Akamai App and API Protector Reviews

It's mostly used for hosting a website or a domain online and protecting them from the application layer attacks.

I would say that the solution has made connectivity a lot easier. Now, people can connect to websites very easily, and also, with the load balancing that the solution has introduced, one won't face that many DDoS attacks happening. Akamai Kona Site Defender has worked on the aforementioned areas since we used to face a lot of load on the original server earlier. Now after taking the service of Akamai Kona Site Defender, the load has decreased as it is mainly falling onto edge servers of Akamai. They have also put caching as a service, and so they also cache on their own. Hence, we don't have to take that much load on the servers. We can use the server load on the original servers.

Akamai has a very great history in the CDN market. Like, if we talk about the present, 40 percent of cases go through Akamai CDN only. If I talk about an area of improvement today, if we talk particularly about protecting against the application layer attacks data, CloudFlare is leading the market. So I would recommend Akamai also to move ahead in that segment. If they do it, then they won't be any competitors in that segment because they would be the best.

Right now, Akamai CDN is a leading tool in the market. So, no one can compete with the tool. If we talk about application layer attacks, including WAF, CloudFlare is leading. Akamai can focus a bit more on the application layer attacks and how to protect them. Akamai can be a real game changer in the market. Akamai should try to be better than CloudFlare.

I would not like to add anything. It's perfect till now, so it should remain like that.

I have been using Akamai Kona Site Defender for around a year. My company is a customer of the solution.

It's a stable product.

There are a lot of people using the solution in my company. In our company, around ten people use the tool, but globally it has a lot of users.

I have contacted the support team of Akamai. I rate the technical support an eight and a half out of ten. I am happy with their responses and answers to my problems.

Positive

The solution is deployed on Akamai's native cloud. The initial setup was easy, but you need to have good knowledge about application layer attacks, HTTP protocols, and everything. Also, about caching, one needs to have good knowledge, and only then will you be able to configure the domain and set it up. Also, if someone doesn't have any experience setting up won't be an issue, but they should know what they are doing. So, if they are not familiar with the protocols and the basic things, then it will be very tough for them to understand what is happening, what to do, and how to configure.

Price-wise, I would say Akamai's pricing is competitive.

My company chose the tool since the PoC provided was good and was sufficient enough for the company to decide to move ahead with the product.

I would definitely recommend the solution to those planning to use it since it has an easy interface, so you can understand things easily. You can easily, through the interface, understand what is happening and how to do the monitoring and move forward with that.

Since the tool has proven a lot in securing our website a lot of times and reducing the latency or the speed-related issues, the customers were facing earlier. 

I rate the overall solution a nine out of ten.

I have been using Akamai's Content Delivery Network and WAF products. The Akamai App and API Protector product is new to us. We are still implementing it. 

We were facing some security issues. We faced some attacks in the past. That was the reason for implementing Akamai App and API Protector. We wanted to protect our website. That was the main reason.

The WAF features are valuable to us. When I see the WAF features, there are a lot of categories and subcategories. You can see what attacks are happening on the system. The dashboard is the most interesting feature of the Akamai portal where you can have a detailed analysis of all the attacks that are happening. You can drill down an issue and see exactly what is happening, who are the bad guys attacking your website, and how Akamai is protecting the website. That is the most valuable feature.

Akamai App and API Protector is very new to me, so I do not have any insights on improvement areas for the product. However, when we ask for some help, it can take some time. We understand that the job is done by professionals, but if that time can be reduced, it would be great.

We have recently onboarded Akamai App and API Protector.

Akamai as a SaaS product is very stable. I have not seen any downtime. 

We did not use any solution similar to Akamai App and API Protector, but we did use Akamai WAF.

The Akamai Tech team had a very professional approach. They analyzed the entire system. They saw all the logs, and they came up with their presentation and slides listing the areas that were there. They advised us on the areas where we needed to focus and the attacks that were happening. They highlighted all those areas. They built the configuration for us and asked us to review that configuration. After reviewing, they asked to implement it on staging and then make it live. It was a very professional approach that I saw from the Akamai tech team.

When you implement it, it is very smooth. The UI is very familiar. You can easily see all the components and features. They provide guidelines. There are forums where you can find a solution. All the help is there on the website to implement all the components.

Its price is at the medium level. It is not very high. It is also not very low. It serves the purpose. 

We looked in the market and checked all the vendors that could provide this facility. We found that Akamai is on top. We reached out to Akamai and started using it.

When it comes to Akamai products, I have seen their three products. Akamai Security is one. Akamai Content Delivery Network is another one, and then there is also Akamai Cloud. We use two of them. We are not using Akamai Cloud. In terms of integration, WAF with Content Delivery Network works very well, but I do not have any idea about other products.

Overall, I would rate Akamai App and API Protector an eight out of ten.

We are using the product mainly for our content delivery network and e-commerce. When the users go to our site, they get redirected to Akamai, which acts as a firewall and gets information from the cache or our web servers.

The solution allows us to cache content for geographic availability. It allows us to filter out countries where we are not doing business.

The ability to filter unwanted IP addresses is valuable to us. I'm pretty satisfied with the solution. The product has a good user interface.

The product should provide a secure NTP. We would like Akamai to offer it rather than going to another vendor to buy it.

My organization has been using the solution since 2018.

We have had no issues with the product’s stability. I rate the stability a ten out of ten.

The solution has strong scalability. I rate the scalability a ten out of ten.

The technical support has been prompt. I'm pretty happy with it.

It would be difficult to conduct the type of e-commerce that we have without the product, especially given the security requirements for an online retailer.

The product’s price is high.

It is a cloud-based solution, and we are using the latest version. We recently cut over our internal DNS to Akamai’s hosted DNS. Akamai provided us with quite a bit of support with it. The deployment process of Akamai’s DNS was pretty straightforward. 

If a company is planning to use the solution, they need to ensure that the people that are going to be involved with the product get trained appropriately. The learning process is not straightforward. We should take advantage of the training provided by Akamai. Overall, rate the solution a nine out of ten.

I am currently working on a use case involving vulnerabilities and deferral requests made by individuals seeking to complete their remediation. These vulnerabilities are categorized and require an SLA for remediation based on their severity. If a certain category of vulnerability cannot meet the mitigation deadline, it must be approved. I am responsible for explaining why mitigation is impossible, the remediation time frame, and the holdup.

My approach to addressing vulnerabilities is to evaluate the risk from Akamai WAF's perspective and the application's exposure. I review the WAF for external vulnerabilities to determine if the specific issues have been addressed. The adaptive function of the WAF is powerful, as it can detect suspicious behavior and pick up on issues. The adaptive role sets and behavioral activities seem to be very effective in this regard. Additionally, the WAF can share information such as IP ranges or addresses associated with certain kinds of activity. If a threat is detected on one WAF, it may be blocked across all WAFs owned by different enterprises.

As for my understanding, I cannot say for certain. While I am not entirely sure about how the WAF works in sharing information and blacklisting potential threats, I believe it is an effective solution. However, I would caution against quoting me on this as I may not have all of the information.

So, that's a very powerful feature. However, assessing when something is not explicitly described in the rule set can be challenging. It's difficult to determine if it's being prevented or not. But, I have noticed that it's very effective at preventing people from even being able to identify the existing vulnerabilities. This is a great prevention measure, and it can adapt to different situations by considering various factors, including those specific to the WAF and threat intelligence data. It seems to work really well, but I can't speak to the overall effectiveness of all the activities.

I cannot say exactly how Akamai Kona Site Defender has helped from an organizational perspective, but I can attest to its benefits in terms of understanding and mitigating threats. We have not experienced any breaches in areas where we previously had many breaches tied to specific CVE detections, so I assume it must be working well. While I am hesitant to make definitive statements, I have not heard any negative feedback about Akamai WAF, and many people have praised its effectiveness based on what I have observed. However, I cannot confidently recommend Akamai Kona Site Defender over Imperva or any other WAF, as I have not worked with them personally.

In terms of improvement, from my point of view, it may seem a little selfish to comment as we focus on CVEs. On the other hand, Akamai addresses only the big pressing issues explicitly in their rule set. Though this is the right approach as vulnerabilities change over time, and there are an enormous amount of CVEs to block individually, Akamai needs to focus on quickly responding to risks, even those that may potentially be of zero threat in a day. While I don't believe they claim to prevent all attacks, Akamai's WAF seems very effective in preventing people from scanning for vulnerabilities. It can adaptively make decisions based on a variety of factors, including specific WAF data and threat intelligence. While I can't speak to the totality of their activities, I do know that they quickly patch any effective workarounds discovered, even before the issue is publicly released. While there are certain complexities in the security environment and many variations on the same types of attacks, Akamai's WAF seems to work very well.

Majorly, there are an awful lot of complexities in many ways, including the variations it provides to do the same thing. There is a really high volume of attacks, and the tool seems to work very well, as far as I can tell.

From my perspective, the setup wasn't easy, but I could do it pretty quickly and get my head around how it was working. I think the interface is pretty slick because they were tracking many different factors, not just for Akamai Kona Site Defender but for other tools in there as well. Specific patterns or time patterns rolled up might be interesting to see for time frames, and there may actually be a way of doing it that I just haven't found yet. However, that's a little outside the realm of what I'm doing, so I'm not too concerned about it. I don't really have an issue with what they've done. Maybe some of the documentation is a little confusing. They have a lot of different places where you can go to get information, and some of the information is quite out of date. They have stopped 2018, which predated the release of the adaptable test. When I started out, I was wrong with my or maybe I have a big list of CVEs and everything, but I think that they feel like Akamia’s real set of rules would be able to block vulnerabilities if you don't have an accept or whatever. It doesn't really work that way unless they're right to do it that way or to not do it that way. They call out really big things like Struts vulnerability, Log4j, and any vulnerabilities like that. They will do a press release or a blog post that basically states that they have taken care of it, and this is the rule number that one should look for depending on one's implementation. So, I feel that's great and really helpful. That's the sort of thing I want to know. From a purely self-testing perspective, it's lovely to have the mapping for every single CVE, but I understand why they don't, and I think it's right not to provide such a feature. I think the idea is that you have to look at it specifically for what they needed to do and where they're operating. One can reach out to Akamai's support easily, and there have been a handful of situations where I don't feel comfortable sharing certain details. When I've reached out to the support team through our engineering teams, things have been quite helpful, so that's good.

I have experience with Akamai Kona Site Defender for about three months. I work as an information security analyst in my company. I am a user, and my company is the solution's customer.

I can't comment on the stability of the solution. I haven't experienced or heard of any downtime or seen the system crash. Also, I haven't read super close attention to it. In short, it seems very stable to me, but I'm not the right person to comment on its stability.

I don't think that it is a scalable tool. I can say that it's optimized. I can't comment on whether it is scalable, but I know that a huge amount of data goes through it.

I have contacted the technical support team through our engineering group, which included a support engineer. The solution's technical support team seems to be pretty responsive.

It seems risky for me to rate the technical support due to my lack of experience with technical support. But, if we consider all the caveats, I would rate them between eight to nine out of ten. However, I'm unsure if this rating would benefit others.

Positive

The Akamai Kona Site Defender was up and running when I started in this new role. Although I have a background in Akamai WAF, I have never worked with them directly before, so this has been a good opportunity for me to delve deeper into the specifics of what they do. Looking at the documentation and doing similar things, I can see that they cover things similarly.

The support information is available on various platforms, such as community forums, support articles, and documentation. I found it challenging to locate the specific information I needed, but I attempted to do it myself without involving our engineering team. This process taught me a lot, but I realized that some of the information I learned earlier was not as relevant to the current situation, and much of the information was available within the tool itself rather than in offline documentation. It was an eye-opening experience for me, and I believe involving our engineering team or being more involved in the setup would have been helpful in finding the necessary information. I just tried to minimize the impact because our engineering team is always very busy. I tend to be self-directed when it comes to learning, and sometimes that can backfire.

The information I need is available and applicable to the specific things I'm looking for. I can also identify the roadblocks. So, in that sense, the solution is great. Overall, I would rate it nine out of ten.

We used Akamai Web Application Protector for protection from layer seven attacks.

Akamai Web Application Protector is a good solution that provides basic web application protection. The solution is quite cheap compared to Kona.

It would be nice if Akamai Web Application Protector's price is lowered and made cheaper.

I have worked with Akamai Web Application Protector for three to five years.

Akamai Web Application Protector is a stable product.

Akamai Web Application Protector is a scalable product.

The solution's technical support team will define its SLA and respond to you within the SLA. Even if they don't find any solution, they'll return and tell you they are still working on the issue. They're quite open, and they work within their SLA.

Positive

The solution's initial setup was easy because it provided support for the implementation.

Akamai Web Application Protector is an expensive product.

We used the solution on the Akamai cloud. The solution's integration with other tools is very easy. The solution's UI or user interface is good. The solution is user-friendly and easy to implement. It is also very easy to understand how to implement it. You can understand the features quickly if you want to use it.

Akamai Web Application Protector is a good product that fulfills the customer's requirements.

Users should use Akamai Web Application Protector if their budget allows them to use it because it is quite a mature and expensive product.

If any customer needs improvement in Akamai Web Application Protector, they should go for Kona.

Overall, I rate Akamai Web Application Protector an eight out of ten.

We use Akamai Kona Site Defender because we need CDN. We have mobile apps, and we host them internally. Sometimes, we also deploy an IPA file for iPad. I think all the users from our distributor are going to download directly from our server. We use Akamai to distribute all the IPA files to our network provider without any significant latency for our distributor.

I like that the charges are all based on usage and labor costs. For the time that we spend onboarding almost 252020 FQDN, Akamai charges us only for the traffic usage, but it's only charging us for the labor costs for onboarding.

It would be better if there weren't any issues with latency. We had latency issues, but I think they are all solved now.

Akamai Kona Site Defender has been stable so far.

Because our third-party partner has a good relationship with Akamai, I think they can call the Akamai to join the incident call when an incident is happening. I think they're quite good and responsive for that. There is also a lot of documentation online regarding troubleshooting.

The initial setup is quite easy because we mainly outsource it to another company.

We just ask the third-party provider to implement the solution or engage Akamai and make some changes.

There is no license at all for Akamai. They are going to charge us only for the usage.

I would recommend this solution to potential users. I think if the FIC has a CDN, it's easier in terms of onboarding. In terms of the commercial part and charging, I think Akamai is more efficient. I think it's important to have a CDN feature inside.

On a scale from one to ten, I would give Akamai Kona Site Defender a nine.

The product is used as a web application firewall for Layer 7, Layer 3, and Layer 4 DDoS protection. It is also used for caching, acceleration, and faster delivery.

The product has a good UI. It is an easy-to-use solution.

The solution should improve the monitoring tool a little bit. The performance of the cloud monitoring tool is low.

I have been using the solution for five years.

The product is stable.

More than 100 people are using the solution in my organization.

The solution is easy to implement because Akamai provides support.

The solution is expensive.

People should definitely use the product. Most of the time, it will fulfill our requirements. The tool has many customers. The tool requires a lot of tuning. Overall, I rate the product an eight out of ten.

We're using it as DDoS on a basic WAF. We use a hybrid cloud deployment model. 

It enables us to move faster with new products because we have this layer of protection set up in our infrastructure.

It saves time and gives us a consistent way to export those services.

It's a SaaS solution and so it's scalable outside of our infrastructure. That's the most valuable thing for us.

The WAF features definitely have a lot of room for improvement. A lot of the WAF is really basic. For some products or some of our solutions, we need to run a second layer of more advanced WAF. If it had better layer seven protection then we would not need a second WAF.

We use Akamai because it's good at what it does. There are some other things that we would like it to be good at and it's not that good. Quality of protection is our primary concern.

We need more advanced layer seven protection, SQL injection, applied scripting, and more confidence in the precision of the system. I think all of those things would be very useful for us.

It's fairly stable. We're happy with the stability of the product.

It's being used fairly extensively, any new internet-facing applications are going through Akamai Kona. Whether we extend the usage really depends on whether it's going to meet some of the quality objectives with web application firewalls.

The initial setup was straightforward. It has an API. We haven't hit any kinks that we couldn't work with it.

As far as DDoS protection is concerned, I'm firmly in the Akamai Kona box. 

In terms of consistency, I think people should consider API-based adoption for Kona configuration. That gives us a broader state which looks and feels the same, and a small team can support it rather than needing a large team to support it.

For what it does, it's really good. For what we want it to do, there's room for improvement. I'd give it an eight and a half out of ten. In order for it to be a 10 I would say that it should be one of the market-leading WAF solutions and not just a volumetric solution.