Content Delivery Network (CDN) vendor Akamai is updating its Kona Site Defender Web Application Firewall this week, with new rules and DDoS mitigations.
The Kona Site Defender can use rules from the open source Modsecurity project that provide a baseline on current attack vectors. John Summers, vice president for the security business at Akamai, told Enterprise Networking Planet that Akamai is also adding its own ruleset that triples the number of protection rules.
The Akamai common ruleset reflects Akamai's experience in fighting attack against its own customers.
”Prior to the new ruleset launch, as we spotted attacks we would writeup rules to mitigate the attack,” Summers said. “What we've done here is integrate that directly into the product.”
There is a functional difference between the modsecurity core ruleset and the Akamai common ruleset.
“The modsecurity core ruleset looks for patterns inside request that indicate maliciousness,” Summers said. “The Akamai common ruleset is much more attack and threat focussed rather than the structure of a standard request.”
Summers stressed that Akamai customer can and do leverage both the modsecurity ruleset as well as the Akamai common ruleset.
How it Works
Akamai Kona is implemented by a site through a DNS entry. The enterprise controls their own DNS and needs to make a CNAME entry that maps to an Akamai hostname. In that way all request pass through Kona first for analysis.
Currently most Kona customers are existing Akamai customers, and as such are already likely to be pointing their DNS to Akamai. Summer noted that there have been some enterprises that come to Akamai specifically for DDoS mitigation as well.
In a DDoS attack, a site is hit by a flood of concurrent requests which serve to disrupt or disable a site. Akamai as a platform has 10 Terabytes of scalability and as such, the CDN can absorb huge volume of inbound traffic.
“We serve on-demand events for our delivery customers, that are larger than the largest DDoS attacks we have ever seen,” Summer said. “The largest DDoS attack we have seen against any one customer is 124 Gigabits per second against a single website and that website stayed functional during the entire attack.”
Summers added that,”there is no botnet out there that is at the same scale as the 120,000 servers in our platform.”