Akamai API Security Reviews

Our main use case for Akamai API Security is securing the API security as we're using the API gateways.

A specific example of how we use Akamai API Security with our API gateways is when somebody hits our member-facing website from outside. We're actively monitoring where they're coming from and whether it's legitimate, and then we are doing all sorts of security checks based on our policy to ensure compliance.

The best features that Akamai API Security offers are the information and aggregation we get, as well as the alerts that we receive.

These features help my team in our daily work because my team is actually working on different things apart from making sure the lights are on, and even though API security is something they would look into, they can't spend a whole lot of time on this. We definitely depend on these kinds of tools. When we get an alert, we try to look at the information so it's at a high level so we can act accordingly. Once we know the information we're looking at, our team can go deeply and investigate that. In terms of aggregation, we heavily rely on these alerts.

Akamai API Security has made a positive difference for our organization by improving our security posture and saving our team time, as we can actually prioritize tasks unless there are some false positives, but it is definitely saving a lot of time.

We definitely see that our posture is much better.

I don't really have anything to add about any needed improvements at this point.

I just started with Akamai API Security before evaluating other options.

Akamai API Security is stable.

I don't have any issues with customer support right now.

I previously used a different solution before Akamai API Security, which was Check Point.

I have seen a return on investment, and the main thing is the time saved, allowing our employees to focus on other priority work.

The experience with pricing, setup cost, and licensing is that it's a totally different team to work on, but I heard the setup is pretty straightforward.

I would definitely advise others looking into using Akamai API Security to do a POC. I found this interview really great and don't think anything needs to change for the future. I would rate this experience an 8.

My primary use case was to identify PII and financial information exposed over APIs, focusing on accidental exposures or poorly constructed APIs.

I conducted a proof of concept for four months to identify PII and financial information exposed through APIs. Primarily, the API part is effective. I have been using Akamai AppMyWAF. The tool's API authentication, tokenization, and enhanced scalability and performance are valuable features. Akamai's support is impeccable, and its plug-and-play features are helpful.

The challenge I found was with contextualization and how analytics are generated. Reports were sent in a raw format without proper analytics. There was no mechanism to identify which APIs will always have PII information, such as those with PCI data. Tuning to skip known APIs wasn't available.

I used the tool for a pilot project, but the subsequent proof of concept was not conducted.

Performance and scalability are handled well, posing no problem.

From a traffic load perspective, I find the tool is always better in terms of scalability and performance.

The support from Akamai is impeccable. It is expensive but one of the best.

Negative

I already had WAF and CDN from Akamai.

The solution is not difficult to set up. It's a plug-and-play add-on, making it simpler for organizations already using Akamai WAF.

Support from Akamai was consistent, with a dedicated technical account manager from their side.

I mentioned that support from Akamai is expensive yet it is worth it.

I explored API security from a multiple domain approach with different tools.

Based on my last assessment, I would rate the solution four out of ten.

We use Akamai API Security to protect our APIs from any DDoS attacks.

API throttling is the most valuable feature of Akamai API Security.

It would be beneficial to use machine learning and API throttling together to identify how the APIs are called and whether it's coming from the right person or the wrong person. Akamai is developing that type of feature called URL protection, which is a mixture of API throttling and machine learning. Before blocking everything, this feature would check and first block requests coming from a hosting provider with a bad reputation.

I have been using Akamai API Security since 2017.

Akamai API Security is a stable solution.

At least 25 to 30 users are using Akamai API Security in our organization.

The solution’s initial setup is easy.

We have a limit to the number of APIs we can use inside a bundle, and we have to pay extra if we exceed that limit.

Users can use Akamai API Security depending on their use cases. Akamai API Security has simple features, and it's not very complicated.

Overall, I rate Akamai API Security a seven out of ten.

The most valuable feature of this solution is its integration with API gateways, WAP and with part of their SDLC. 

I think it would be good if they can integrate more with API gateways as this is currently limited.

We started using this solution at the beginning of 2022. 

This is a stable solution. We have not encountered any major issues. We have used the platform for deep-dive investigations that involved cyber crime and were happy with the performance. 

This is a scalable solution. 

This a SaaS platform and majority of our clients prefer integration with Noname on the cloud. It is pretty fast in terms of the implementation, coming from the POV and the actual production. It took us about 90 days. That included the project management, preparation and POV. 

I would rate this solution an eight out of ten.