Blog

RSS

Akamai Offers Free Tier for Client—Side Edge Security

Written by

Mike Kane

March 12, 2021

In March 2020, Akamai saw a dramatic 30% rise in internet traffic -- equivalent to an entire year of growth. Post-pandemic, we believe there will be a return to normal internet traffic growth, but many things will never be the same. In particular, we expect to see greater reliance on the internet for transactions in retail, media, healthcare, finance, and travel and hospitality.

Finding the right security solution to protect the increasing volume of online transactions is more important than ever. The ability to try before you buy provides assurance that the protection is right for your business. For this reason, we’re offering a free tier for client-side edge security. 

The accelerated use of the internet for transactional services is primarily focused on the client-side of applications -- in browsers -- where end-users submit and access sensitive personally identifiable information (PII) needed for payments, account access, account services, etc. Writing scripts or, more importantly, using third-party scripts that execute in users' browsers have become popular because a browser-based user experience is familiar and expected. The increased use of supply chain and popular third-party services lowers the cost of development and maintenance.

However, there is a downside to moving most transactional application activity to the client-side. Bad actors can easily see that PII is being used in these browser sessions; in the past few years, they have begun to target this attack surface in earnest. The rise in Magecart, Baka, Pipka, and many other approaches is affecting tens of thousands of websites each year. The problem is made worse by several factors:

  • The majority of web application security investments, such as web application firewalls, have been to protect the server-side of the application architecture. Although firewalls protect web servers from bad bots and unwanted traffic, they aren't designed to protect websites from the rapidly rising number of attacks in user browsers.

  • Studies have shown that more than two-thirds of scripts executing in browsers come from activity outside of the web application security perimeter, in the supply chain.

  • Most, if not all, of these outside-supplied scripts either come from and/or are connected to trusted partners. Traditional blocking techniques from "bad sources" won't protect online businesses from these new, sophisticated attacks.

  • Bad actors, as is often the case, have recognized these security gaps and doubled down on exploiting vulnerabilities in scripts and the supply chain to add malicious code that is hard, if not impossible, to detect with current means.

Several studies have indicated that the vast majority of website owners are relying more heavily on client-side services but have invested little in new and innovative security solutions to protect themselves and their customers from critical data theft. This is beginning to lead to increased fines, penalties, and lawsuits as breaches and thefts have occurred.

In late 2019, Akamai developed a new client-side security solution focused on a more effective way to protect websites without the burden of heavy upfront setup, operations, analysis, and upkeep. Akamai's Page Integrity Manager sits in the background of executing web pages, monitoring all client-side activity, detecting and alerting on suspicious activity. Today, Page Integrity Manager protects over 1.7 billion page views every month by analyzing more than 3.5 billion script executions every day. Approximately 40 million suspicious and malicious end-user interactions are seen every week with real-time notifications, detailed understanding, and root-cause analysis with immediate mitigation and automatic policy creation. 

Every business with meaningful traffic and important customers needs effective client-side protection. To help with this transition, we’re now offering Page Integrity Manager with its full complement of capabilities free to qualified customers. This self-service tier is offered to new and existing Akamai customers and provides the following:

  • $0/month (standard Page Integrity Manager PIM is usage-based pricing)

  • Rich and useful product capabilities, including

    • Real-time alerting of risk-scored, suspicious behavior

    • Deep root cause analysis and single button mitigation

    • Script vulnerability detection and analysis

    • Automated script creation and granular editing

  • Up to 1 million analyzed script executions (beacons) per month

  • Self-signup, onboarding, and operations with a step-by-step guide

  • Akamai help and problem resolution

And when you are ready to scale up, we offer easy conversion to usage-based billing and industry-best services -- from deep technical assistance to fully managed services.

Click on this link to learn more and sign up today to begin your journey to better web application protection for you and your customers.



Written by

Mike Kane

March 12, 2021