Akamai App and API Protector Reviews

I have been using Akamai's Content Delivery Network and WAF products. The Akamai App and API Protector product is new to us. We are still implementing it. 

We were facing some security issues. We faced some attacks in the past. That was the reason for implementing Akamai App and API Protector. We wanted to protect our website. That was the main reason.

The WAF features are valuable to us. When I see the WAF features, there are a lot of categories and subcategories. You can see what attacks are happening on the system. The dashboard is the most interesting feature of the Akamai portal where you can have a detailed analysis of all the attacks that are happening. You can drill down an issue and see exactly what is happening, who are the bad guys attacking your website, and how Akamai is protecting the website. That is the most valuable feature.

Akamai App and API Protector is very new to me, so I do not have any insights on improvement areas for the product. However, when we ask for some help, it can take some time. We understand that the job is done by professionals, but if that time can be reduced, it would be great.

We have recently onboarded Akamai App and API Protector.

Akamai as a SaaS product is very stable. I have not seen any downtime. 

We did not use any solution similar to Akamai App and API Protector, but we did use Akamai WAF.

The Akamai Tech team had a very professional approach. They analyzed the entire system. They saw all the logs, and they came up with their presentation and slides listing the areas that were there. They advised us on the areas where we needed to focus and the attacks that were happening. They highlighted all those areas. They built the configuration for us and asked us to review that configuration. After reviewing, they asked to implement it on staging and then make it live. It was a very professional approach that I saw from the Akamai tech team.

When you implement it, it is very smooth. The UI is very familiar. You can easily see all the components and features. They provide guidelines. There are forums where you can find a solution. All the help is there on the website to implement all the components.

Its price is at the medium level. It is not very high. It is also not very low. It serves the purpose. 

We looked in the market and checked all the vendors that could provide this facility. We found that Akamai is on top. We reached out to Akamai and started using it.

When it comes to Akamai products, I have seen their three products. Akamai Security is one. Akamai Content Delivery Network is another one, and then there is also Akamai Cloud. We use two of them. We are not using Akamai Cloud. In terms of integration, WAF with Content Delivery Network works very well, but I do not have any idea about other products.

Overall, I would rate Akamai App and API Protector an eight out of ten.

It's mostly used for hosting a website or a domain online and protecting them from the application layer attacks.

I would say that the solution has made connectivity a lot easier. Now, people can connect to websites very easily, and also, with the load balancing that the solution has introduced, one won't face that many DDoS attacks happening. Akamai Kona Site Defender has worked on the aforementioned areas since we used to face a lot of load on the original server earlier. Now after taking the service of Akamai Kona Site Defender, the load has decreased as it is mainly falling onto edge servers of Akamai. They have also put caching as a service, and so they also cache on their own. Hence, we don't have to take that much load on the servers. We can use the server load on the original servers.

Akamai has a very great history in the CDN market. Like, if we talk about the present, 40 percent of cases go through Akamai CDN only. If I talk about an area of improvement today, if we talk particularly about protecting against the application layer attacks data, CloudFlare is leading the market. So I would recommend Akamai also to move ahead in that segment. If they do it, then they won't be any competitors in that segment because they would be the best.

Right now, Akamai CDN is a leading tool in the market. So, no one can compete with the tool. If we talk about application layer attacks, including WAF, CloudFlare is leading. Akamai can focus a bit more on the application layer attacks and how to protect them. Akamai can be a real game changer in the market. Akamai should try to be better than CloudFlare.

I would not like to add anything. It's perfect till now, so it should remain like that.

I have been using Akamai Kona Site Defender for around a year. My company is a customer of the solution.

It's a stable product.

There are a lot of people using the solution in my company. In our company, around ten people use the tool, but globally it has a lot of users.

I have contacted the support team of Akamai. I rate the technical support an eight and a half out of ten. I am happy with their responses and answers to my problems.

Positive

The solution is deployed on Akamai's native cloud. The initial setup was easy, but you need to have good knowledge about application layer attacks, HTTP protocols, and everything. Also, about caching, one needs to have good knowledge, and only then will you be able to configure the domain and set it up. Also, if someone doesn't have any experience setting up won't be an issue, but they should know what they are doing. So, if they are not familiar with the protocols and the basic things, then it will be very tough for them to understand what is happening, what to do, and how to configure.

Price-wise, I would say Akamai's pricing is competitive.

My company chose the tool since the PoC provided was good and was sufficient enough for the company to decide to move ahead with the product.

I would definitely recommend the solution to those planning to use it since it has an easy interface, so you can understand things easily. You can easily, through the interface, understand what is happening and how to do the monitoring and move forward with that.

Since the tool has proven a lot in securing our website a lot of times and reducing the latency or the speed-related issues, the customers were facing earlier. 

I rate the overall solution a nine out of ten.

We used Akamai Web Application Protector for protection from layer seven attacks.

Akamai Web Application Protector is a good solution that provides basic web application protection. The solution is quite cheap compared to Kona.

It would be nice if Akamai Web Application Protector's price is lowered and made cheaper.

I have worked with Akamai Web Application Protector for three to five years.

Akamai Web Application Protector is a stable product.

Akamai Web Application Protector is a scalable product.

The solution's technical support team will define its SLA and respond to you within the SLA. Even if they don't find any solution, they'll return and tell you they are still working on the issue. They're quite open, and they work within their SLA.

Positive

The solution's initial setup was easy because it provided support for the implementation.

Akamai Web Application Protector is an expensive product.

We used the solution on the Akamai cloud. The solution's integration with other tools is very easy. The solution's UI or user interface is good. The solution is user-friendly and easy to implement. It is also very easy to understand how to implement it. You can understand the features quickly if you want to use it.

Akamai Web Application Protector is a good product that fulfills the customer's requirements.

Users should use Akamai Web Application Protector if their budget allows them to use it because it is quite a mature and expensive product.

If any customer needs improvement in Akamai Web Application Protector, they should go for Kona.

Overall, I rate Akamai Web Application Protector an eight out of ten.

I am currently working on a use case involving vulnerabilities and deferral requests made by individuals seeking to complete their remediation. These vulnerabilities are categorized and require an SLA for remediation based on their severity. If a certain category of vulnerability cannot meet the mitigation deadline, it must be approved. I am responsible for explaining why mitigation is impossible, the remediation time frame, and the holdup.

My approach to addressing vulnerabilities is to evaluate the risk from Akamai WAF's perspective and the application's exposure. I review the WAF for external vulnerabilities to determine if the specific issues have been addressed. The adaptive function of the WAF is powerful, as it can detect suspicious behavior and pick up on issues. The adaptive role sets and behavioral activities seem to be very effective in this regard. Additionally, the WAF can share information such as IP ranges or addresses associated with certain kinds of activity. If a threat is detected on one WAF, it may be blocked across all WAFs owned by different enterprises.

As for my understanding, I cannot say for certain. While I am not entirely sure about how the WAF works in sharing information and blacklisting potential threats, I believe it is an effective solution. However, I would caution against quoting me on this as I may not have all of the information.

So, that's a very powerful feature. However, assessing when something is not explicitly described in the rule set can be challenging. It's difficult to determine if it's being prevented or not. But, I have noticed that it's very effective at preventing people from even being able to identify the existing vulnerabilities. This is a great prevention measure, and it can adapt to different situations by considering various factors, including those specific to the WAF and threat intelligence data. It seems to work really well, but I can't speak to the overall effectiveness of all the activities.

I cannot say exactly how Akamai Kona Site Defender has helped from an organizational perspective, but I can attest to its benefits in terms of understanding and mitigating threats. We have not experienced any breaches in areas where we previously had many breaches tied to specific CVE detections, so I assume it must be working well. While I am hesitant to make definitive statements, I have not heard any negative feedback about Akamai WAF, and many people have praised its effectiveness based on what I have observed. However, I cannot confidently recommend Akamai Kona Site Defender over Imperva or any other WAF, as I have not worked with them personally.

In terms of improvement, from my point of view, it may seem a little selfish to comment as we focus on CVEs. On the other hand, Akamai addresses only the big pressing issues explicitly in their rule set. Though this is the right approach as vulnerabilities change over time, and there are an enormous amount of CVEs to block individually, Akamai needs to focus on quickly responding to risks, even those that may potentially be of zero threat in a day. While I don't believe they claim to prevent all attacks, Akamai's WAF seems very effective in preventing people from scanning for vulnerabilities. It can adaptively make decisions based on a variety of factors, including specific WAF data and threat intelligence. While I can't speak to the totality of their activities, I do know that they quickly patch any effective workarounds discovered, even before the issue is publicly released. While there are certain complexities in the security environment and many variations on the same types of attacks, Akamai's WAF seems to work very well.

Majorly, there are an awful lot of complexities in many ways, including the variations it provides to do the same thing. There is a really high volume of attacks, and the tool seems to work very well, as far as I can tell.

From my perspective, the setup wasn't easy, but I could do it pretty quickly and get my head around how it was working. I think the interface is pretty slick because they were tracking many different factors, not just for Akamai Kona Site Defender but for other tools in there as well. Specific patterns or time patterns rolled up might be interesting to see for time frames, and there may actually be a way of doing it that I just haven't found yet. However, that's a little outside the realm of what I'm doing, so I'm not too concerned about it. I don't really have an issue with what they've done. Maybe some of the documentation is a little confusing. They have a lot of different places where you can go to get information, and some of the information is quite out of date. They have stopped 2018, which predated the release of the adaptable test. When I started out, I was wrong with my or maybe I have a big list of CVEs and everything, but I think that they feel like Akamia’s real set of rules would be able to block vulnerabilities if you don't have an accept or whatever. It doesn't really work that way unless they're right to do it that way or to not do it that way. They call out really big things like Struts vulnerability, Log4j, and any vulnerabilities like that. They will do a press release or a blog post that basically states that they have taken care of it, and this is the rule number that one should look for depending on one's implementation. So, I feel that's great and really helpful. That's the sort of thing I want to know. From a purely self-testing perspective, it's lovely to have the mapping for every single CVE, but I understand why they don't, and I think it's right not to provide such a feature. I think the idea is that you have to look at it specifically for what they needed to do and where they're operating. One can reach out to Akamai's support easily, and there have been a handful of situations where I don't feel comfortable sharing certain details. When I've reached out to the support team through our engineering teams, things have been quite helpful, so that's good.

I have experience with Akamai Kona Site Defender for about three months. I work as an information security analyst in my company. I am a user, and my company is the solution's customer.

I can't comment on the stability of the solution. I haven't experienced or heard of any downtime or seen the system crash. Also, I haven't read super close attention to it. In short, it seems very stable to me, but I'm not the right person to comment on its stability.

I don't think that it is a scalable tool. I can say that it's optimized. I can't comment on whether it is scalable, but I know that a huge amount of data goes through it.

I have contacted the technical support team through our engineering group, which included a support engineer. The solution's technical support team seems to be pretty responsive.

It seems risky for me to rate the technical support due to my lack of experience with technical support. But, if we consider all the caveats, I would rate them between eight to nine out of ten. However, I'm unsure if this rating would benefit others.

Positive

The Akamai Kona Site Defender was up and running when I started in this new role. Although I have a background in Akamai WAF, I have never worked with them directly before, so this has been a good opportunity for me to delve deeper into the specifics of what they do. Looking at the documentation and doing similar things, I can see that they cover things similarly.

The support information is available on various platforms, such as community forums, support articles, and documentation. I found it challenging to locate the specific information I needed, but I attempted to do it myself without involving our engineering team. This process taught me a lot, but I realized that some of the information I learned earlier was not as relevant to the current situation, and much of the information was available within the tool itself rather than in offline documentation. It was an eye-opening experience for me, and I believe involving our engineering team or being more involved in the setup would have been helpful in finding the necessary information. I just tried to minimize the impact because our engineering team is always very busy. I tend to be self-directed when it comes to learning, and sometimes that can backfire.

The information I need is available and applicable to the specific things I'm looking for. I can also identify the roadblocks. So, in that sense, the solution is great. Overall, I would rate it nine out of ten.

As a media company with multiple properties, we utilize Akamai App and API Protector to manage and filter live traffic.

Akamai App and API Protector help us serve our customers better with a faster way to use multiple types of caching and multiple features. It also helps protect our systems.

Akamai provides complete logging and monitoring that can be used to provide visibility into traffic and attacks.

Akamai has helped free up our staff time.

Akamai when implemented in our system helps protect against attacks.

Customer support has room for improvement.

I have been using the Akamai App and API Protector for 14 years.

The technical support needs to improve. There is a minimum SLA but the number is large. Improving their SLA will help us solve our problems quickly.

Akamai is a CDN. A CDN helps us deliver traffic faster and more securely. As a media company, we have a variety of traffic sources, with different stories generating different amounts of traffic. If a particular story becomes popular, it will generate more traffic to that specific story or article. However, we don't need to increase our infrastructure because we use Akamai's CDN. Everything will be handled by Akamai's system before it reaches our infrastructure. This will also help us save costs.

I would rate Akamai App and API Protector eight out of ten.

We have not faced any challenges with the Akamai App and API Protector. It is a user-friendly app that we use for multiple purposes.

I have yet to explore the protection side of Akamai's features but we will be looking into those soon.

The product is used as a web application firewall for Layer 7, Layer 3, and Layer 4 DDoS protection. It is also used for caching, acceleration, and faster delivery.

The product has a good UI. It is an easy-to-use solution.

The solution should improve the monitoring tool a little bit. The performance of the cloud monitoring tool is low.

I have been using the solution for five years.

The product is stable.

More than 100 people are using the solution in my organization.

The solution is easy to implement because Akamai provides support.

The solution is expensive.

People should definitely use the product. Most of the time, it will fulfill our requirements. The tool has many customers. The tool requires a lot of tuning. Overall, I rate the product an eight out of ten.

We are using the product mainly for our content delivery network and e-commerce. When the users go to our site, they get redirected to Akamai, which acts as a firewall and gets information from the cache or our web servers.

The solution allows us to cache content for geographic availability. It allows us to filter out countries where we are not doing business.

The ability to filter unwanted IP addresses is valuable to us. I'm pretty satisfied with the solution. The product has a good user interface.

The product should provide a secure NTP. We would like Akamai to offer it rather than going to another vendor to buy it.

My organization has been using the solution since 2018.

We have had no issues with the product’s stability. I rate the stability a ten out of ten.

The solution has strong scalability. I rate the scalability a ten out of ten.

The technical support has been prompt. I'm pretty happy with it.

It would be difficult to conduct the type of e-commerce that we have without the product, especially given the security requirements for an online retailer.

The product’s price is high.

It is a cloud-based solution, and we are using the latest version. We recently cut over our internal DNS to Akamai’s hosted DNS. Akamai provided us with quite a bit of support with it. The deployment process of Akamai’s DNS was pretty straightforward. 

If a company is planning to use the solution, they need to ensure that the people that are going to be involved with the product get trained appropriately. The learning process is not straightforward. We should take advantage of the training provided by Akamai. Overall, rate the solution a nine out of ten.

We use Akamai Web Application Protector to block IP addresses and countries. If for example, you don't want users from Amazon AWS, you could configure it to block them. 

It also has safeguards against common attacks like SQL injection. It does support some advanced custom rules, but you'll need someone from Akamai to code them. That isn't very user-friendly. 

They have a fantastic tool for analyzing and viewing your traffic. You could look for traffic spikes. You could search for spikes by IP address. You could examine traffic by IP address to see if there are any spikes from a particular IP address. 

It is an expensive service with many features. It's difficult, I suppose, to summarise it so quickly. However, it is relatively simple to locate and block IP addresses.

The custom rules were difficult to use. Overall, it works well. I don't have many complaints about it. Because it's a lower-end tool, it's not very good at dealing with bots and requires the use of a Bot Manager.

It's fine for a simple tool, but as I recall, if you encounter a lot of bots, scrapers, and other things, you'll need this tool bot and this other thing they offer called Bot Manager.

We have been working with Akamai Web Application Protector for two years.

It's been managed for us. As far as I'm aware, everything is managed in their cloud.

Akamai Web Application Protector is exceptionally stable; after all, it is Akami.

It is effective. It works when it works. They have very nice traffic analysis where you can really slice and dice and get down to the nitty-gritty. And, they have rules that you can set up to block certain things. I haven't looked at this thing in a long time, and I see they've changed it.

Akamai sees one-third of all web traffic. In terms of scalability, it can be scaled to any size you want.

I am confident that it can handle all of your traffic and then some.

In general, technical support is good. It's gotten better, in my opinion, since the beginning.

Since about two years ago. Everything is fine. I have a dedicated person. I'm not sure how other customers handle things. The thing about Akamai is that they are Enterprise. It's high touch. They charge a lot of money. They provide high-touch support, you will be assigned a dedicated team, and hopefully, it's a strong team.

Unlike Cloudflare, when I looked at their offerings, Cloudflare provides a free tier. Akamai doesn't have a free tier; you can visit their website for free, but that's about it.

Cost depends on the volume of traffic. I'm not even going to give you a number because everything is priced individually for you, the customer, based on traffic.

It's a four out of five. It works, it's a little pricey in my opinion, but overall, I'd give it a four. The device works.

I would rate Akamai Web Application Protector a seven out of ten. It does a lot, and for what it does, it works; for what it doesn't do, a Bot Manager is required.