Akamai currently provides web security solutions to more than 300 enterprises – including financial institutions, retailers, government agencies, and media and entertainment companies organizing today’s most high-profile events – and has seen a more than 140 percent increase in customers taking advantage of Akamai security solutions from 2010 to 2011. And while many organizations still wish to pair acceleration with web security in order to give users of primary sites and web applications an optimal experience, an increasing number find that the requirement for protection from DDoS and application layer attacks applies to a much broader number of their web properties. The availability of Kona Site Defender makes it possible for these organizations to more easily protect web sites from attack without requiring the purchase of acceleration and optimization services.
“Attackers don't stay on one layer anymore; they tend to include both network and application-based techniques, which makes defending against them more complicated,” said Wendy Nather, research director of 451 Research's Enterprise Security Practice. “Enterprises are looking for resilient defense that takes advantage of the provider's experience with large volumes of these kinds of attacks.”
At the foundation of Akamai’s security offerings is the massively distributed Akamai Intelligent Platform™ that is designed to provide not only unmatched scale but also automatic protection against network layer attacks. Because the Akamai Intelligent Platform is designed to only accept valid HTTP/S requests on port 80 and port 443, network layer attacks such as TCP SYN floods, UDP floods, and other network packet based attacks are deflected. The Akamai Intelligent Platform is further designed with built-in automatic protections against HTTP “slow client” attacks (e.g. Slowloris) and HTTP Request Smuggling attacks.
Akamai’s platform-based approach to web security can offer powerful protection to customers without incurring the performance penalty often associated with other methods, such as traffic scrubbing. Akamai seeks to deliver protection natively in the existing traffic path eliminating the need for rerouting, mitigating added latency and incurring no single point of failure. The Akamai Intelligent Platform is designed to deliver always on protection with industry leading scalability. Every Akamai edge server can act as a Kona Site Defender policy enforcement point, which is designed to allow Akamai to rapidly scale up defenses against attacks against its customers. In addition, Kona Site Defender helps protects customers from some of the potential costs resulting from high volume attacks by explicitly capping burst fees that Akamai might otherwise charge for traffic bursts if that traffic was caused by a large scale DDoS attack.
At the application layer, where attacks such as SQL injection and cross site scripting are prevalent, the Akamai technology is differentiated through the inclusion of a full-feature web application firewall. This application layer firewall consists of approximately 100 easy to configure rules that are designed to provide:
· HTTP protocol violation protections
· HTTP request limits
· HTTP policy limits (limit methods, content types, file extensions, etc.)
· Protections against trojans
· Defenses against scanners and bad robots
· Generic attack protections (e.g. SQL injections, cross site scripting, system command injections, etc.)
· Outbound content protection
In addition, the web application firewall can block requests based on the geography of the IP address making the request and it can define custom rules that apply specific protections for customer applications.
New design features introduced with the launch of Kona Site Defender include:
Advanced Security Monitor: Knowing in real-time that a web site or application is being attacked, and having visibility into the nature and source of the attack, is critical to a successful defense. Kona Site Defender provides security professionals with the required real-time visibility into security events as well as the capability to drill down into attack alerts to retrieve detailed information on who is attacking, what they are attacking, what defense capabilities triggered the attack declaration and what specifically was seen in the requests that triggered site defenses. As important, archived log data is available for 90 days to aid in post-attack forensics review.
Rate Controls: Kona Site Defender provides a new set of web defenses based on detecting and blocking clients that exhibit malicious behavior. The platform monitors the rate of requests coming from individual IP addresses and gathers statistics about each. This allows customers to block any IP address that is behaving in an abusive way, such as sending too many requests per second or causing too many origin errors. These protections are always on. Further the statistics collected allow Kona Site Defender to automatically detect IP addresses that have a high request rate but are not malicious such as large enterprise proxies.
“Our customers are some of the most innovative online businesses in the world, and as such, are looking for that same level of innovation from the companies with which they work to protect their brands and their reputations,” explained John Summers, vice president, Security Business, Akamai. “With the introduction of Kona Site Defender, we’re offering what we believe is the best way to respond to an ever changing, and in many ways, ever more hostile online environment.”
In recent weeks, Akamai customers have benefitted from the Company’s differentiated approach to delivering DDoS mitigation and web application security services. Both commercial and government organizations have been protected from potentially crippling, long-term attacks that in some cases reached a peak of more than 16,300 requests/sec (862 Mb/sec), an increase of 110 times normal traffic, and lasted over three days. In every case, the customers’ sites remained up and fully operational.
Akamai Kona Site Defender is in limited availability now and will be generally available April 11, 2012. To see Kona Site Defender in action, please visit Akamai at the upcoming RSA Conference 2012 (Booth 851).
Akamai® is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere. At the core of the Company's solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.