Akamai Kona Site Defender Security Service Blocks DDoS Attacks

Content-delivery-network provider Akamai is launching a service that would defend customers from a broad range of distributed denial-of-service (DDos) attacks.

The Akamai Kona Site Defender protects customer Websites from getting knocked offline by DDoS attacks by directing malicious traffic to noncritical servers or just filtering them out, according to the company, which officially announced the new service Feb. 21. Kona Site Defender protects organizations from multi-vectored DDoS and application-layer attacks that target specific resources.

Customers receive real-time Web security monitoring and adaptive rate controls as part of a cloud service. The service "shields" Websites, applications and associated data in the event of a DDoS attack. The tool includes a firewall for Web applications that can filter out attacks that exploit flaws in the source code to modify the site or gain access to data.

“With the introduction of Kona Site Defender, we’re offering what we believe is the best way to respond to an ever changing, and in many ways, ever more hostile online environment,” said John Summers, vice president of security business at Akamai.

The platform monitors requests trying to access the Websites and generates statistics on each source IP address trying to access the site. Akamai claims it has protected commercial and government organizations from "potentially crippling, long-term attacks" within its infrastructure recently. Even in cases of attacks where the network volume reached 110 times normal traffic and lasted over three days, customer sites remained up and fully operational.

Akamai built Kona Site Defender over its distributed Akamai Intelligent Platform, which is designed to accept only HTTP/S requests on ports 80 and 443. This restriction means network layer attacks such as TCP SYN floods, UDP floods and other malicious packets are automatically blocked. The platform is also designed to prevent the stealthy HTTP "slow client" attacks and other Web-based threats. Each edge server in Akamai's infrastructure is capable of acting as a Kona Site Defender policy enforcement access point, which allows the company to scale up defenses against an existing attack.

The Web application firewall allows administrators to set policy limits to prevent types of behavior, such as accessing certain file extensions and content types, and blocking abusive ones, such as sending too many HTTP requests. Administrators can also decide to block requests sent from a specific geographic region, based on the IP address trying to access the Website, or define other custom rules.

With Kona Site Defender, customers are also protected from financially expensive bandwidth bills because of a traffic burst that was really caused by a large-scale DDoS attack.

Generic attack protections against common Web application threats, such as SQL injection, cross-site scripting and command injections, are also included with the firewall. Other defenses include blocking HTTP protocol violations, Trojans, scanners and bad robots.

The advanced security monitor provides real-time information of a Website or application being attacked as well as detailed information on the attack's origin and what defenses were triggered by the attack.

As a CDN, Akamai offers acceleration and optimization services to organizations to improve user experience on Websites and applications. The company has recently branched out into various security offerings, including a Web application firewall service and a tokenization service to encrypt credit card numbers. However, Kona Site Defender will be the first time Akamai is making one of its services available without having to buy an acceleration and optimization bundle.

Kona Site Defender will be generally available as a monthly service as of April 11. Pricing will depend on bandwidth used.