For organizations that do business online, Kona Site Defender provides broad protection for critical web applications against the largest and most sophisticated DDoS and web application attacks. KSD includes robust security protections for websites and APIs, updated by the industry’s best threat research team to help organizations to keep up with evolving security threats. Organizations can customize KSD protections for their unique application requirements. KSD is an integral part of Akamai’s edge security solutions, which allow organizations to increase the security posture as their business requires or the shifting threat activity may demand. They can do so either independently or using Akamai managed security services.
Kona Site Defender provides a flexible application security solution protecting websites and APIs against DDoS and web application attacks. It combines Akamai’s proprietary WAF rule set, created and automatically updated based on visibility into the latest attacks with protections that organizations can customize for their specific business needs. Optional add-ons are available to build a defense-in-depth security posture: Client Reputation to provide further threat intelligence, Fast DNS to protect your DNS layer, and Bot Manager to manage and mitigate bot traffic.
Built on the globally distributed Akamai Intelligent Edge PlatformTM, Kona Site Defender not only provides protection at scale but also security without compromise, allowing you to deliver a supreme end-user experience to your customers, even when under attack.
Kona Site Defender provides a flexible solution with access to an industry leading Professional Services team that can service your security needs over the long haul.
Akamai is used by 6,000 of the largest online companies, including the top 30 media and entertainment companies, the top 20 global online retail sites, 150 of the world’s leading news portals, and 100 of the world’s largest banks. The popularity and ubiquity of our platform gives us visibility into the disposition of both legitimate and malicious traffic, across geographies and industry verticals. That visibility, along with our Cloud Security Intelligence data analysis engine, allows us to deliver customizable, flexible, accurate and scalable application and mobile security.
Akamai Identified as a Web Application Firewall Leader by Independent Research Firm1DOWNLOAD FULL REPORT
Akamai Identified as a Leader In 2018 Gartner Magic Quadrant for Web Application Firewalls for Second Consecutive Year2DOWNLOAD FULL REPORT
Akamai Identified as a DDoS Mitigation Leader by Independent Research Firm1READ MORE
Learn why Akamai leads vendor comparisons in multiple categories.Download the Report
Advanced threat research and intelligence to help manage security risks and protect against cyber attacks.Learn More
Secure business innovation, customer loyalty, and brand equity
Attack surfaces keep shifting. Attacks keep getting bigger and more targeted. Trust based on location is no longer relevant. Digital transformation results in more complex systems, which ultimately result in even more risk. Leverage Akamai edge security to become a business enabler, reduce the attack surface, and harness the power of the cloud by mitigating attacks where they are generated.
Protect your APIs and native mobile apps
Businesses depend on APIs to grow and interconnect with customers and partners. APIs have become a favorite of application developers and malicious attackers alike. Protecting this critical lifeline is vital for every business. KSD’s powerful rule sets protect APIs with negative and positive security models to provide maximum protection.
Reduce security complexity and streamline operations
Maintaining the highest level of protection can stretch the limits of your security teams. Not every web property needs the same amount of fine tuning. This is why KSD offers automated protection capabilities to offload your security teams. Automated updates always provide the newest protection rules against the latest and evolving threats. Security teams can focus their skills where they are most needed.
Security for DevOps
Enterprises are increasingly embracing cloud technologies, automation, and DevOps practices. Now security is an integral part of these agile development processes. With Kona Site Defender, organizations have a way to programmatically update security controls and tie them into their development and CI/CD processes.
Improved reporting and analytics
Every security team knows that their success relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application — or worse, legitimate traffic being blocked. Web Security Analytics provides a single pane of glass across all security events, to perform analysis of events, and to evaluate any needed changes required to maintain an optimal security configuration
Maintain application performance even under attack
The Akamai Intelligent Edge Platform™ extends from your on-premises and cloud based infrastructure to your users, enabling you to maximize agility while increasing performance and reducing risk associated with application attacks.
Akamai Intelligent Edge Platform™
Built on the Akamai Intelligent Edge Platform™, Kona Site Defender extends your security infrastructure to the network edge and stops attacks long before they can reach your applications.
Kona Site Defender defends your applications from the largest DDoS attacks, automatically dropping network-layer attacks at the edge and responding to application-layer attacks within seconds — minimizing any potential downtime.
Web Application Firewall
Kona Site Defender includes a highly scalable web application firewall that protects you from application-layer threats with an automated and highly customizable rule set.
Kona Site Defender provides API-centric protections against DDoS and parameter-based attacks automatically inspecting API traffic. KSD allows organizations to define their APIs and what good traffic looks like, and block abnormal access and API requests.
With visibility into the latest attacks against the largest and most frequently attacked organizations online, Akamai continuously and transparently updates Kona Site Defender’s security rule set, while leaving you in complete control.
Kona Site Defender provides a virtual patch for your applications, protecting against a broad range of known vulnerabilities out of the box and offering custom rules to quickly secure new vulnerabilities or simply tailor protection for your website traffic.
100% Availability and Uptime
Kona Site Defender is built on a highly resilient and self-healing platform that comes with a 100% uptime SLA.
Benefit from performance capabilities built into the Akamai CDN, such as caching, advanced offload capabilities, and TCP optimization, to improve website performance for users even through the largest attacks.
Management APIs for common configuration tasks enable organizations to integrate security controls into their software development and delivery pipeline.
Advanced Reporting and Analytics
Detailed assessment of security events allows your security team to better evaluate changes needed to maintain an optimal security configuration tailored to your specific business needs.
Kona Site Defender provides always-on protection against the largest DDoS attacks. It responds to network and application-layer attacks within seconds, and builds on the intelligent edge platform that delivers more than 61 Tbps of traffic. It has the capacity to absorb the largest attacks.
Web Application Protection
The web application firewall includes a rich collection of pre-defined and configurable application-layer firewall rules. Rule accuracy is driven by Akamai’s unique visibility into 15 to 30% of the world’s web traffic and across various industries.
Kona Site Defender uses positive and negative security models for increased protection of APIs from malicious calls and DDoS attacks. Customers can define which types of requests and calls are allowed. Kona Site Defender will inspect the JSON and XML content in the API body and path parameters for risky content.
Security for DevOps
Enterprises are increasingly embracing cloud technologies, automation, and DevOps practices, as well as the need to integrate security with their agile development processes. With Kona Site Defender, organizations have a way to programmatically update security controls and tie them into their development processes. Kona Site Defender provides organizations with a range of management APIs that enable developers and administrators to integrate common security configuration tasks into the CI/CD process.
Checklist: 8 Best DDoS Mitigation Practices
Having a DDoS mitigation plan in place can make the difference between organization-wide chaos and an orderly and timely DDoS response. This checklist outlines eight steps you can take to prepare for a DDoS attack.Download the Brochure
Strategies for API Security
Cyberattackers are targeting the application programming interfaces (APIs) used by businesses to share data with customers. In this white paper you will learn about APIs, how and why they are targets for attacks, security models, and how Akamai can help.Download the White Paper
Luisa Via Roma
Italian luxury fashion retailer relies on Akamai to protect against bots, DDOS & malicious attacks, while driving web performance & revenue.Read More
Health and Sports Nutrition Group's online business can sleep safely at night, knowing Akamai is protecting their website.Read More
Akamai protects 5miles against online attacks to support its rapid business expansion.Read More
Boston Scientific sees 100% adoption of remotely accessed business intelligence software after deploying Akamai’s solution.Read More
Akamai protects CashFlows’ critical payment systems from both targeted and distributed cyberattacks using their worldwide network of hundreds of thousands of servers, massive bandwidth, and world-class security systems and knowledge.Read More
Akamai enables Concur to instantly improve global application performance and expand into new markets.Read the Blog
Domino's Pizza Enterprises focuses heavily on the digital ordering experience of their customers in seven major markets. Akamai has been a key partner in delivering a fast and secure platform, which has helped increase conversion and sales.Read More
Akamai cloud security solutions ensured the safety and 100% availability of EPRO’s website, and helped the company lower IT cost while improving the overall user experience.Read More
Hong Kong Airlines
Akamai helped Hong Kong Airlines speed up their website’s response time significantly for its visitors from all over the world, while managing bots and scrapers, achieving annual savings of RMB 40 million.Read the Blog
MailChimp pursues global growth with Akamai protection solutions in place.Read More
Guests visit Six Flags amusement parks to have an enjoyable experience with family and friends. Six Flags trusts Akamai to ensure that exceptional experience extends to their mobile app users while inside the park.Read More
Why Xero chose Akamai for security and performance
Xero is an cloud-based accounting software for small businesses based in New Zealand with over 1.2 million subscribers. Akamai and Xero began their relationship in 2009 and remain key security partners collaborate at all levels of technical capacity.Watch the Video
Webinar: Does My Company Need Web Application Firewalls
In this on-demand webinar, you'll learn why you need a Web Application Firewall along with the top considerations for selecting a WAF solution.Watch the Video
Website & API Security: DDoS & Web Application Threats & Protection
Your customers need your website, application, or API, so you need security. Get answers about how DDoS and web attackers choose their targets, and attacks you will face.Watch the Video
Smartest Protection Against DDoS Attacks
DDoS attacks can bring down your business and threaten your customer relationships. With this video, discover more about the smartest way to protect your revenue and your reputation with a world-class cloud security strategy.Watch the Video
ZALORA CTO on solving security issues in the Asian market
ZALORA is the fastest-growing online fashion retailer in Asia. From battling against bots scraping their prices, to shaving seconds off of page speed for mobile users in Indonesia and the Philippines, Karthik Subramanian, CTO & Co-founder, talks about his journey of finding solutions that fix their security and performance challenges.Watch the Video
1The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgement at the time and are subject to change.
2Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D'Hoinne | Adam Hils | Ayal Tirosh | Claudio Neiva, 29 August 2018.
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akamai.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.