Blog

Announcing Updates to Akamai’s Security Configuration Application

April 10, 2019 · by Pawan Bajaj ·
Categories:

We’re happy to announce that we’ve just completed the fourth and final phase of our UX upgrades in the Akamai Security Configuration application (see the four phases listed here). This latest version streamlines the process for developers and admins, reduces time to complete tasks, makes protection more complete, and sets a strong foundation for Akamai to add new capabilities for you in the future. Akamai customers who use Kona Site Defender, Bot Manager, Client Reputation, and/or Web Application Firewall will see enhancements in the following four security configuration areas:

  • Configuration summary and tuning status page
  • Configuration version comparison tool
  • Activation history
  • “Protection Coverage” becomes “Hostname Coverage”

Note: These new enhancements are live to beta users of Akamai’s Security Configuration application and will be made available to all users in May 2019. We’re confident that the improved version will be adopted enthusiastically and provide a seamless experience; however, if you encounter any unexpected issues during the beta period you can go back to the prior version by clicking on the “Back to Classic View” button.

Here’s a more detailed discussion of each of the four enhancements listed above:

Configuration summary and tuning status page

The configuration summary page has been streamlined to provide a faster experience than the current UI. The updated system now takes you directly to the Security Configuration list (and no longer asks you to select a product whose selection didn’t make a material difference). The page is now full-width, which allows for more layout flexibility and improves the use of space. The Tuning Status indicators and colors have been simplified to make them more understandable, and the red, orange and green icons are grayed out when there are no configurations in that status. This helps you focus only on relevant, actionable information.

prior UI
Prior Security Configuration application UI
current version
Updated Security Configuration application UI

With the updated UI, you can now easily access the history of all versions by clicking on the security configuration name (see more about this in the “Activation history” section below). Opening the toggle next to the security configuration name provides all the contract IDs associated, all the production hostnames, and the details of the tuning status.

Configuration version comparison tool

One of the biggest challenges with the prior Security Configuration version comparison was that even though users may have made only minor changes, the version comparison tool would show major metadata changes. From a compliance perspective, this made it difficult to validate that the correct changes were done. With the new release, metadata generation for the Security Configuration application has been significantly enhanced to ensure the consistent order of metadata generation. As a result, the new version comparison tool will only show real changes that have been made, thus removing the noise that existed in the previous iteration.

In addition, the version comparison tool now allows you to see the comparison either inline/unified or with a new side-by-side comparison view (see screenshot below). You can also select the number of context lines to display around the changes, which provides you with additional context. The version comparison tool is available from the Version History page when you select Manage All Versions.

manage all versions
Updated version comparison tool

Activation history

With the Akamai Security Configuration application, your configuration versions can be rolled out to the staging network and to the production network, and versions can also be rolled back to prior versions. However, while the prior Security Configuration application’s Manage All Versions view had deactivation comments, it was still very hard to tell if a version was rolled out, rolled back, and rolled out again.

The new Activation History page shows a chronological timeline of every version that has been rolled out, and which network it was applied to. It also shows any version notes that were added during the activation. The Activation History tab is available next to the Version History tab (see screenshot below) in the Manage All Versions section.

activation history
The new Activation History page

“Protection Coverage” becomes “Hostname Coverage”

The Protection Coverage page has been redesigned as the Hostname Coverage page to quickly let you know which of your hostnames are protected, and for hostnames that are not protected, to ask why not. For a hostname to be protected by the Security Configuration application, the hostname needs to be associated with it, and a match target has to associate the specific paths of the hostname to a security policy. If both are not done, the security coverage is not considered to be complete. The new Hostname Coverage page visualizes this clearly, and also supports keyword search, so you can quickly find the hostname you’re looking for. Because this capability makes it easier to identify which hostnames are covered, the possibility of failing to protect a hostname is greatly reduced.

hostname coverage
The new Hostname Coverage page

Conclusion

So now you’re up to date with the latest info on the Akamai Security Configuration application. Be sure to read my Akamai colleague Eric Graham’s recent post that details additional improvements and enhancements to Akamai’s security offerings.

Pawan Bajaj is a product line director at Akamai Technologies.