Standalone Akamai Security Service Aims To Block DDoS Attacks

Akamai has announced Kona Site Defender security service to defend customers against various types of DDoS attacks

Network content-delivery provider Akamai is launching a service in April that will defend customers from a broad range of distributed denial-of-service (DDoS) attacks.

The Akamai Kona Site Defender protects customer’s Websites from being knocked offline by directing malicious DDoS traffic to non-critical servers or just by filtering them out, according to the company. The service protects organisations from multi-vectored DDoS and application-layer attacks that target specific resources.

Web filter

Customers receive real-time Web security monitoring and adaptive rate controls as part of a cloud service. The service “shields” Websites, applications and associated data in the event of a DDoS attack. The tool includes a firewall for Web applications that can filter out attacks that exploit flaws in the source code to modify the site or gain access to data.

“With the introduction of Kona Site Defender, we’re offering what we believe is the best way to respond to an ever changing, and in many ways, ever more hostile online environment,” said John Summers, vice president of security business at Akamai.

The platform monitors requests trying to access the Websites and generates statistics on each source IP address trying to access the site. Akamai claims it has protected commercial and government organisations from “potentially crippling, long-term attacks” within its infrastructure recently. Even in cases of attacks where the network volume reached 110 times normal traffic and lasted over three days, customer sites remained up and fully operational.

Akamai built Kona Site Defender over its distributed Akamai Intelligent Platform, which is designed to accept only HTTP/S requests on ports 80 and 443. This restriction means network layer attacks such as TCP SYN floods, UDP floods and other malicious packets are automatically blocked. The platform is also designed to prevent the stealthy HTTP “slow client” attacks and other Web-based threats. Each edge server in Akamai’s infrastructure is capable of acting as a Kona Site Defender policy enforcement access point, which allows the company to scale up defences against an existing attack.

The Web application firewall allows administrators to set policy limits to prevent types of behaviour, such as accessing certain file extensions and content types, and blocking abusive ones, such as sending too many HTTP requests. Administrators can also decide to block requests sent from a specific geographic region, based on the IP address trying to access the Website, or define other custom rules.

Financial protection

With Kona Site Defender, customers are also protected from financially expensive bandwidth bills because of a traffic burst that was really caused by a large-scale DDoS attack.

Generic attack protections against common Web application threats, such as SQL injection, cross-site scripting and command injections, are also included with the firewall. Other defences include blocking HTTP protocol violations, Trojans, scanners and bad robots.

The advanced security monitor provides real-time information of a Website or application being attacked as well as detailed information on the attack’s origin and what defences were triggered by the attack.

As a CDN, Akamai offers acceleration and optimisation services to organisations to improve user experience on Websites and applications. The company has recently branched out into various security offerings, including a Web application firewall service and a tokenisation service to encrypt credit card numbers. However, Kona Site Defender will be the first time Akamai is making one of its services available without having to buy an acceleration and optimisation bundle.

Kona Site Defender will be generally available as a monthly service as of 11 April but will be on show at the RSA Conference in San Francisco next week. Pricing will depend on bandwidth used.