Dynamic throttling

To ensure quick and responsive reporting experience we may use throttling in case of exceptionally high-traffic events.

When is throttling triggered?

In Web Security Analytics, you can analyze statistics of requests that triggered your security configuration rules. You can use these statistics to drill into security events and answer all questions you may have about attack types, request sources, and much more.

In unusual situations of severe traffic spikes, for example during significant attacks generating 50 million events or more in 10 minutes (about 80,000 events per second), throttling will activate automatically to ensure stable performance and quick reporting.

When dynamic throttling happens, all attacks continue to be mitigated by Akamai security solutions, but not all attack traffic (such as DDoS traffic) will be recorded in Web Security Analytics. While limiting the request number visibility, Web Security Analytics still retains and analyzes 20,000 requests per second, enabling a comprehensive analysis of attack parameters for improved future prevention strategies.

How does dynamic throttling work?

Dynamic throttling starts when the number of events for a specific policy exceeds the threshold of 50 million events for over 10 consecutive minutes. It stops when the rate falls below the threshold for 30 consecutive minutes.

While throttling is active, Web Security Center stores a reduced volume of security events at a rate of 20,000 requests per second. With this data you can still adequately analyze the attack parameters to understand how it happened and better prepare to counteract future threats.

👍

Here are the key highlights you should know about throttling:

  • The security protections you set are not affected by throttling and operate normally. Even though the visibility of security events might be temporarily affected, the active security mechanisms are not compromised.
  • Throttling is always enabled and it activates automatically when the set request threshold is crossed.
  • This feature applies only to security reporting. It means that if throttling is triggered, you may not see all mitigated attack traffic in Web Security Analytics. To see statistics for all requests that have been denied or mitigated, go to Traffic Reports in Akamai Control Center.

Throttling indicators on timeline charts

To provide visibility into throttling events, the Web Security Analytics timeline charts display indicators for when throttling is triggered and ended. These indicators help you track and understand what the throttling impact is on specific security policies.

  • Throttling Start Indicator. It shows when throttling was triggered. By hovering over this indicator, you can view the exact time when throttling began, all affected policies.

  • Throttling End Indicator. It shows when throttling ended. By hovering over this indicator, you can view the exact time when throttling ended, details on the number of events that were filtered during the throttling period and will not be displayed, the exact time, and a policy reference.

These indicators enhance transparency by providing insights into how throttling events affect data processing.