Kona Site Defender is our flagship Web Application Firewall and DDoS Mitigation solution at Akamai. Back in the days of the Al-Qassam Cyber Fighters, Brobot ("It's not OK, bro"), and the "holy 100 Gbps attack!", we had a saying around Akamai: "Kona Site Defender customers come for the DDoS, but they stay for the WAF". The general idea was that it took a headline-grabbing DDoS attack to make customers and prospects aware that Akamai had a security offering. That was the end of 2012 and the beginning of 2013. In those days, analysts told us and our prospects that we had WAF customers *only* because we were good at mitigating DDoS attacks. We were only mildly offended, and we toiled on. Our work seems to have paid off: In 2017, cloud-based WAFs are more or less an industry standard, Kona is a perennial fixture in the Gartner WAF Magic Quadrant and analysts tell us that "Kona is on the short list of all Security buyers".
Today customers are coming to Akamai for our WAF. But what are they staying for? Well if the dozen or so beta customers are any indication, they've begun staying for our Application Programming Interface (API) protections. 4% of the web sites that Akamai serves offer APIs, and 25% of Akamai traffic that is sent back to the web server (or origin) comes from APIs. And as of the March 13th release of Kona Site Defender, Kona Site Defender protects API traffic. The companies that have tried this feature in beta are hooked, and we look forward to bringing API protection to many more companies over the course of 2017 and beyond. The new version that includes API protections is free to existing Kona Site Defender subscribers.
Additional features in the March 13th release include:
- Rate controls for IPv6
- Multiple Security Configurations (MSC) with access control and workflow separation
- A customer-accessible custom rule builder
- DDoS and Application Attack Reports featured as part of Security Center, with 90 day window
For more information on Kona Site Defender click here.
To access the press release that described the new Kona Site Defender, click here.
In the meantime, remember you are invited, and that everybody's coming to the KSD party for the WAF, but they're staying for the API protections.