

Security in depth

Akamai maps its research to the security-in-depth framework, a cybersecurity strategy that involves mapping multiple layers of security controls to protect an organisation’s data and systems. It typically includes physical security, network security, application security and user access controls. It also involves using analytics to identify concealed threats and identify defensive effectiveness. 

Within this context, Akamai focuses on three core areas impacting cybersecurity on a daily basis: 

• Risk management: identifies, assesses and mitigates threats based on the likelihood and impact to reduce vulnerability.
• Network architecture: layered security to create defence barriers and contain breaches. 
• Host security: protects individual devices to prevent unauthorised access and malware at endpoints.  

The company researched risk scoring, recognising that while it is widely agreed to be useful, its execution and delivery are very challenging.

It finds that an effective risk-scoring methodology is based on maximising impact and minimising resources and involves several key factors including correctly defining risk, determining app importance, applying the appropriate mitigations and evaluating complexity effectively. 

One of the key threats to an organisation is its internet-facing servers and its services, which provide attackers with a direct way to compromise the business.

Akamai also analyses internal network exposure and suggests that only a small fraction of servers should be reached by large portions of the network – it says that ‘infrastructure servers should be protected with special care because of their potential impact on the security of the organisation’.

The scope and effectiveness of malware attacks are evolving rapidly, with the rise of AI providing attackers with more powerful tools that are simpler to use. This results in a more unpredictable and dangerous digital threat landscape facing companies. 

Akamai finds easy ways for botnets like NoaBot, FritzFrog and RedTail to breach and infect networks at scale.

Common ports and services targeted include server message block (58%), remote desktop protocol (14.5%) and secure shell (12.9%).

To mitigate against these types of attacks organisations should employ network mapping and segmentation capable of identifying, isolating and limiting access to and from critical systems. 

Other effective strategies and approaches include software-based segmentation, process-level policies to reduce attack services and adding a multi-layered approach to cybersecurity. 

Building a proactive strategy

Akamai also highlights a rise in VPN abuse, noting that VPNs that serve as critical network entry points present significant architectural vulnerabilities that sophisticated threat actors are exploiting.

During 2024, several well-reported attacks on VPNs occurred, including in Ivanti Connect Secure and Palo Alto PAN-OS.

Monitoring VPN appliances to detect attacks and breaches is challenging for organisations, but Akamai sets out several mitigation strategies for limiting the impacts of successful attacks. 

These include monitoring configuration changes, limiting service account permissions, using dedicated identities for VPN authentication and employing zero-trust network access. 

While the threat environment represents a significant challenge for cybersecurity leaders moving forward, the guide sets out a four-step approach to defence that combines proactive measures with a reactive response.

This covers:

1. Implementing basic hygiene everywhere, including regular system updates, strong access controls, adherence to security best practices and a focus on delivering the fundamentals in the most effective way.
2. Consistently layering the enterprise environment behind security platforms to create a robust defence-in-depth strategy capable of repelling a broad scope of cyber threats. 
3. Focusing on business-critical services such as the systems and data that, if compromised, would severely damage the organisation.
4. Working with a trusted incident response team or partner to maximise the potential of collaboration.

Roger Barranco, Vice President of Global Security Operations at Akamai, states: “The four-step strategy isn’t just theoretical — it’s battle-tested in the trenches of real-world cyber conflicts. 

“By implementing these measures, organisations significantly enhance their cybersecurity posture by ensuring that they’re well-equipped to navigate the complex digital world — ready to decline unnecessary ‘invitations’ and to withstand inevitable ‘punches’.”

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand