March 2020 — What’s New in Security, Part 1

Welcome to Akamai’s March 2020 Release! This release offers a week of product updates, with each day highlighting continued innovations across a different area of Akamai’s product portfolio:

  • Monday and Tuesday feature two days of security updates. There’s a lot going on in Akamai’s security portfolio — more than will fit into a single day.
  • Wednesday introduces updates to Akamai’s delivery platform for HTML, API, video, software, and small-object content.
  • Thursday highlights the increasing importance of short-form video in the digital customer experience.
  • Friday is developer day, with the latest improvements in self-service and integrating Akamai into your CI/CD processes.

Starting off the week is security. Forrester recently named Akamai as a Leader in The Forrester Wave: Web Application Firewalls, Q1 2020 and The Forrester New Wave: Bot Management, Q1 2020 reports. For both WAF and bot management, this was the second report in a row in which Akamai was named a Leader, and Akamai was positioned as having the strongest current offering in both. Akamai has now been named a Leader in five different Wave and New Wave reports for security solutions, including DDoS mitigation solutions, customer identity and access management, and Zero Trust eXtended Ecosystem Providers

Being named a Leader in consecutive reports is never a given, as evidenced by several changes in position in the latest Forrester New Wave: Bot Management, Q1 2020. Forrester assesses vendors on both strength of current offering as well as future strategy, and continued innovation is a must to maintain leadership. The March 2020 Release includes across-the-board updates to Bot Manager, including the introduction of a crypto challenge for both bot detection and management, cross-domain compatibility, and integration with mPulse.

Crypto challenge offers an exciting addition in the fight against bots. Clients are issued a complex cryptographic puzzle and must successfully solve the puzzle and provide proof of work (PoW) in order to access a site. As a detection technique, crypto challenge augments existing bot detections and provides another mechanism against evasive attackers. But from an attacker perspective, the crypto challenge action changes the economics by slowing down the rate of requests while increasing the compute costs required to operate large credential stuffing botnets.

March 2020 also introduces a number of enhancements to Prolexic Routed. This release includes a major upgrade to the Prolexic platform, with new virtual tunnels replacing physical GRE tunnels to offer up to 152 delivery paths from Akamai’s 19 global scrubbing centers directly to the customer origin. This provides a significant improvement in a customer’s experience when routed on, with dramatically improved network resiliency, as well as supporting dramatically higher clean network traffic. In terms of the customer origin, Kona Site Defender has always offered the ability to protect customer applications, wherever they are — including in hybrid or multi-cloud environments. Akamai is excited to expand the DDoS protection capabilities of Prolexic Routed beyond traditional data centers to colocation facilities and the public cloud. This positions Prolexic Routed for the next wave of data center migration, supporting customers as they move entire data centers to the cloud and beyond.

Hope you’re as excited as we are! Come visit us each day this week on blogs.akamai.com. To learn more about what we’re announcing today, continue reading below:

Bot Manager

Kona Site Defender

Prolexic Routed

Web Application Protector


Bot Manager

Bot Manager offers a number of product updates, including a new crypto challenge for both bot detection and management, cross-domain compatibility for customers protecting multiple domains, and integration with mPulse to better measure the performance impact of bot traffic.

Key Features

Bot detection  proof of work

New bot detection technique requires clients to solve a proof-of-work challenge and identifies bots based on evidence of automation in the response.

Challenge action — crypto challenge

New challenge action issues a crypto challenge using proof-of-work technology to increase botnet resource consumption and disrupt attacker economics, while minimizing user experience impact.

Cross-domain compatibility

Supports customer environments comprising multiple domains by protecting endpoints where login and other requests can originate from other domains.

Management action improvements

Enables advanced and conditional actions on transactional endpoints protected by behavioral anomaly analysis bot detections.

Bot Endpoint Coverage report

Helps maintain a consistent bot posture by simplifying auditing of bot detections and configured actions applied to protected endpoints across multiple security configurations.

Web Security Analytics  real-time alerts

Allows creation of real-time alerts in Web Security Analytics using static filters and thresholds, with email alert notifications to specified recipients.

 

mPulse integration

Integration with mPulse allows customers to segment web traffic by human vs. bot, and monitor the impact of bots on real user and business metrics.


Kona Site Defender

The March 2020 Release improves management for Kona Site Defender. Enhanced exceptions for automated attack groups provide greater flexibility in tuning to minimize false positives, while Web Security Analytics now offers real-time alerting to stay up to date with attacks. 

Key Features

Automated Attack Groups  enhanced exceptions

Adds flexibility when creating exceptions with Automated Attack Groups to further tune for false positives.

Web Security Analytics — real-time alerts

Allows creation of real-time alerts in Web Security Analytics using static filters and thresholds, with email alert notifications to specified recipients.


Prolexic Routed

The March 2020 Release introduces a number of enhancements to Prolexic Routed, including new virtual tunnels that offer up to 152 delivery paths from Akamai’s 19 global scrubbing centers, DDoS protection support for customer origins in AWS and Equinix, and a new mitigation posture report that provides greater visibility into Akamai’s response to DDoS attacks.

Key Features

Virtual tunnels

Establishes virtual GRE tunnels from every Akamai scrubbing center to the customer origin to improve network resiliency and provide greater flexibility to respond to attacks.

AWS origin support

Protects customer origins located on Amazon Virtual Private Cloud (VPC) when customers bring their own IPv4 address range supporting BGP routing.

Equinix origin support

Optional Connect module now supports additional connectivity options via Equinix Cloud Exchange, protecting customer applications and infrastructure colocated within Equinix data centers.

Mitigation posture report

New report provides greater visibility into a customer’s security posture, including preconfigured mitigations as well as mitigations applied in response to individual DDoS attacks.


Web Application Protector

With the March 2020 Release, Web Application Protector makes it easier than ever to start with simplified application security and grow with Akamai as your security requirements increase. Organizations can now move from an automated to tailored approach to WAF protections with a single click, or add bot management capabilities as threats change.

Key Features

1-Click Upgrade to Kona Site Defender

Enables Web Application Protector customers to easily upgrade to Kona Site Defender while maintaining existing protection.

Bot Manager compatibility

Bot Manager can be added to existing Web Application Protector configurations for comprehensive protection against DDoS, web, and bot attacks.

Automated Attack Groups — enhanced exceptions

Adds flexibility when creating exceptions with Automated Attack Groups to further tune for false positives.

Web Security Analytics — real-time alerts

Allows creation of real-time alerts in Web Security Analytics using static filters and thresholds, with email alert notifications to specified recipients.



*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Renny Shen. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/XzFsLQxDtlU/march-2020----whats-new-in-security-part-1.html