Tuning a web application firewall can be a daunting task. Security teams invest significant time and energy testing WAF rules in order to gain the confidence necessary to set them to deny. But as soon as the application changes or new or updated WAF rules are available, they have to do it all over again - only this time, without knowing if the rule changes will improve their security posture or make it worse.
In the October Release, Kona Site Defender introduces KRS Evaluation Mode to help security teams better understand the impact of new and updated WAF rules and gain the confidence needed to set them to deny. KRS Evaluation Mode allows customers to easily evaluate the impact of WAF rule changes against live traffic, without impacting the user experience or existing protection settings.
Why does this matter?
Ultimately, KRS Evaluation Mode allows customers to benefit from Kona Rule Set (KRS) updates faster and keep their WAF protections up to date.
Akamai makes regular updates to KRS to reflect the rapidly changing threat landscape, as well as evolving application behavior, based on visibility into both attack and legitimate traffic across our platform. When Akamai's security researchers issue an update for KRS, Kona Site Defender customers are automatically notified that new or updated rules are available.
From this notification, customers can quickly select their next step in the process, either to view additional details of the KRS update, upgrade, or start an evaluation process.
The "View Update Details" window lists all rules that are new or have an update available, the rule ID for identification, and the current active settings in the security policy.
Starting the evaluation process is also just one click away, taking customers to the evaluation window. When selecting Kona Rule Set Evaluation, customers can run a side-by-side comparison of existing and updated rules - even with different settings for the same rule to assist tuning rules for better protection.
Evaluations can run for up to four weeks. Customers can view a detailed report of the evaluation showing the side-by-side comparison of the active and changed rules that have been selected for the evaluation.
Customers requiring additional details or granularity can also perform deeper analysis of the evaluation results using Web Security Analytics. This helps security teams make more informed decisions around WAF tuning, by allowing them to know if changes are as effective as planned or if different settings need to be considered.
KRS Evaluation Mode provides all of the information customers need to make security rule changes with more confidence. And when you're ready, you can complete upgrade with a single click.
Being in control of your WAF is great and now Akamai gives you even more power. For additional information, check out the Kona Site Defender product page. For more information about other solutions that we offer on the edge check out our October 2019 launch page. (Note: Insert hyperlink here)