App & API Protector
One-stop, zero-compromise security for websites, applications, and APIs.
Broad app and API protections in one solution
Akamai App & API Protector brings together web application firewall, bot mitigation, API security, and Layer 7 DDoS protection into a single solution. It quickly identifies vulnerabilities and mitigates threats across your entire web and API estates — even for the most complex distributed architectures. Recognized as the leading attack detection solution on the market, App & API Protector is easy to implement and use. It delivers automatic updates for security protections and provides holistic visibility into traffic and attacks.
How does it work?
App & API Protector stops threats at the edge by routing your web and API estate traffic through Akamai’s massively distributed platform. Traffic is inspected at the edge first to defend against DDoS, web application and API attacks, and malicious bots while simultaneously allowing access to legitimate users with no loss to performance or user experience. At the core of App & API Protector is the Adaptive Security Engine, which combines machine learning, real-time security intelligence, advanced automation, and insights from over 400 threat researchers to ensure the strongest application security. It provides hands-off updates, self-tuning rule adjustments, and auto API discovery to prevent new vulnerabilities, simplifying effort for your team.
Stronger security with less effort
Forrester Names Akamai a WAF Leader
Among 12 vendors, Akamai was recognized for its innovation, roadmap, and strategy.
- Adaptive protections that automatically push the latest protections for your apps and APIs
- Proactive self-tuning eliminates time-consuming manual maintenance
- Developer and technical resources keep you innovating with speed
- Advanced API discovery so you can manage risk from new or previously unknown APIs
- DevOps integration with a simple GUI or with our Terraform provider, APIs, or the Akamai CLI
- Included bot detections improve security and performance
- Fast onboarding, in-portal guides, configuration workflow, and wizard setups get you started
- Custom dashboards, real-time alerts, and SIEM integration to investigate security vulnerabilities and triage attacks
- Optional advanced AppSec management controls, managed services, and professional services
- DDoS protection that responds to application-layer attacks within seconds
Malware protection module now available with App & API Protector
Malware protection scans files at the edge to prevent attackers from uploading malware to your systems.
Frequently Asked Questions (FAQ)
An open API is available for automating App & API Protector configuration changes in a CI/CD pipeline. A CLI and Terraform provider are also available for making API calls, or you can call the API directly. Documentation for the open APIs, CLI, and Terraform provider are publicly available; there is also a public Postman collection available for testing the API.
API Discovery runs every 24 hours and automatically finds any new APIs, and pushes alerts to the App & API Protector portal. You can add the discovered APIs to your protections in just a few clicks. App & API Protector can also proactively suggest new or updated rulesets as part of the adaptive self-tuning feature, so no manual tuning is required.
App & API Protector offers connectors for Splunk and other providers, as well as a SIEM integration module for better attack identification, detection, and forensic analysis with correlation in your SIEM.
Akamai offers three options for you to choose from to suit your business needs: 1) Fully managed, 2) Co-managed where Akamai assists you, and 3) Self-service.
Akamai’s update release process consists of a rigorous set of testing stages relying on our extensive intelligence database, machine learning, and human threat expertise. Automated and manual reviews at each stage of testing are purposefully designed to ensure accuracy and minimize false positives. After the update has passed all stages of internal testing on synthetic traffic and real traffic through our “evaluation mode,” the update is released in batches, monitored closely, and refined if necessary.
Akamai architects its products with the understanding that our customers cannot have any latency — their business depends on it. App & API Protector — like all of Akamai’s products — is highly efficient, and the impact to your app/site performance should not be perceptible to users.
Application Security Use Cases
Recognized as a market-leading DDoS solution, App & API Protector instantly drops network-layer DDoS attacks at the edge. You are not only protected from DDoS attacks but also the traffic spikes of an attack — Akamai DDoS Fee Protection provides credit for any overage fees incurred due to a DDoS attack.