Introducing Web Security Analytics
Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse - legitimate traffic being blocked. In addition, it can result in noisy false positive security events, which can eventually mask real attacks from being detected and blocked.
What is Web Security Analytics?
Akamai's new Web Security Analytics tool provides a single unified and efficient interface to assess a wide range of security events, perform analysis of events, and evaluate any needed changes in order to maintain an optimal security configuration. For example, customers can use this tool to better:
Understand all of your attack traffic across multiple attack types
View characteristics of your attack traffic broken down across multiple dimensions
Apply any number of filters to zoom in on the specific attack traffic that want to analyze
Analyze for false positives so that you can tune your security protections
Investigate which malicious sources are targeting your applications
Investigate whether your partners are using your APIs in a way that violates your policy
Web Security Analytics offers a unified view across your Akamai web security products, including Kona Site Defender, Bot Manager, Client Reputation and Web Application Protector.
What does it look like?
Web Security Analytics provides a view into your attack data with clear naming of the various attack types, WAF categories, network lists, APIs, rate controls, and individual rules that triggered. It provides granular visibility into a full month of data, with the ability to customize that data range based on the desired window.
The most obvious use is for statistical analysis. Web Security Analytics enables you to drill into the various attack dimensions and get a report of the number of requests, trend over time, number of unique values for each of the dimensions, and a table of top values for each dimension.
Flexible filtering allows you to customize the attack traffic being shown. You can add filters based on any dimension for deeper analysis, even across different attack types.
As you apply different filters, Web Security Analytics will show you only the attack data that matches those filters. This provides an increasingly granular view into your traffic.
Once you have zoomed into the desired attack traffic, based on any combination of dimensions and data range, you can perform analysis using sampled data. Web Security Analytics allows you to inspect a sample set of requests with their related request and response headers and the various attack types that triggered for each request.
What you need to do
Nothing - Web Security Analytics will be available to any customer with Kona Site Defender, Web Application Protector, Bot Manager, Client Reputation, Kona DDoS Defender, or Web Application Firewall as part of Security Center and at no additional cost.