We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Akamai brews up more delicious Kona security tools

Web acceleration company Akamai today announced Version 2.0 of its Kona Site Defender service, which adds new ways for clients to protect themselves against denial-of-service attacks.

Launched about a year ago, Kona takes advantage of Akamai's outsized network and server infrastructure, which is usually used to provide Web and application acceleration services -- Security Vice President John Summers says the company handles roughly 10 terabits per second of traffic on a good day.

[ MORE SECURITY: Dell: We can beat Cisco in enterprise and cloud security ]

"We're able to leverage that scale now for the security use case, as well as for the site acceleration use case," he says.

Akamai's raw capacity -- the company runs more than 120,000 individual servers, across 1,100 networks in 74 countries -- is often an effective defense against denial-of-service attacks, allowing it to simply soak up attack traffic in many cases. But Kona adds purpose-built anti-DoS features designed to counter modern attack techniques.

The initial version, in addition to capping fees for the burst capacity a DoS victim might require at $5,000 per month (absorbing a larger DoS attack at the company's pre-set rates could otherwise cost millions, according to Summers), provided a common rule set used to identify likely malicious traffic, and introduced a security monitoring apparatus along with Web application firewall capabilities.

"It's the fastest-growing new business area for Akamai ever," he says.

Three of Kona 2.0's new capabilities, according to Akamai, are particularly important. First, the new version refines its basic WAF technology, introducing a more sophisticated "anomaly scoring" system for identifying attack traffic. Second, it adds a user validation module -- essentially an under-the-hood "CAPTCHA" system for user agents, which asks them to perform complex math or execute simple JavaScript. If they can't, the system flags them as potentially malicious.

Finally, thanks to improved visibility and traffic analysis, Kona 2.0 is able to provide more fine-grained rate and behavioral controls -- meaning that the system can ostensibly tell the difference between, say, a major enterprise proxy attempting to access a site for a large number of real users and a malicious bot.

"By adding security features on top of [existing Akamai offerings], that just gives ... customers more confidence that they'll be able to do the types of transactional business on the Internet that they're accustomed to," says Forrester analyst John Kindervag. "It's aggregation of the various capabilities into a single service that provides value."

Kona 2.0 is available now, and is priced based on bandwidth and the number of sites protected. List price for up to five sites and 75Mbps is $15,000 per month.

Email Jon Gold at [email protected] and follow him on Twitter at @NWWJonGold.

Read more about wide area network in Network World's Wide Area Network section.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model