Kona Client Reputation
Stop malicious clients before they can attack, based on Akamai’s visibility into prior behavior of individual IP addresses
IMPROVE SECURITY DECISIONS
Client Reputation provides Kona Site Defender customers with an additional layer of protection against DDoS and web application attacks. Using Client Reputation, customers can automatically block requests from IP addresses that Akamai has rated as malicious, based on dozens of heuristics run against a database of more than 20 TB of daily attack data.
Client Reputation scores can be shared with back-end security systems.
BUSINESS BENEFITS
- Improve brand and customer confidence
- Increase confidentiality, integrity, and availability
- Reduce business risk from under-provisioning Web application firewalls
OPERATIONAL AND TECHNICAL BENEFITS
- Improved security decisions
- Forecast intent before exploitation
- Provides an additional layer of application security
Kona Client Reputation
While Kona Site Defender focuses on attack vectors, Client Reputation focuses on attack sources.
Client Reputation data is used to improve security decisions. Billions of IP addresses interact with the Akamai Intelligent Platform every month. The Client Reputation module provides information to our customers regarding the reputation of each of those IP addresses.
While Kona Site Defender focuses on attack vectors, Client Reputation focuses on attack sources. Thus, Client Reputation complements Kona Site Defender’s protection against downtime and data theft. Customers use Client Reputation to better protect their applications against DDoS and application layer attacks. It does this by identifying and sharing with customers the likelihood that particular IP Addresses fall into one of the following “malicious” categories: web attackers, Denial of Service (DoS) attackers, scanning tools and web scrapers. The Client Reputation Module also injects the information it gathers into http headers, thus making the information it gathers available for further use by the customer’s existing security systems.
Client Reputation leverages advanced algorithms to compute a risk score based on prior behavior as observed over the Akamai network.
The algorithms use both legitimate and attack traffic to profile the behavior of attacks, clients and applications. Based on this information, Akamai assigns risk scores to each IP Address and allows customers to choose which actions they wish to have Kona Site Defender perform on an IP Address with specific risk scores.
Client Reputation data is used to improve security decisions. The accuracy of any reputation service is highly dependent on the quality and quantity of data. Akamai’s position as a central hub in the web ecosystem provides it visibility into massive amounts of data. The data is collected and analyzed by Cloud Security Intelligence, Akamai’s big data security platform. The breadth and scope of the Cloud Security Intelligence platform enables us to deliver reputation services well beyond anything available in the market today.
Features
Client Reputation is available as a premium module for Kona Site Defender customers and includes the following features:
- Cross-customer correlation: Correlation of client requests across different customers and identify malicious intent.
- Client risk score: Risk scoring based on previous behavior. The client risk score is based on several factors, such as the persistency of the attacker, number of target applications, severity of the attack and magnitude.
- Reputation controls: An interface that gives the customer the ability to filter malicious clients based on their behavior and risk score by either alerting or denying access
- Header injection: Injection of an additional request header with information on behavior and risk score so that the customer’s back end systems can act upon it.
- Client investigation: Access aggregated data to investigate the cause of a risk score in the last 30 days. Aggregated information is collected for each score-changing event.
- Multiple categories
The client reputation module has the ability to associate potentially malicious activity with the following types of attackers: - Web attackers – Someone performing generic attacks such as SQLi, RFI, or XSS.
- DoS attackers – someone using tools such as LOIC and HOIC to launch denial of service attacks.
- Scanning Tools – tools used to scan web applications for vulnerabilities.
- Web Scrapers – Tools used to steal amass large amounts of publicly available data from web pages.
