Akamai brews up more delicious Kona security tools

Web acceleration company Akamai today announced Version 2.0 of its Kona Site Defender service, which adds new ways for clients to protect themselves against denial-of-service attacks.

Launched about a year ago, Kona takes advantage of Akamai's outsized network and server infrastructure, which is usually used to provide Web and application acceleration services -- Security Vice President John Summers says the company handles roughly 10 terabits per second of traffic on a good day.

[ MORE SECURITY: Dell: We can beat Cisco in enterprise and cloud security ]

"We're able to leverage that scale now for the security use case, as well as for the site acceleration use case," he says.

Akamai's raw capacity -- the company runs more than 120,000 individual servers, across 1,100 networks in 74 countries -- is often an effective defense against denial-of-service attacks, allowing it to simply soak up attack traffic in many cases. But Kona adds purpose-built anti-DoS features designed to counter modern attack techniques.

The initial version, in addition to capping fees for the burst capacity a DoS victim might require at $5,000 per month (absorbing a larger DoS attack at the company's pre-set rates could otherwise cost millions, according to Summers), provided a common rule set used to identify likely malicious traffic, and introduced a security monitoring apparatus along with Web application firewall capabilities.

"It's the fastest-growing new business area for Akamai ever," he says.

Three of Kona 2.0's new capabilities, according to Akamai, are particularly important. First, the new version refines its basic WAF technology, introducing a more sophisticated "anomaly scoring" system for identifying attack traffic. Second, it adds a user validation module -- essentially an under-the-hood "CAPTCHA" system for user agents, which asks them to perform complex math or execute simple JavaScript. If they can't, the system flags them as potentially malicious.

Finally, thanks to improved visibility and traffic analysis, Kona 2.0 is able to provide more fine-grained rate and behavioral controls -- meaning that the system can ostensibly tell the difference between, say, a major enterprise proxy attempting to access a site for a large number of real users and a malicious bot.

"By adding security features on top of [existing Akamai offerings], that just gives ... customers more confidence that they'll be able to do the types of transactional business on the Internet that they're accustomed to," says Forrester analyst John Kindervag. "It's aggregation of the various capabilities into a single service that provides value."

Kona 2.0 is available now, and is priced based on bandwidth and the number of sites protected. List price for up to five sites and 75Mbps is $15,000 per month.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags akamaiDellsecurity firewallFirewall & UTMsecurityddosnetwork acceleration

More about Akamai TechnologiesCiscoDell

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon Gold

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts