Akamai is one of the world’s largest DDoS protection service providers. It offers two kinds of service that use different protection measures: Prolexic and Kona Site Defender.
Prolexic is grounded in border gateway protocol (BGP) that routes Internet traffic to a scrubbing center for traffic monitoring and inspection. It is effective on all ports. Akamai has high capacity scrubbing centers situated around the world, which work in conjunction with the security experts in its 24x7x365 Security Operations Centers (SoC). Akamai says, “Prolexic offers the capacity and intelligence to mitigate even the largest and most complex attacks, whether they’re network-layer (such as UDP or SYN floods), application-layer (such as HTTP GET or POST floods), or even new, never-before-seen types of attacks”. Prolexic’s BGP routing service is considered a market leader, but it is also thought of as being a ‘get what you pay for’ service and is expensive.
While Kona Site Defender doesn’t offer BGP rerouting, it is an online proxy-based service, which differs from Prolexic by only allowing traffic through ports 80 (HTTP) and 443 (HTTPS). This means it can filter and absorb traffic targeted at the application layer. The product suite includes KONA DDoS Defender for layer 3 & 4 protection and KONA Site Defender for layer 7.
The service is always on and offers large bandwidth and capacity. Kona is not a CDN, but the fact that it is built upon one helps ensure optimization; for instance, Kona can cache static content and send it to the attacker. It also offers deep packet inspection. Kona’s software scans beyond the header of each packet into the body to ensure it is not carrying any malicious content.
Kona separates blacklisted IPs into four categories: scrapers, scanners, generic web attackers and DDoS bots. Scrapers are bots that mine website’s for information, scanners search for vulnerabilities and DDoS bots take advantage of the vulnerabilities that scanners find. Akamai also assigns scores based on the IP address’s tendency to source attack traffic, allowing the client to choose to allow, alert or automatically block the suspicious IP address.
Kona also has a web application firewall that inspects traffic on an individual level. This tool just works against web-based attacks, but it is an option for businesses only needing web protection. Limited customization is also available via Kona’s management dashboard, which lists out important data such as reports and attack rates.
Kona does not offer protection for hardware, but Prolexic does, so the two can be used in combination.
One of the primary advantages of selecting Akamai is the scale of their network. They have over 2,000 PoP globally, allowing them to handle attacks of any size. It can take some time to set up and often requires professional services to configure and maintain it, so Akamai is generally a choice made by the large enterprises rather than the SMB market.