Akamai Technologies has unveiled both a new product, Web Application Protector, and important new capabilities in its existing Kona Site Defender solution. Together, the new product and enhanced capabilities are intended to provide online businesses with a choice of tools that can be used to defend against an ever changing threat landscape. Web Application Protector is designed to provide customers with low-touch and virtually maintenance-free protection from DDoS and web application attacks. The enhancements in Kona Site Defender are focused on providing greater protection for attacks targeted at Application Programming Interfaces (APIs)
Doing business on the web is inherently dangerous. Organizations face the risk of DDoS attacks that can render their web sites and applications unavailable, leading to loss of business and damage to reputation. Application layer attacks may lead to theft or destruction of customer or corporate data, creating significant difficulties for the business. Configuring and maintaining a Web Application Firewall to protect against these attacks can be difficult, time-consuming, and expensive. As a result, and despite the overwhelmingly apparent need for having effective web security strategies in place, many organizations continue to leave their web sites and applications exposed to attack. Even companies that believe they have deployed sufficient web security solutions may expose APIs to drive web and native mobile applications that are vulnerable to DDoS and parameter-based attacks.
The introduction of Web Application Protector makes available important protection for web properties against attacks, without requiring increasingly scarce security personnel or expensive security services to configure or maintain protection. Web Application Protector includes rules that are updated continuously by Akamai to protect customer sites without requiring customer intervention or approval.
Further, as APIs deliver an increasing percentage of Internet traffic, and are a crucial component of delivering native mobile applications, Akamai has bolstered its flagship web security solution, Kona Site Defender, with new API protections. These new capabilities are designed to protect individual APIs against exploits of known vulnerabilities such as SQL injection as well as Denial of Service by an excessive rate of calls and slow POSTs. Kona Site Defender offers an additional layer of protection for APIs with a positive security model that is designed to easily identify and block any abnormal access that may be attempting to exfiltrate data or otherwise cause harm or havoc. For security professionals who want to analyze security events generated on Akamai platform and correlate them with security events generated from other sources in their enterprise security information and event management (SIEM) systems, Kona Site Defender now features SIEM integration. This integration is offered as either an out of the box integration with major SIEM solutions or via an open API.
One organization protecting their business with Akamai is LiveChat, an online customer service software provider. According to Maciej Malesa, the company’s CIO, “Akamai's approach to web security is, in a nutshell, extremely well thought out. From the underlying platform, to the capabilities, to the analytics, Akamai’s Web Security Solutions give me what I need to keep our web sites and applications safe and accessible for our users.”
Specific features and capabilities in the new Web Application Protector include:
Application Layer Protections: The Akamai Threat Research team automatically updates application firewall “protection groups” which eliminates the need for customers to manage individual rules. New protection capabilities will be added without requiring configuration changes. Core protections against SQLi, XSS, RFI, LFI, CMDi attacks are included.
DDoS Protections: The solution is implemented as a reverse web-proxy that will automatically drop all non-HTTP and HTTPS traffic regardless of volume (at peak the Akamai Intelligent Platform has carried over 46 Tbps of traffic). Additional application layer rate controls, slow POST protection, and DoS protection group controls round out the DDoS protection capabilities.
Custom Rules: Web Application Protector allows customers to deploy up to 10 custom rules, providing the flexibility to address any application specific issues that can benefit from cloud-based protections.
Designed for Self-Service: Turnkey solution designed for ease of use provides the ability for most customers to fully manage the deployment and ongoing protection themselves without any dedicated resources.
“Change is the only constant in the threat landscape, and anyone doing business on the web needs to be prepared to adjust,” stated Josh Shaul, vice president, Web Security Product Management, Akamai. “Our Web Security Solutions are designed specifically to give customers and partners the tools they need to protect their web sites and applications from the myriad threats facing them every day.”