What’s New in Web Security

With Akamai’s web security portfolio, the top focus this October is on the web application firewall (WAF), with exciting new capabilities: API Discovery and Adaptive Security Profiles.

Along with the rest of the industry, Akamai has observed a long-term shift in the applications that we’re delivering, from traditional websites to API-based microservices architectures. Akamai reported that API traffic composed 83% of all hits on our platform in 2019 and we’ve seen that level continue to grow 30% year over year.  As the attack surface shifts to APIs, lack of visibility of API resources and their traffic profile remains a challenge for both security and development teams.

Akamai has introduced a number of API security capabilities over the years. In 2017, Kona Site Defender introduced new positive and negative security models for protecting APIs from volumetric and vulnerability exploit attacks. In 2018, Akamai launched an API Gateway to provide authentication and authorization for API traffic at the edge. And in 2019, we added automated API inspection for web application attacks to Kona Site Defender and Web Application Protector. These capabilities help security teams address many of the OWASP API Security Top 10 vulnerabilities today.

With this October’s Akamai Platform Update, Akamai is providing continuous automatic discovery and visibility into API endpoints and their traffic profiles. This will empower development, security, and operations teams with new insight and provide a streamlined mechanism to register and protect APIs against DDoS, injection, credential stuffing, and other attack types — all with a single click.

As the second marquee feature of this release, Adaptive Security Profiles builds on Automated Attack Groups to change the game for Akamai’s WAF engine. Introduced in 2017, Automated Attack Groups provides a security profile maintained and automatically updated by Akamai. This dramatically simplifies the task of configuring and managing a WAF for customers that prefer the hands-off approach. 

Adaptive Security Profiles now further increases the power and accuracy of WAF protections, by adapting protections based on the risk of each incoming request. The risk profile of the request is computed based on more than 10 different factors, including reputation of the threat actor on the Akamai platform, markers of malicious automation, a history of attacking the specific customer, origination from suspicious sources on the internet, and others. This added context allows us to further decrease false negatives without increasing false positives, continuing Akamai’s innovation in driving the highest possible WAF accuracy for our customers. Adaptive Security Profiles is available for Kona Site Defender and Web Application Protector customers today.

Beyond the WAF, Akamai has introduced a number of other updates across our portfolio of web security products, including Bot Manager, Client Reputation, Page Integrity Manager, and Prolexic. To learn more about the updates for your products, continue reading below and on the Akamai blog.

Bot Manager

Bot Manager helps organizations better manage the business and IT impact of good and bad bots, including the most sophisticated bots engaging in credential stuffing and web fraud.

Key Features

  • Crypto challenge action (mobile): Adds support for applying the crypto challenge action to mobile clients.
  • Bot Endpoint Protection report — challenge actions: The Bot Endpoint Protection report adds a new section on challenge actions to understand the number of challenges that were served or unsolved and better identify false positives
  • Akamai-categorized bots: Adds additional bot signatures to the following categories: Academic / Research, Business Intelligence, E-Commerce Search Engine, Enterprise Data Aggregator, Financial Account Aggregator, Job Search Engine, Media / Entertainment Search, Online Advertising, SEO / Analytics / Marketing, Social Media or Blog, Site Monitoring / Web Development, and Web Search Engine
  • Web Security Analytics — additional dimensions: Web Security Analytics adds dimensions for Bot Manager, including API resource purpose name, bot type, referrer and/or referrer domain, rule, rule combination, and client type
  • Mobile SDK v3.0.0: Bot Manager Premier SDK plugin for IOS adds support for manual initialization and removes support for automatic initialization
  • Ion integration: Filter bot beacons from the mPulse dataset when creating Adaptive Acceleration policies; excluding bot data from can improve the dataset used for performance optimization

Client Reputation

Client Reputation provides an additional layer of protection based on Akamai’s visibility into prior malicious activity from individual clients against all Akamai customers.

Key Features 

  • Shared IP intelligence: Provides visibility into shared IP addresses in order to investigate, establish reputation profiles, and inject reputation details into request headers forwarded to origin
  • Configuration APIs: New APIs to programmatically create and edit Client Reputation profiles or add reputation information to a request header

Kona Site Defender

Kona Site Defender provides comprehensive and customizable protection against DDoS and web app attacks for organizations with stringent requirements and complex application environments.

Key Features

  • API discovery: Analyzes traffic on the Akamai platform to discover both protected and unprotected APIs — including their endpoints, definitions, and characteristics — and then provides a simple workflow to register and protect APIs from DDoS, injection, and credential stuffing attacks
  • Adaptive security profiles: Automated Attack Groups now has tailored security profiles for each customer’s individual threat landscape; the characteristics of every request contribute to a threat score that dynamically modifies protections to detect the most-sophisticated attacks
  • Configuration APIs: New APIs to programmatically manage your WAF configuration, including changing rate control settings, updating WAF rules, configuring evaluation mode, configuring custom deny, and more

Page Integrity Manager

Page Integrity Manager provides a behavioral approach to script protection designed to detect malicious script activity, protect the integrity of your web pages, and safeguard your business.

Key Features

  • Domain reputation: Improves vulnerability identification and remediation by providing additional details on how the risk score displayed in incidents and dashboards was derived
  • Script intelligence console filters: Through an expanded user interface, added abilities to filter on domain reputation, Common Vulnerability and Exposure (CVE), and other script intelligence variables to analyze scripts flagged by Page Integrity Manager
  • PCI compliance: As a tool for PII protection Page Integrity Manager now proves its integrity with a full-scope PCI-DSS certification
  • Single-page application support: Page Integrity Manager now provides in-browser threat protection for websites designed with a single-page application architecture
  • Managed Security Service: Optional service that provides event monitoring and alerting, attack support through the Security Operations Command Center (SOCC), configuration assistance, security posture validation, and enhanced advisory reporting through an aligned security expert

Prolexic

Prolexic helps organizations protect their entire infrastructure from DDoS attacks, including web and IP-based applications in data centers, cloud service providers, and co-location facilities.

Key Features

  • IP Protect: New DDoS scrubbing solution onboards customer traffic for individual web- and IP-based applications using DNS redirection, allowing customers to protect IP address ranges smaller than /24.
  • Brazil scrubbing center: New Prolexic scrubbing center in São Paulo, Brazil, provides local mitigation and improved performance for Latin American customers
  • Flow anomaly detection: New detection technology identifies potential DDoS attacks based on flow anomalies and provides analysis data to SOCC staff to expedite mitigation and alerting in Security Center
  • Improved telemetry API: Updated API allows customers to retrieve telemetry and historical data for individual IP addresses

Web Application Protector

Web Application Protector simplifies application security with automated and continuously updated protections against DDoS and web application attacks.

Key Features

  • Adaptive security profiles: Automated Attack Groups now has tailored security profiles for each customer’s individual threat landscape; the characteristics of every request contribute to a threat score that dynamically modifies protections to detect the most evasive attacks
  • Hostname evaluation: Allows you to safely add new hostnames to an existing Web Application Protector configuration by evaluating the potential impact of WAF protections on that application
  • Seamless onboarding: New wizard allows you to easily onboard WAP with integration and configuration workflows designed to streamline and simplify the onboarding process
  • Configuration APIs: New APIs to programmatically manage your WAF configuration, including changing rate control settings, updating automated attack group actions, enabling and editing SIEM, and more

There will be more opportunities to engage with us on this and more at Edge Live | Adapt. Sign up to see how customers are leveraging these improvements, engage in technical deep dives, and hear from our executives how Akamai is evolving for the future.


*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Renny Shen. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/4gyOkmvrUd8/whats-new-in-web-security.html