Akamai App and API Protector Room for Improvement

Pranav Vashisht - PeerSpot reviewer
Dev Ops at a media company with 501-1,000 employees

There are some challenges. I have been interacting with their support about an issue. In terms of precedence of Akamai rules, the last one is implemented. That is the one that is operational. If two rules contradict, the last one is implemented. We had a clash, but it was really tough to find that out. I would like to have a rulebook because, in their architecture documentation, it is not mentioned anywhere that if two rules clash, the last one works, and if it does not work, then what to do. This is something we were debating today with their tech support. With AWS, we get documents for the issues so that they do not occur in the future. Akamai's support and knowledge base needs to be improved.

View full review »
PallaviSharma - PeerSpot reviewer
Platform Engineer at a retailer with 10,001+ employees

We are experimenting with EdgeWorkers to write our own code at the Edge level. That is something that came last year. Not a con but we could grow to be much better.

Additionally, it needs to keep on evolving with the latest bot trends. Nowadays bots are evolving daily and Akamai has to come up with a solution that is able to keep up with the pace of these evolving bots.

View full review »
Bharat Chandra - PeerSpot reviewer
Head of DevOpps at Indian express

We did a PoC of Akamai and Cloudflare. One area where Akamai can improve is the captcha part. Cloudflare provides a captcha if there are a certain number of threats. For example, I can assign that if there are 10 requests within a second from a single IP, it should send a captcha to the user. The user should fill in the captcha, and only after that, the user should be able to access our website. This captcha feature should be built into Bot Manager. I love this captcha feature of Cloudflare. Other things are good in Akamai. That is why we are using Akamai. Only the captcha part should be implemented.

View full review »
Buyer's Guide
Akamai App and API Protector
March 2024
Learn what your peers think about Akamai App and API Protector. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Rahul_Agarwal - PeerSpot reviewer
GM IT at a recreational facilities/services company with 1,001-5,000 employees

A lot of piracy happens in India and other countries. If there is a product for protection from piracy, it would be great. For example, there are multiple hackers that hack your event, and there are some channels that pirate and publish the event on some other website. We protect our streaming through DRM and different technologies. We are also protecting the website, but hacking is still happening. If they can work on protecting from piracy, it would be great.

View full review »
ON
Security Analyst at a financial services firm with 10,001+ employees

In terms of improvement, from my point of view, it may seem a little selfish to comment as we focus on CVEs. On the other hand, Akamai addresses only the big pressing issues explicitly in their rule set. Though this is the right approach as vulnerabilities change over time, and there are an enormous amount of CVEs to block individually, Akamai needs to focus on quickly responding to risks, even those that may potentially be of zero threat in a day. While I don't believe they claim to prevent all attacks, Akamai's WAF seems very effective in preventing people from scanning for vulnerabilities. It can adaptively make decisions based on a variety of factors, including specific WAF data and threat intelligence. While I can't speak to the totality of their activities, I do know that they quickly patch any effective workarounds discovered, even before the issue is publicly released. While there are certain complexities in the security environment and many variations on the same types of attacks, Akamai's WAF seems to work very well.

Majorly, there are an awful lot of complexities in many ways, including the variations it provides to do the same thing. There is a really high volume of attacks, and the tool seems to work very well, as far as I can tell.

From my perspective, the setup wasn't easy, but I could do it pretty quickly and get my head around how it was working. I think the interface is pretty slick because they were tracking many different factors, not just for Akamai Kona Site Defender but for other tools in there as well. Specific patterns or time patterns rolled up might be interesting to see for time frames, and there may actually be a way of doing it that I just haven't found yet. However, that's a little outside the realm of what I'm doing, so I'm not too concerned about it. I don't really have an issue with what they've done. Maybe some of the documentation is a little confusing. They have a lot of different places where you can go to get information, and some of the information is quite out of date. They have stopped 2018, which predated the release of the adaptable test. When I started out, I was wrong with my or maybe I have a big list of CVEs and everything, but I think that they feel like Akamia’s real set of rules would be able to block vulnerabilities if you don't have an accept or whatever. It doesn't really work that way unless they're right to do it that way or to not do it that way. They call out really big things like Struts vulnerability, Log4j, and any vulnerabilities like that. They will do a press release or a blog post that basically states that they have taken care of it, and this is the rule number that one should look for depending on one's implementation. So, I feel that's great and really helpful. That's the sort of thing I want to know. From a purely self-testing perspective, it's lovely to have the mapping for every single CVE, but I understand why they don't, and I think it's right not to provide such a feature. I think the idea is that you have to look at it specifically for what they needed to do and where they're operating. One can reach out to Akamai's support easily, and there have been a handful of situations where I don't feel comfortable sharing certain details. When I've reached out to the support team through our engineering teams, things have been quite helpful, so that's good.

View full review »
Archana Heeralal - PeerSpot reviewer
Member of Technical Staff - Information Security at PayPal

It would be nice if Akamai Web Application Protector's price is lowered and made cheaper.

View full review »
Aman Aijaz - PeerSpot reviewer
Assistant Manager Global Security at Convergys Corporation

Akamai has a very great history in the CDN market. Like, if we talk about the present, 40 percent of cases go through Akamai CDN only. If I talk about an area of improvement today, if we talk particularly about protecting against the application layer attacks data, CloudFlare is leading the market. So I would recommend Akamai also to move ahead in that segment. If they do it, then they won't be any competitors in that segment because they would be the best.

Right now, Akamai CDN is a leading tool in the market. So, no one can compete with the tool. If we talk about application layer attacks, including WAF, CloudFlare is leading. Akamai can focus a bit more on the application layer attacks and how to protect them. Akamai can be a real game changer in the market. Akamai should try to be better than CloudFlare.

I would not like to add anything. It's perfect till now, so it should remain like that.

View full review »
Archana Heeralal - PeerSpot reviewer
Member of Technical Staff - Information Security at PayPal

The solution should improve the monitoring tool a little bit. The performance of the cloud monitoring tool is low.

View full review »
KE
Cyber Recovery Lead at a insurance company with 10,001+ employees

The custom rules must be improved. If we have a domain to be monitored, we can use the solution to alert us if a certain specification is met. If we need only 20,000 transactions, but there are 40,000 transactions, the product alerts us about it. We don't have the option to block it. The tool must provide the users with such options.

View full review »
AK
Sr Manger DevOps at Foundit

I do not see any area for improvement. Akamai is already maintaining its own databases for the security concerns, vulnerabilities, and attacks that are there. If anything, they should have a solution in the infrastructure security area as well. They should not be only in cloud cybersecurity; they should also be in infrastructure security.

View full review »
Anoop Mohan - PeerSpot reviewer
Associate Director at a computer software company with 201-500 employees

I have given them a couple of suggestions through email. One thing I asked them is to integrate the API discovery product that they have and push that data into Akamai App and API Protector so that we do not have two types of reviews to identify the type of traffic. We already know the APIs that are frequently getting used, so analysis becomes easier. We can integrate both products and use them.

Another request was to be able to segregate traffic for different app versions. A few of the APIs are already out in the market and are built into the applications. We cannot go and change those applications. Those applications are still being consumed, so we need a different strategy for those applications, whereas modern new applications are built using a different design. We have quite a lot of versions deployed since 2008, so designs are very different, and applying the rate limit for each API has its own challenges.

Its pricing can be slightly better.

View full review »
BG
Network Administrator at Tommy Bahama

The product should provide a secure NTP. We would like Akamai to offer it rather than going to another vendor to buy it.

View full review »
PradeepKumar9 - PeerSpot reviewer
Manager of Infrastructure and Cloud at Foundit

Akamai App and API Protector is very new to me, so I do not have any insights on improvement areas for the product. However, when we ask for some help, it can take some time. We understand that the job is done by professionals, but if that time can be reduced, it would be great.

View full review »
RB
Head of Infrastructure at AIA

It would be better if there weren't any issues with latency. We had latency issues, but I think they are all solved now.

View full review »
CF
Senior Security Engineer at a comms service provider with 10,001+ employees

They are already very flexible, but room for improvement is there. Reports generation could be better and should be improved.

View full review »
LJ
Sr Manager Dev Ops at a media company with 10,001+ employees

Customer support has room for improvement.

View full review »
Bill Lee - PeerSpot reviewer
Cloud Architecture Consultant at Metaage

The solution could offer even more integrations. 

View full review »
SZ
Chief Technologist at a financial services firm with 11-50 employees

The custom rules were difficult to use. Overall, it works well. I don't have many complaints about it. Because it's a lower-end tool, it's not very good at dealing with bots and requires the use of a Bot Manager.

It's fine for a simple tool, but as I recall, if you encounter a lot of bots, scrapers, and other things, you'll need this tool bot and this other thing they offer called Bot Manager.

View full review »
AC
CTO at a tech services company with 10,001+ employees

The WAF features definitely have a lot of room for improvement. A lot of the WAF is really basic. For some products or some of our solutions, we need to run a second layer of more advanced WAF. If it had better layer seven protection then we would not need a second WAF.

We use Akamai because it's good at what it does. There are some other things that we would like it to be good at and it's not that good. Quality of protection is our primary concern.

We need more advanced layer seven protection, SQL injection, applied scripting, and more confidence in the precision of the system. I think all of those things would be very useful for us.

View full review »
Neha Shakyawar - PeerSpot reviewer
Head of Information at a leisure / travel company with 51-200 employees

The product really isn't very user-friendly. They could improve it so that it's easier for their customers to navigate and use. From a management perspective, it's difficult. Managing these rules with the product isn't easy. It is not taking into account that this might be used by somebody who doesn't necessarily excel in IT. It should be more accessible to everyday users. For example, report generation should be much simpler to handle. It shouldn't be a complex task.

The pricing could be reduced a bit.

They should provide an image optimizer and have it included within the package due to the fact that ultimately all websites that have high content are looking for this.

View full review »
YA
Co-Founder and CEO at PT Eugenea Kreasi Utama

Support and the pricing need to improve. I would rate this area a six out of ten.

View full review »
TI
Head of Cloud Security & DevSecOps at a financial services firm with 11-50 employees

The interface is a little bit clunky and can be improved. It takes a while to get from here to there.

View full review »
IA
Solutions Architect, Cloud & SDDC at a computer software company with 5,001-10,000 employees

I think there could be an improvement with the integration of more features for each security. Possibly inline IPS and more granularity for configuration.

I'd like to see incremental or integrated security features or maybe even for our transit anti-malware. It goes hand in hand with things like DLP. 

View full review »
it_user628032 - PeerSpot reviewer
Senior Security Analyst at a tech company with 10,001+ employees

They should allow for multiple security configurations in one account which will enhance the scalability.

For business partners/resellers, there are minor issues that you can encounter when switching between the customer environments.

View full review »
GL
Security Architect at a retailer with 10,001+ employees
  • I would like to see some non-related reputation categories. If they had some way of detecting activity on their platform, that would be helpful.
  • Web request analytics is hard to do between them and us.
  • There are some issues with pushing configurations across a network. It still takes about 20 minutes and that means to retract it's another 20 minutes.
  • Also, some of their monitoring dashboards that show us what's hitting us, and with which we analyze, have room for improvement.
View full review »
it_user299736 - PeerSpot reviewer
Infrastructure Manager at a tech vendor

Cloud security solutions combination

View full review »
Buyer's Guide
Akamai App and API Protector
March 2024
Learn what your peers think about Akamai App and API Protector. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.