Akamai’s new cloud firewall capabilities aim to protect network edge

Content delivery network (CDN) and cloud security services provider Akamai Technologies has added a network cloud firewall capability to its cloud-based DDoS platform, Akamai Prolexic.

The new feature is designed to allow Akamai’s customers to define and manage their own firewall rules and access control lists (ACLs) —lists of permissions for resources in a computer system or network —to streamline security for their network edges.

“Eliminating bad traffic is possible because Prolexic sits between our customers’ networks and the internet, and shields applications and systems regardless of where they are deployed: on-premises, in a data center, a public cloud, hybrid cloud, or a colocation facility,” said Sven Dummer, the company’s product marketing director, in a blog post.

Prolexic cloud network firewall will be added to Akamai Prolexic’s existing suite, which includes several different products and services — including Prolexic DDoS Protection, Prolexic Routed, Prolexic Connect, and Prolexic Site Shield — to offer various levels of protection against different types of cyberattacks including DDoS attacks, web application attacks, and bot attacks.

Prolexic network cloud firewall expands DDoS protection

An Access Control List (ACL) is made up of a list of entries that specify the access level of users, groups, or system processes to a specific resource. For instance, a file’s ACL may include entries for the file owner, individual users, or members of a particular group, each with its own permissions, such as read, write, execute or delete.

Improvements to Prolexic network cloud firewall include the ability to define custom defenses to block malicious traffic, move rules to the edge, and the ability to adapt to network changes via a new user interface.

 “Custom, self-service access control lists (ACLs) and firewall rules are extremely helpful for many aspects of DDoS defense,” Dummer said. “More than 75% of today’s attacks are at least partially blocked by ACL mitigation posture when these rules were configured by our Akamai experts in collaboration with our customers.”

The new capability, apart from allowing definition and adjustment of access control rules, also provides analytics for them. A user can choose to have Prolexic suggest ACLs based on its in-house threat intelligence data.

Locating the new network cloud firewall at a network edge is a key benefit — it eliminates the need for intervention by various network-based firewalls and defense systems,  since the cloud firewall’s position allows it to switch access off quickly and directly at the edges, according to Dummer.

“Then even the conventional firewalls across your network will not see that blocked traffic anymore, because they, too, are now behind Network Cloud Firewall,” Dummer added.

Recently, Akamai also has been building up its DDoS defense capabilities by investing in its global infrastructure. Earlier this month, for example, it announced two new “scrubbing centers” — data-cleansing stations where traffic is analyzed and malicious traffic is removed — in Chennai and Mumbai, to help Indian businesses guard against DDoS attacks.