Guide

Integrate security solutions

Suggest Edits

Akamai’s integrated approach evaluates requests through multiple layers of protection, all on a single platform. With so many options, it’s important to use the best solution at the right time for your security needs. Learn how to combine some of Akamai’s solutions to build a robust defense for your web applications and APIs.

Step 1: Protect your web applications and APIs

Even the most cutting-edge applications are vulnerable to traditional attacks. Use a Web Application Firewall (WAF) solution, like App & API Protector, to filter requests to your website. Heading off these attacks early on will reduce the amount of load placed on subsequent solutions.

If you expose your APIs to partners, suppliers, and users, consider enabling Akamai’s API Security service. API Security provides even more visibility into your entire API estate.

See the product comparison to learn more about WAF solutions.

Step 2: Manage bot activity

Although WAF solutions will flag bot activity, bots require a more nuanced security strategy. Many bots, good and bad, can be managed effectively with Bot Visibility and Mitigation.

If your site requires users to submit data via POST requests, upgrade to Bot Manager Premier. It includes all of the features of Bot Visibility and Mitigation, but takes protection a step further by:

  • Protecting transactional endpoints, like adding to cart and checking out
  • Scoring requests based on the probability that they’re a bot
  • Letting you respond to detected bots with your own origin server
  • Defending your site against basic web scrapers

For sites that experience fraudulent user behavior, like account takeovers, Account Protector is the best option. While Bot Manager Premier can tell you whether a request is coming from a human, Account Protector tells you whether it’s coming from a genuine user or someone using their stolen credentials.

Bot Manager Premier can identify and mitigate basic web scrapers, but advanced scrapers require a more comprehensive solution. If you notice scrapers slowing your site’s performance or undercutting your prices, you’ll want to use Content Protector. Its custom detections identify and stop even the most sophisticated scrapers.

Content Protector is also uniquely equipped to handle:

  • GraphQL endpoints
  • AJAX endpoints
  • Search endpoints
  • Race conditions

See the product comparison to learn more about bot solutions.

Step 3: Protect your AI applications

Firewall for AI (FAI) addresses new types of threats specific to your AI applications. Open-ended user inputs and unpredictable responses make AI apps vulnerable to attacks like prompt injections. Any application powered by a language learning model (LLM) can benefit from FAI’s unique protections.

FAI works within Akamai’s security landscape to defend your LLM applications. Use it after you have filtered requests through both a WAF and a bot solution to reduce your costs for handling undesired traffic. This layered approach ensures that FAI can focus on your AI-specific requests, instead of spending resources on classic WAF and bot attacks.

Step 4: Protect your web apps from client-side threats

Contemporary websites rely on third-party vendors to provide additional features. Although you might trust these vendors, the vendors they use could be compromised. This code is separate from your own code and server, so classic WAF solutions won’t cover attacks happening elsewhere in the chain. Client-Side Protection & Compliance adds an extra layer of security to your site.

Updated 4 days ago