In March of 2020, Akamai saw a dramatic 30% rise in internet traffic --- equivalent to an entire year of growth (1). Post-pandemic, Akamai believes there will be a return to normal internet traffic growth, but many things will never be the same. In general, we particularly expect to see greater reliance on the internet for transactions in retail, media, health care, finance, and travel and hospitality.
This makes security solutions and the ability to try before you buy even more important than ever. So why a "free tier" offer for client-side edge security?
The accelerated use of the internet for transactional services is primarily focused on the client-side of applications -- in browsers -- where end-users submit and access sensitive personally identifiable information (PII) needed for payments, account access, account services, etc. Writing scripts or, more important, using third-party scripts that execute in users' browsers have become popular because a browser-based user experience is familiar and expected. The increased use of supply chain/popular third-party services lowers the cost of development, and maintenance is done by the supply partner.
However, there is a downside to moving most transactional application activity to the client-side. Bad actors can easily see that PII is being used in these browser sessions; in the past few years, they have begun to target this attack surface in earnest. The rise in Magecart, Baka, Pipka, and many other approaches is affecting tens of thousands of websites each year. The problem is made worse by several factors:
- The majority of web application security investments, such as web application firewalls, have been to protect the server-side of the application architecture. Although firewalls protect web servers from bad bots and unwanted traffic, they aren't designed to protect websites from the rapidly rising number of attacks in user browsers.
- Studies have shown that more than two-thirds of scripts executing in browsers come from activity outside of the web application security perimeter, in the supply chain.
- Most, if not all, of these outside-supplied scripts either come from and/or are connected to trusted partners. Traditional blocking techniques from "bad sources" won't protect online businesses from these new, sophisticated attacks.
- Bad actors, as is often the case, have recognized these security gaps and have doubled down on exploiting vulnerabilities in scripts and the supply chain to add malicious code that is hard, if not impossible, to detect with current means.
Several studies have indicated that the vast majority of website owners are relying more heavily on client-side services but have invested little in new and innovative security solutions to protect themselves and their customers from critical data theft. This is beginning to lead to increased fines, penalties, and lawsuits as breaches and thefts have occurred.
In late 2019, Akamai developed a new client-side security solution focused on a more effective way to protect websites without the burden of heavy upfront setup, operations and analysis, and upkeep. Akamai's Page Integrity Manager sits in the background of executing web pages, monitoring all client-side activity and detecting and alerting on suspicious activity. Today, Page Integrity Manager protects over 1.7B page views every month by analyzing more than 3.5B script executions every day. Approximately 40M suspicious and malicious end-user interactions are seen every week with real-time notifications, detailed understanding, and root cause analysis with immediate mitigation and automatic policy creation.
Akamai thinks every business with meaningful traffic and important customers needs effective client-side protection. So much so, that Akamai is now offering Page Integrity Manager with its full complement of capabilities free to qualified customers. This self-service tier is offered to new and existing Akamai customers and provides the following:
- $0/month (standard PIM is usage-based pricing)
- Rich and useful product capabilities, including
- Real-time alerting of risk-scored, suspicious behavior
- Deep root cause analysis and single button mitigation
- Script vulnerability detection and analysis
- Automated script creation and granular editing
- Up to 1M analyzed script executions (beacons) per month
- Self-signup, onboarding, and operations with a step-by-step guide
- Akamai help and problem resolution
And when you are ready to scale up, we offer easy conversion to usage-based billing and best-in-the-industry services -- from deep technical assistance to fully managed services.
Click on this link to learn more and sign up today to begin your journey to better web application protection for you and your customers. Terms and conditions apply.