A WAF can be deployed as a hardware-based appliance, as a virtual appliance, or as a cloud-based service.
Simplify security with a cloud-based WAF
As web applications and APIs become more complex, protecting them from cyberthreats becomes increasingly difficult. More organizations are adopting microservices-based architectures and relying on APIs for virtually every online interaction, creating new potential entry points for hackers. The number of web application vulnerabilities reaches into the tens of thousands and grows larger every year. And cybercriminals are constantly refining their methods, using automated bots, botnets, and vulnerability scanners to launch multi-vector attacks.
A web application firewall (WAF) can mitigate many types of cyberattacks on web applications and APIs. But WAF solutions must be constantly tuned as threats evolve and applications change. This time-consuming process can be a drain on IT security teams — and an obstacle for application security.
Akamai can help. Akamai App & API Protector is a cloud-based solution designed to protect applications and APIs from a wide range of network and application-layer threats. Combining technologies for WAF, bot mitigation, DDoS protection, and API security, App & API Protector offers more powerful protections than standard WAF technology while minimizing effort and overhead.
What is a WAF — and what are its challenges?
A web application firewall is designed to protect web apps by filtering, monitoring, and blocking any malicious incoming HTTP traffic while also preventing unauthorized data from leaving the application. As a result, WAFs protect business-critical applications and web servers from threats like zero-day attacks, distributed denial-of-service (DDoS) attacks, SQL injection, and cross-site scripting (XSS).
WAF solutions can be deployed via software, on-premises appliances, or cloud-based technologies. Policies for a WAF can be tailored to the unique needs of the organization and its web applications.
One of the primary challenges of traditional firewall technology for web applications is that security teams must constantly analyze and tune a set of rules to reflect changes in applications, emerging threats, and updates to WAF solutions. This time-consuming manual process typically requires skilled operators, which are often in short supply.
When application security teams are unable to adequately tune a WAF, security policies quickly become outdated and the firewall may issue an increasing number of alerts. Suffering from alert fatigue, security teams may have difficulty recognizing false positives from real attacks. And out of fear that their inability to tune rules effectively may disrupt business and impact legitimate traffic, app security teams may pull protections out of line and knowingly accept a weakened risk posture.
Akamai App & API Protector
Akamai App & API Protector removes many of the issues with traditional WAF that can be a source of intraorganizational friction. From a self-service onboarding wizard to self-tuning recommendations, our technology provides automated protections that allow security teams to take a hands-off approach to web application security.
While App & API Protector is purposely built for simplicity, it offers some of the most advanced security automation technology available today. Powered by a new adaptive security engine, this Akamai technology stops web and API-based attacks while providing insight into emerging risks and strengthening information security strategies.
To protect organizations while simplifying security, our adaptive security engine assigns a threat score to each request based on a broad range of data points. The higher the score, the more aggressive the protections applied. By tailoring protections to the level of detected threat, Akamai can identify even the most evasive attacks while keeping false positives ultralow.
With Akamai App & API Protector, you can:
Protect websites, web applications, and APIs from a broad range of threats such as automated botnets, SQL injection, API-based attacks, volumetric DDoS attacks, and others.
Accomplish more and maximize investments in security products by relying on a solution that combines WAF technology, bot visibility and mitigation, API protections, SIEM connectors, web optimization, API acceleration, edge compute, and more.
Simplify maintenance while maintaining strong security, relying on self-tuning WAF technology and automatic updates from Akamai’s threat intelligence researchers.
Minimize the API attack surface by automatically discovering APIs and protecting them from vulnerabilities such as the OWASP Top 10 threats.
Web application firewall, bot visibility, DDoS protection, and more
Akamai App & API Protector combines a broad array of capabilities to maximize protection from web-based threats.
Self-tuning security
App & API Protector employs multidimensional, adaptive threat-based detections that correlate threat intelligence across the Akamai platform with data and metadata from each web and API request. This enables our technology to detect up to 2x more attacks (with 5x fewer false positives) than our previous detection solutions. To enable protections to adapt to application changes and evolving threats, App & API Protector features self-tuning capabilities that minimize operational friction and administrative overhead. Using advanced machine learning technology, this solution automatically analyzes all security triggers for true attacks and false positives to develop policy-specific tuning recommendations that administrators can accept with a few clicks.
Bot mitigation
Superior bot mitigation technology must stop sophisticated adversarial bots and botnets without obstructing legitimate bot traffic or introducing latency. App & API Protector effectively monitors and mitigates bot attacks, analyzing bot traffic against an expansive directory of more than 1,750 known bots. Security teams can create custom bot definitions that ensure third-party and partner bots can access the resources they need.
Advanced API protection
Akamai App & API Protector automatically discovers a full range of known, unknown, and changing APIs across all web traffic, including their endpoints, definitions, and traffic profiles. This visibility protects against hidden attacks while revealing unexpected changes and identifying errors. Akamai automatically inspects all API requests for malicious code, providing strong API security by default. Security teams can easily register newly discovered APIs with just a few clicks.
Automatic updates
Akamai’s adaptive security engine is constantly updated with insights from a threat research team that analyzes more than 300 TB of daily attack data. These automatic updates mean less administrative overhead and operational friction.
DDoS protection
App & API Protector drops network-layer DDoS attacks at the edge in real time. This solution can also quickly mitigate application-layer attacks within seconds, including attacks designed to overwhelm resources, attacks that exploit vulnerabilities, and attacks that target application logic.
Frequently Asked Questions (FAQ)
A web application firewall (WAF) is a security solution that protects web applications from common attacks by monitoring and filtering traffic, blocking malicious traffic entering a web application or unauthorized data leaving the app.
A WAF protects web applications by analyzing each HTTP/S request at the application layer. A next-generation firewall (NGFW) is designed to monitor traffic going out to the internet from websites, email accounts, and SaaS applications.
Why customers choose Akamai
Akamai powers and protects life online. Leading companies worldwide choose Akamai to build, deliver, and secure their digital experiences — helping billions of people live, work, and play every day. Akamai Connected Cloud, a massively distributed edge and cloud platform, puts apps and experiences closer to users and keeps threats farther away.