Introducing Web Security Analytics

Every security team knows that the success of any security product relies heavily on the ability to maintain an optimal security configuration. Any misconfiguration can result in malicious or undesired traffic reaching the application, or worse – legitimate traffic being blocked. In addition, it can result in noisy false positive security events, which can eventually mask real attacks from being detected and blocked.

What is Web Security Analytics?

Akamai’s new Web Security Analytics tool provides a single unified and efficient interface to assess a wide range of security events, perform analysis of events, and evaluate any needed changes in order to maintain an optimal security configuration. For example, customers can use this tool to better:

  • Understand all of your attack traffic across multiple attack types

  • View characteristics of your attack traffic broken down across multiple dimensions

  • Apply any number of filters to zoom in on the specific attack traffic that want to analyze

  • Analyze for false positives so that you can tune your security protections

  • Investigate which malicious sources are targeting your applications

  • Investigate whether your partners are using your APIs in a way that violates your policy

Web Security Analytics offers a unified view across your Akamai web security products, including Kona Site Defender, Bot Manager, Client Reputation and Web Application Protector.

What does it look like?

Web Security Analytics provides a view into your attack data with clear naming of the various attack types, WAF categories, network lists, APIs, rate controls, and individual rules that triggered. It provides granular visibility into a full month of data, with the ability to customize that data range based on the desired window.

The most obvious use is for statistical analysis. Web Security Analytics enables you to drill into the various attack dimensions and get a report of the number of requests, trend over time, number of unique values for each of the dimensions, and a table of top values for each dimension.

R1p1.png

Flexible filtering allows you to customize the attack traffic being shown. You can add filters based on any dimension for deeper analysis, even across different attack types.

R1p2.png

As you apply different filters, Web Security Analytics will show you only the attack data that matches those filters. This provides an increasingly granular view into your traffic.

R1p3.pngOnce you have zoomed into the desired attack traffic, based on any combination of dimensions and data range, you can perform analysis using sampled data. Web Security Analytics allows you to inspect a sample set of requests with their related request and response headers and the various attack types that triggered for each request.

R1p4.pngWhat you need to do:

Nothing – Web Security Analytics will be available to any customer with Kona Site Defender, Bot Manager, Client Reputation, or Web Application as part of Security Center and at no additional cost.

*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Ori Kanfer. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/p_4dSZ3wsZc/introducing-web-security-analytics.html