Akamai App and API Protector Reviews

It's mostly used for hosting a website or a domain online and protecting them from the application layer attacks.

I would say that the solution has made connectivity a lot easier. Now, people can connect to websites very easily, and also, with the load balancing that the solution has introduced, one won't face that many DDoS attacks happening. Akamai Kona Site Defender has worked on the aforementioned areas since we used to face a lot of load on the original server earlier. Now after taking the service of Akamai Kona Site Defender, the load has decreased as it is mainly falling onto edge servers of Akamai. They have also put caching as a service, and so they also cache on their own. Hence, we don't have to take that much load on the servers. We can use the server load on the original servers.

Akamai has a very great history in the CDN market. Like, if we talk about the present, 40 percent of cases go through Akamai CDN only. If I talk about an area of improvement today, if we talk particularly about protecting against the application layer attacks data, CloudFlare is leading the market. So I would recommend Akamai also to move ahead in that segment. If they do it, then they won't be any competitors in that segment because they would be the best.

Right now, Akamai CDN is a leading tool in the market. So, no one can compete with the tool. If we talk about application layer attacks, including WAF, CloudFlare is leading. Akamai can focus a bit more on the application layer attacks and how to protect them. Akamai can be a real game changer in the market. Akamai should try to be better than CloudFlare.

I would not like to add anything. It's perfect till now, so it should remain like that.

I have been using Akamai Kona Site Defender for around a year. My company is a customer of the solution.

It's a stable product.

There are a lot of people using the solution in my company. In our company, around ten people use the tool, but globally it has a lot of users.

I have contacted the support team of Akamai. I rate the technical support an eight and a half out of ten. I am happy with their responses and answers to my problems.

Positive

The solution is deployed on Akamai's native cloud. The initial setup was easy, but you need to have good knowledge about application layer attacks, HTTP protocols, and everything. Also, about caching, one needs to have good knowledge, and only then will you be able to configure the domain and set it up. Also, if someone doesn't have any experience setting up won't be an issue, but they should know what they are doing. So, if they are not familiar with the protocols and the basic things, then it will be very tough for them to understand what is happening, what to do, and how to configure.

Price-wise, I would say Akamai's pricing is competitive.

My company chose the tool since the PoC provided was good and was sufficient enough for the company to decide to move ahead with the product.

I would definitely recommend the solution to those planning to use it since it has an easy interface, so you can understand things easily. You can easily, through the interface, understand what is happening and how to do the monitoring and move forward with that.

Since the tool has proven a lot in securing our website a lot of times and reducing the latency or the speed-related issues, the customers were facing earlier. 

I rate the overall solution a nine out of ten.

The tool protects organizations from attacks, SQL injection, and DDoS attacks. We mostly used it for DDoS attacks.

The solution clearly shows us what is happening in the background in real-time. All the rules we implement work exactly as expected. The product is user-friendly.

All the features in the product are very good. The IP/Geo Firewall can block access based on the geographic location of the IPs. The product has WAF and custom rules. The tool provides DDoS protection and IP reputation. It is a good package. I recommend all the features to others.

The custom rules must be improved. If we have a domain to be monitored, we can use the solution to alert us if a certain specification is met. If we need only 20,000 transactions, but there are 40,000 transactions, the product alerts us about it. We don't have the option to block it. The tool must provide the users with such options.

I used the solution three months ago.

I have not faced any issues with the tool’s stability.

The tool is scalable. Around 400 people use the solution in our organization.

The technical support team has to improve on its availability.

The product is cloud-based. The deployment process is very easy. Once the domain is integrated, the solution automatically protects against DDoS. The deployment takes only a few hours. It’s a pretty simple integration. It protects all the domains automatically, irrespective of specific paths. For example, facebook.com/login will be protected automatically. We need not integrate it manually.

Akamai has its own staging environment. To implement a change, we add it to the staging environment and ask the relevant team to test it. If it’s okay, we enable it in production. It is a good feature. I do not see this feature in other products.

The product is expensive, but it is worth the money.

A person unfamiliar with Akamai can learn to operate and check the product in 30 minutes. It’s a user-friendly tool. People must keep a check on the cost of the product because the cost is based on the data usage. Overall, I rate the tool a ten out of ten.

The majority of our traffic is app-based. We are a mobile-focused company. We have a news aggregation platform, and we have a TikTok type of social media platform in India. It is one of the largest platforms. Everything is on mobile applications, so we have a heavy use of APIs. We use Akamai App and API Protector to look at the traffic patterns and identify malicious traffic. There are people who try to inject malicious data and get into our infrastructure, we also use it for that. These are two use cases for which we use Akamai App and API Protector.

With Akamai App and API Protector, we mainly wanted to implement security on the edge rather than bringing it on-premises. We have more than 300 million users. We have quite distributed traffic. We cannot bring all the traffic in and do the slice and dice to identify threat factors. We just want to address it at the edge, which helps us to get clean traffic. That was a major reason. Because it is a publishing and UGC environment, a lot of bot activities are there. They want to get content from our sites and put it somewhere else. They want to make traffic out of it. To identify that, our resources were getting burned, and we just wanted to protect them from that. That was one key reason for implementing Akamai App and API Protector.

By implementing Akamai App and API Protector, we could address these challenges. We were able to filter out quite a lot of bot traffic or the traffic run by scripts. On the WAF side, we have seen a lot of accesses and command line injections happening on the system. We were able to isolate those as well.

With Akamai App and API Protector, we have attack traffic visibility. It does whatever we define as a baseline. Anything that reaches the baseline is called an attack. That is how the system understands an attack. They have ASG that gives automatic recommendations to reduce false positives, but in some use cases, it is still tricky. When we have highly variable traffic, we have to keep improving or altering our configurations according to the traffic pattern that we are anticipating. It is a manual effort that has to be done because only we know when the traffic is going to surge. For example, when there is a cricket match, we know that the traffic is going to surge, so we may need to slightly adjust certain parameters to adapt to that. Otherwise, that traffic will be identified as malicious traffic and get denied. 

Akamai App and API Protector is able to do the cleaning of the traffic so that it reaches the origin. Generally, we are prepared for higher capacity because we do not know when an event can occur and there could be a surge in traffic. Akamai App and API Protector has helped us to clean the traffic to reach the original pages, which is necessary.

To protect our apps and APIs from new and emerging threats, their support team consistently reaches out to us. Whenever a new CVE is there, they implement the patches directly into the portal. The good part with Akamai is that we have an option to review a patch, and if we want, we can apply it. Many solutions in the market are already patched at the backend, so there is no question of monitoring whether that patch is required or not, whereas with Akamai, whenever they apply a CVE, I have the option to review whether it is required or not, and because of that CVE, whether I have some issues with my current traffic pattern. There can be a false positive and the traffic might be getting denied. I can then look into that. 

Traffic filtering and WAF are valuable. We have to have something on the edge for protection. The majority of our traffic is routed via Akamai. So, it adds value to our security.

I have given them a couple of suggestions through email. One thing I asked them is to integrate the API discovery product that they have and push that data into Akamai App and API Protector so that we do not have two types of reviews to identify the type of traffic. We already know the APIs that are frequently getting used, so analysis becomes easier. We can integrate both products and use them.

Another request was to be able to segregate traffic for different app versions. A few of the APIs are already out in the market and are built into the applications. We cannot go and change those applications. Those applications are still being consumed, so we need a different strategy for those applications, whereas modern new applications are built using a different design. We have quite a lot of versions deployed since 2008, so designs are very different, and applying the rate limit for each API has its own challenges.

Its pricing can be slightly better.

From a security solution standpoint, we have been using it for three years.

Its stability is amazing.

It is quite good. We tested it, and we have seen the scale that it can handle.

They address the queries in a timely manner. They do not delay it, but in security, there could be a slight slowness in terms of assessing what can go wrong while trying to fix a problem. This can slow down certain processes. Sometimes when an attack happens, we need to act immediately on it, but blocking something just by looking at the pattern is not always the right thing. It might be the right thing for an immediate fix, but if you look at the damage it can cause, it can get complicated.

It was not challenging. It was smooth. I did not find it very complicated. We also have a self-service model on Akamai. That was also not challenging. Their security portfolio is still evolving. Certain features and certain documentation have to be more detailed, but we did not face too many challenges while doing the basic things.

Its price is slightly high. Every company has a justification for the high price. Overall, it feels worth the money based on how the service has been structured, but we do negotiate it.

We did a couple of PoCs. We went for Akamai App and API Protector because the majority of traffic is driven through Akamai. Their support is good. The product is meeting the need.

In terms of comparison, from a solution standpoint, there are different modules and different offerings. The industry is moving at the same pace from a solution standpoint. The differentiation comes in terms of how the service is provided and what scale it can support as a security solution. It is not only about features.

We also use Linode, but it does not interact with Akamai App and API Protector. It is an independent deployment.

I would rate Akamai App and API Protector an eight out of ten considering the pricing and multiple products available in this sector. It meets my needs, and I would recommend it to others.

We are using the product mainly for our content delivery network and e-commerce. When the users go to our site, they get redirected to Akamai, which acts as a firewall and gets information from the cache or our web servers.

The solution allows us to cache content for geographic availability. It allows us to filter out countries where we are not doing business.

The ability to filter unwanted IP addresses is valuable to us. I'm pretty satisfied with the solution. The product has a good user interface.

The product should provide a secure NTP. We would like Akamai to offer it rather than going to another vendor to buy it.

My organization has been using the solution since 2018.

We have had no issues with the product’s stability. I rate the stability a ten out of ten.

The solution has strong scalability. I rate the scalability a ten out of ten.

The technical support has been prompt. I'm pretty happy with it.

It would be difficult to conduct the type of e-commerce that we have without the product, especially given the security requirements for an online retailer.

The product’s price is high.

It is a cloud-based solution, and we are using the latest version. We recently cut over our internal DNS to Akamai’s hosted DNS. Akamai provided us with quite a bit of support with it. The deployment process of Akamai’s DNS was pretty straightforward. 

If a company is planning to use the solution, they need to ensure that the people that are going to be involved with the product get trained appropriately. The learning process is not straightforward. We should take advantage of the training provided by Akamai. Overall, rate the solution a nine out of ten.

As a media company with multiple properties, we utilize Akamai App and API Protector to manage and filter live traffic.

Akamai App and API Protector help us serve our customers better with a faster way to use multiple types of caching and multiple features. It also helps protect our systems.

Akamai provides complete logging and monitoring that can be used to provide visibility into traffic and attacks.

Akamai has helped free up our staff time.

Akamai when implemented in our system helps protect against attacks.

Customer support has room for improvement.

I have been using the Akamai App and API Protector for 14 years.

The technical support needs to improve. There is a minimum SLA but the number is large. Improving their SLA will help us solve our problems quickly.

Akamai is a CDN. A CDN helps us deliver traffic faster and more securely. As a media company, we have a variety of traffic sources, with different stories generating different amounts of traffic. If a particular story becomes popular, it will generate more traffic to that specific story or article. However, we don't need to increase our infrastructure because we use Akamai's CDN. Everything will be handled by Akamai's system before it reaches our infrastructure. This will also help us save costs.

I would rate Akamai App and API Protector eight out of ten.

We have not faced any challenges with the Akamai App and API Protector. It is a user-friendly app that we use for multiple purposes.

I have yet to explore the protection side of Akamai's features but we will be looking into those soon.

Our company uses the solution to access and protect web applications. We have over 150 customers who use the solution. 

It is very easy to set WAF rules and defend paths.

The solution easily identifies, delays, or allows business traffic. 

There are many integration options available in one platform. 

The solution could offer even more integrations. 

I have been using the solution for one year. 

The stability is pretty good. 

The scalability is very good. 

The technical support is good so is rated a ten out of ten. 

Positive

The setup is easy and straightforward. 

We implement the solution for customers and can onboard within four hours. 

The solution is not expensive. 

I recommend the solution because it is a self-tuning engine for WAF rules. 

I rate the solution a ten out of ten. 

We use Akamai Kona Site Defender because we need CDN. We have mobile apps, and we host them internally. Sometimes, we also deploy an IPA file for iPad. I think all the users from our distributor are going to download directly from our server. We use Akamai to distribute all the IPA files to our network provider without any significant latency for our distributor.

I like that the charges are all based on usage and labor costs. For the time that we spend onboarding almost 252020 FQDN, Akamai charges us only for the traffic usage, but it's only charging us for the labor costs for onboarding.

It would be better if there weren't any issues with latency. We had latency issues, but I think they are all solved now.

Akamai Kona Site Defender has been stable so far.

Because our third-party partner has a good relationship with Akamai, I think they can call the Akamai to join the incident call when an incident is happening. I think they're quite good and responsive for that. There is also a lot of documentation online regarding troubleshooting.

The initial setup is quite easy because we mainly outsource it to another company.

We just ask the third-party provider to implement the solution or engage Akamai and make some changes.

There is no license at all for Akamai. They are going to charge us only for the usage.

I would recommend this solution to potential users. I think if the FIC has a CDN, it's easier in terms of onboarding. In terms of the commercial part and charging, I think Akamai is more efficient. I think it's important to have a CDN feature inside.

On a scale from one to ten, I would give Akamai Kona Site Defender a nine.

We used Akamai Web Application Protector for protection from layer seven attacks.

Akamai Web Application Protector is a good solution that provides basic web application protection. The solution is quite cheap compared to Kona.

It would be nice if Akamai Web Application Protector's price is lowered and made cheaper.

I have worked with Akamai Web Application Protector for three to five years.

Akamai Web Application Protector is a stable product.

Akamai Web Application Protector is a scalable product.

The solution's technical support team will define its SLA and respond to you within the SLA. Even if they don't find any solution, they'll return and tell you they are still working on the issue. They're quite open, and they work within their SLA.

Positive

The solution's initial setup was easy because it provided support for the implementation.

Akamai Web Application Protector is an expensive product.

We used the solution on the Akamai cloud. The solution's integration with other tools is very easy. The solution's UI or user interface is good. The solution is user-friendly and easy to implement. It is also very easy to understand how to implement it. You can understand the features quickly if you want to use it.

Akamai Web Application Protector is a good product that fulfills the customer's requirements.

Users should use Akamai Web Application Protector if their budget allows them to use it because it is quite a mature and expensive product.

If any customer needs improvement in Akamai Web Application Protector, they should go for Kona.

Overall, I rate Akamai Web Application Protector an eight out of ten.