Akamai Fortifies Web Security Solutions Portfolio

by February 23, 2017 0 comments

Akamai Technologies, Inc. unveils a new product, Web Application Protector, as well as added new capabilities to its existing Kona Site Defender solution. Together, the new product and enhanced capabilities are intended to provide online businesses with a choice of tools that can be used to defend against an ever-changing threat landscape.

Web Application Protector is designed to provide customers with low-touch and virtually maintenance-free protection from DDoS and web application attacks. The enhancements in Kona Site Defender are focused on providing greater protection for attacks targeted at Application Programming Interfaces (APIs)

Doing business on the web is inherently dangerous. Organizations face the risk of DDoS attacks that can render their web sites and applications unavailable, leading to loss of business and damage to reputation. Application layer attacks may lead to theft or destruction of customer or corporate data, creating significant difficulties for the business. Configuring and maintaining a Web Application Firewall to protect against these attacks can be difficult, time-consuming, and expensive. As a result, and despite the overwhelmingly apparent need for having effective web security strategies in place, many organizations continue to leave their web sites and applications exposed to attack. Even companies that believe they have deployed sufficient web security solutions may expose APIs to drive web and native mobile applications that are vulnerable to DDoS and parameter-based attacks.

The introduction of Web Application Protector makes available important protection for web properties against attacks, without requiring increasingly scarce security personnel or expensive security services to configure or maintain protection. Web Application Protector includes rules that are updated continuously by Akamai to protect customer sites without requiring customer intervention or approval.

Further, as APIs deliver an increasing percentage of Internet traffic, and are a crucial component of delivering native mobile applications, Akamai has bolstered its flagship web security solution, Kona Site Defender, with new API protections. These new capabilities are designed to protect individual APIs against exploits of known vulnerabilities such as SQL injection as well as Denial of Service by an excessive rate of calls and slow POSTs. Kona Site Defender offers an additional layer of protection for APIs with a positive security model that is designed to easily identify and block any abnormal access that may be attempting to exfiltrate data or otherwise cause harm or havoc. For security professionals who want to analyze security events generated on Akamai platform and correlate them with security events generated from other sources in their enterprise security information and event management (SIEM) systems, Kona Site Defender now features SIEM integration. This integration is offered as either an out of the box integration with major SIEM solutions or via an open API.

Specific features and capabilities in the new Web Application Protector include:

Application Layer Protections: The Akamai Threat Research team automatically updates application firewall “protection groups” which eliminates the need for customers to manage individual rules. New protection capabilities will be added without requiring configuration changes. Core protections against SQLi, XSS, RFI, LFI, CMDi attacks are included.

DDoS Protections: The solution is implemented as a reverse web-proxy that will automatically drop all non-HTTP and HTTPS traffic regardless of volume (at peak the Akamai Intelligent Platform has carried over 46 Tbps of traffic). Additional application layer rate controls, slow POST protection, and DoS protection group controls round out the DDoS protection capabilities.

Custom Rules: Web Application Protector allows customers to deploy up to 10 custom rules, providing the flexibility to address any application specific issues that can benefit from cloud-based protections.

Designed for Self-Service – Turnkey solution designed for ease of use provides the ability for most customers to fully manage the deployment and ongoing protection themselves without any dedicated resources.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.