/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Akamai Technologies Inc., today announced that several improvements to its Kona Site Defender web security solutions have been shown to result in dramatic improvements to Web Application Firewall (WAF) accuracy.
Customers using Akamai's new default WAF rules configuration experienced, on average, 96 percent accuracy based on measurements that use the Matthews Correlation Coefficient (MCC) scoring. The accuracy levels demonstrated by Akamai's out-of-the-box WAF configuration, represented by a reduction in reported false positives and false negatives, help customers better identify and block attacks while at the same time allowing legitimate traffic to pass.
As part of an initiative to provide its customers with WAF technology designed to be as accurate as possible, Akamai developed a custom-built, closed loop test framework for processing a vast amount of attack traffic data collected from the Akamai Intelligent Platform.
The ability to analyze attacks as they happen "in the wild" (representing an average throughput of 1.5 TB of data and over 10 billion WAF events per day) allowed the security engineering team to craft an improved rule set that detects and blocks more attack vectors without impacting legitimate user traffic.
Further, Kona Site Defender's WAF now includes protections designed to detect and block some of the newer, popular attack methods that other WAFs do not detect without extensive tuning, such as PHP Injections and Remote File Inclusions.
Part of the Company's Kona Site Defender web security solutions, the Kona WAF is a highly scalable edge defense service architected to detect and mitigate potential application layer attacks such as Distributed Denial of Service (DDoS) attacks and SQL injection attacks in HTTP and HTTPS traffic as they pass through Akamai's Intelligent Platform in their attempt to reach customer data centers.
The Kona WAF is designed to scale instantly to preserve performance and filter attack traffic close to the source of the attack, protecting customer infrastructure and keeping web applications up and running.