Akamai Technologies is introducing a cloud-based service called Web Application Firewall it claims will prevent most web applications attacks before they get inside corporate data centres.
Application firewalls within Akamai's network of more than 55,000 servers worldwide weed out the most common application exploits including SQL injection, cross-site scripting among others listed by the Open Web Application Security Project as the most prevalent.
Akamai says the service is compliant with the wide-area file services (WAF) program specified in Payment Card Industry standards for web application firewalls.
The service is based on the core rule set of the open source ModSecurty Web application firewall, which is administered by Breach Security. "It stops the big, bad, well-understood stuff," said Sanjay Meta, senior vice president of Breach. "Anything more elegant, not findable by a signature, you need something more sophisticated. You can only do so much at the edge."
He describes the Akamai service as complementary to corporate-based WAFs, but valuable because it reduces the amount of traffic the private gear has to filter, and it can cut the bandwidth chewed up by malicious traffic. Akamai says it has blocked attacks headed at customer networks at 100Gbit/s, which would be enough to swamp the privately owned filtering resources of many businesses.
Customers who also buy Breach's WebDefend Global Event Manager management platform can tap into Akamai's worldwide security-event data to find out details about the attacks that the service blocks, Breach said.
Pricing for Web Application Firewall depends on how many applications customers want to protect and the size of their Internet connections.