If you were talking to someone whose organization is considering Akamai Kona Site Defender, what would you say?
How would you rate it and why? Any other tips or advice?
We are just customers and end-users. We don't have a business relationship with the company. I would recommend the solution. It depends on what the organization wants, however. If you're going for cost optimization or whether you are looking for a through and through security feature, it might vary in its acceptability. It depends on what exactly you want and your company's priority. However, overall, it's a good product. In general, I would rate the solution at an eight out of ten. We've mostly been quite satisfied with it.
Programmability in the cloud is very important. So whatever we can program by APIs and define by API is very important in the infrastructure. I would rate this solution an eight out of 10.
My advice for anybody who is evaluating this solution is to first evaluate your needs, and then check to see how much you need to put into this solution. The biggest lesson that I have learned from using Site Defender is that you should do an analysis first, to see how it will fit into your ecosystem. You decide whether to buy it based on that, rather than because it is a good product. You have to make sure that it is compatible with your environment. Overall, I am happy with Site Defender because what it's doing, it's doing well. I can't think of a single feature that might be missing. I would rate this solution an eight out of ten.
As far as DDoS protection is concerned, I'm firmly in the Akamai Kona box. In terms of consistency, I think people should consider API-based adoption for Kona configuration. That gives us a broader state which looks and feels the same, and a small team can support it rather than needing a large team to support it. For what it does, it's really good. For what we want it to do, there's room for improvement. I'd give it an eight and a half out of ten. In order for it to be a 10 I would say that it should be one of the market-leading WAF solutions and not just a volumetric solution.
Keep your eyes open. There are a lot of solutions out there. You can even see products being deployed in the public cloud, which is nice for scaling up. Keep your eyes on the horizon. There's a lot to look forward to. For Kona, we use several products, including their Site Acceleration Services. Our security maturity is very different from when we first started using Akamai.
Has anyone migrated from Akamai services to AWS Cloud front and WAF? Can you please share your experience on this process and on using Amazon CloudFront and AWS WAF?
Thanks for the help!
We required a 24/7 automated vulnerability monitoring tool for securing our web applications. We are looking for options like Sitelock and Immuniweb.