Kona Site Defender is a security solution from Akamai that protects against DDoS attacks, web application attacks, and direct attacks on origin servers. It leverages Akamai's global network of servers to mitigate attacks close to their source before reaching the customer. The solution includes features like web application firewall, rate controls, IP whitelisting/blacklisting, and origin cloaking to hide customer servers. It provides visibility into security events and defense actions through an advanced security monitor.

1. KONA SECURITY SOLUTIONS: PRODUCT BRIEF
Site Defender
To be successful in today’s hyperconnected world, the enterprise needs to leverage
the capabilities of the Web and be ready to innovate without fear. Organizations
face great risk from increasingly frequent and sophisticated attempts to render
Web properties unavailable, steal intellectual property, and compromise personally
identifiable information.
Distributed Denial of Service (DDoS) and Web application attacks – along with attacks targeting
DNS infrastructure – represent some of the most critical threats to enterprises today. These attacks BUSINESS BENEFITS
are increasingly brazen and targeted at a wide range of organizations. They can cause downtime,
• educe risk of downtime, defacement
R
drive up bandwidth costs, loss of confidential information and revenue, and severely impact an
and data theft to protect revenue,
organization’s reputation. customer loyalty and brand equity
At Akamai, our security customers include some of the most well known brands in the world – • mprove business continuity by reducing
I
many of which are targeted for attack on a regular basis. In fact, the largest known DDoS attack time-to-respond and by maintaining
(124 Gbps of application layer attack traffic) was successfully mitigated by Akamai. good performance in times of attack
• educe costs associated with handling
R
Akamai Kona Site Defender is our solution for defending against all types of DDoS attacks,
spikes in attack traffic
as well as attacks against Web applications (SQL Injections, Cross Site Scripts, etc.) and direct-
• educe capital expenditure on security
R
to-origin attacks – and our optional Akamai eDNS solution is designed to protect against attacks
hardware and software
on DNS infrastructure. Kona Site Defender is deployed across the Akamai Intelligent Platform™,
which consists of tens of thousands of servers deployed across over 1,000 networks in more
than 70 countries. No one handles more Web traffic than Akamai. OPERATIONAL AND
TECHNICAL BENEFITS
DDoS Mitigation
Kona Site Defender leverages the Akamai Intelligent Platform™ to thwart DDoS attacks by absorbing • imple integration with existing IT
S
DDoS traffic targeted at the application layer, deflecting all DDoS traffic targeted at the network infrastructure
layer such as SYN Floods or UDP Floods, and authenticating valid traffic at the network edge. • aximize uptime and availability
M
during DDoS attacks
This built-in protection is “always on”, and only Port 80 (HTTP) or Port 443 (HTTPS) traffic is
• Defend Web application infrastructure
allowed. Bursting fees are capped so users are protected from DDoS traffic running up service
fees. And flexible caching maximizes offload from origin. • Protect against direct-to-origin attacks
The Akamai Intelligent Platform™ is architected with worldwide distribution and massive scale • mprove availability of DNS infrastructure
I
to ensure our clients’ Web sites stay available. Akamai handles 5Tbps of traffic daily on average • utomated, on-demand scaling elimi-
A
and has handled peak traffic flows of over 8Tbps. And mitigation capabilities are implemented nates the need for over-provisioning
natively in-path so protection is provided no more than a few network hops from the point
• educe operational costs with
R
of request – NOT at the customer origin. access to best-in-class application
security expertise
Application Layer Protection
Kona Site Defender incorporates a full featured Web Application Firewall (WAF) based upon
proprietary technology that provides customers with a highly scalable layer of protection against
application layer attacks. Implemented in-line across Akamai’s globally distributed platform of tens
of thousands of servers, Akamai’s WAF helps detect and deflect threats in HTTP and HTTPS traffic,
issuing alerts or blocking attack traffic closer to its source, before it reaches the customer origin.
Application Layer Controls include a collection of pre-defined yet configurable Web application
firewall rules for different types of attack categories. These rules also enable deep packet inspec-
tion of an HTTP/S Request/Response and its payload in order to identify and protect against
attacks such as SQL Injections, Cross-Site Scripting, etc.

2. Site Defender KONA SECURITY SOLUTIONS: PRODUCT BRIEF
Network Layer Controls afford the ability to enforce customer-defined Other Features
IP whitelists and blacklists. List updates are propagated across Akamai’s Additional capabilities associated with Kona Site Defender include:
global network within minutes, enabling rapid response to attacks. Other adaptive caching, in which additional customer identified content is
features include the ability to restrict requests from specific IP addresses served from the Edge during an attack, site failover, user access control,
to protect customer origin from application layer attacks, and implement log delivery service, the inclusion of Akamai NetStorage, and Akamai’s
geo blocking. Up to 10,000 CIDR entries are supported – including named compliance management toolset for ISO 27002.
lists such as Tor exit nodes. Kona Site Defender Service Management provides access to Akamai’s
Rate Controls provides protection against application layer DDoS attacks experienced professional services team for regular review of WAF log files
by monitoring and controlling the rate of requests against the Akamai and updates to WAF configuration.
servers and the customer origin. Rate categories can be incorporated DNS Infrastructure Protection is designed to ensure end users get
as WAF rules enabling the customer to dynamically alert and/or block direct to your Web sites. Aka­ ai’s Enhanced DNS is an outsourced DNS
m
clients exhibiting excessive request rate behaviors. Statistics are collected solution that leverages the globally distributed Akamai Platform’s sec­
for three request phases: client request; forward request; and forward ondary authoritative name servers. It requires no change to existing DNS
response. administration processes and provides incredibly robust, reliable, scalable,
secure DNS resolution.
Custom Rules enable a user to create policy-based rules that are enforced
after the execution of the application layer controls. Custom rules serve
as “virtual patches” for new Web site vulnerabilities.
Origin Cloaking
Kona Site Defender also includes the ability to cloak (hide) a customer
origin from the public Internet. This adds an additional layer of security
protection without impeding the quick and reliable delivery of content,
regardless of end user location. It is designed to complement your existing
infrastructure and prevent direct-to-origin attacks.
Only a fixed subset of Akamai servers is allowed to communicate with
the customer origin, which acts as a parent for all other Akamai servers.
Mapping of Akamai servers to the customer origin is implemented as an
Access Control List (ACL) in the origin firewall – all other traffic is denied.
Akamai’s Security Monitor provides real time visibility into security events
Advanced Security Monitor for alerting, analysis and forensics.
Kona Site Defender provides security professionals with real time visibility
into security events as well as the capability to drill down into attack
alerts to retrieve detailed information on who is attacking, what they are
attacking, and what defense capabilities triggered the attack declaration
and what specifically was seen in the requests that triggered site defenses.
Also of importance, archived log data is available for 90 days to aid in
post-attack forensics review.
The Akamai Difference
Akamai® is the leading cloud platform for helping enterprises provide secure, high-performing user experiences on any device, anywhere. At the core of the company’s
solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities
of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai
is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com and follow @Akamai on Twitter.
Akamai Technologies, Inc.
U.S. Headquarters International Offices
8 Cambridge Center Unterfoehring, Germany Bangalore, India
Cambridge, MA 02142 Paris, France Sydney, Australia ©2012 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole
or in part in any form or medium without express written permission is prohibited.
Tel 617.444.3000 Milan, Italy Beijing, China
Akamai and the Akamai wave logo are registered trademarks. Other trademarks
Fax 617.444.3001 London, England Tokyo, Japan contained herein are the property of their respective owners. Akamai believes
U.S. toll-free 877.4AKAMAI Madrid, Spain Seoul, Korea that the information in this publication is accurate as of its publication date;
(877.425.2624) Stockholm, Sweden Singapore such information is subject to change without notice.
www.akamai.com