In 2018, we introduced Akamai’s Web Security Analytics tool (part of Akamai Security Center), which provides access to 31 days of security event data with flexible filtering, request samples, and the ability to export to CSV/JSON formats for offline analysis. One piece of feedback we’ve heard since then is the need for alerting capabilities.
Some of you may familiar with the alerting functionality that was built into Akamai Security Monitor. This functionality has enabled customers to create alerts to notify their teams about significant events based on predefined criteria. However, Security Monitor has been with us since 2013; it’s time to move to a modern infrastructure that will enable you to get even better visibility into security events.
Details about the new functionality
With this new functionality, you can create alerts based on static filters and thresholds that you define in Web Security Analytics.
Once an alert starts triggering, email notifications are sent to your specified recipients, and an analysis of the alert’s cause(s) can be performed in Web Security Analytics.
A couple of examples of how you can use the new functionality:
- Get notified when a large volume of requests is being denied by Akamai’s web application firewall. This large volume of requests could be an attack, but it could also be that something in the application changed and legitimate users are being denied service. Getting notified sooner via the new functionality will help you understand the situation and resolve the issue faster.
- Get notified when a denial-of-service (DoS) attack is happening while you are tuning your rate controls. In this scenario, these attacks are reaching your origin, so quick action is required. The new functionality will help you respond rapidly.
In all cases, once an alert triggers, you will receive an email notification to prompt action.
Here are a few screenshots to give you a taste of what you’ll be seeing within Web Security Analytics: