Akamai's DDoS Defender aims to snarl up hackers

Akamai, a content-delivery network provider with over 100,000 servers across the world, has released a product to mitigate and defend against DDoS attacks and other web threats

Akamai has released DDoS Defender, a service that provides an early warning system and tools for mitigating distributed denial-of-service attacks.

DDoS Defender allows customers to block traffic by its originating IP address and by its geographic region, the company said in announcing the product's general availability on Tuesday. It can also control access to company data according to the identity of the user.

The service is powered by Akamai's network of over 100,000 servers distributed across the globe to gather intelligence and defend against botnet-driven DDoS attacks.

"Customers can come to Akamai, and they can essentially outsource the DDoS mitigation function to the Akamai cloud," said Neil Cohen, vice president of product marketing at the content delivery network provider.

The tool can take strain from a website that is being hit by a DDoS attack by offloading traffic to content cached within the Akamai global network. It also lets companies set triage policies for content, so if bandwidth reduces due to a DDoS attack, certain bits of content can be prioritised to be delivered above others.

Akamai's pitch is that while antivirus companies such as Kaspersky and Trend Micro operate servers across the globe, they do not have the same scale. "Akamai's approach is a little different. [It's] not easy to replicate unless you have a large presence like Akamai," said Joshua Corman, the company's director of security intelligence.

Layers of security

DDoS Defender is able to automate and add layers of security to websites. For example, it can add captchas at pre-decided points to protect against bots (PDF).

Customers can come to Akamai, and they can essentially outsource the DDoS mitigation function to the Akamai cloud.

– Neil Cohen, Akamai

These features are necessary because as computing power becomes more available, the volume of traffic that hackers can hit sites with will intensify, according to the company.

"Terabits per second is how you'll measure attack traffic over the next five years," Akamai's chief scientist Tom Leighton predicted.

The company argues that because it has a network of servers distributed across the world, it can trace a DDoS to its source IP quickly and institute measures such as geographic IP blocking or routing the DDoS to content cached within Akamai's servers.

'Absorb a DDoS'

Another feature of the technology is the ability to "absorb" a DDoS, Corman said.

"We don't even necessarily need to block these attacks, we can simply handle them. Let's say they're going to your origin server and making a request: if we have the ability to service that request with cached objects, we don't even have to thwart the attack," he said

The goal, Corman said, is to "cause inconvenience to the attacker". An advantage of this is that less sophisticated attackers may continue to run a DDoS attack on a site without realising that they are attacking cached content, which saves the host's site, Corman said. He added it also gives Akamai and the customer a chance to gather intelligence on their attacker to protect against future threats.

DDoS Defender works in tandem with Akamai's other major security product, the Web Application Firewall (PDF), he said.

"All of these services run in parallel," Cohen explained. Akamai may share the data on attacks it gathers with the security community in the future, he added.

"As we get more and more customers on the platform... we'll be able to take that data and make it available," he said.

The company did not disclose pricing for DDoS Defender but noted it is a monthly service that scales with size.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.