F5 ASM WAF vs. Akamai Kona Cloud based WAF

I'm not even that familiar with ASM but my concerns about using Akamais solution (which I've only briefly looked at) would run along these lines;

 

1) This solution wouldn't protect against DDoS attacks directly targeted at you if the attackers discovered your 'origin' IP addresses

 

2) I'd imagine your ability to build, test and customise your security policy will be limited as would your abilities in relation to responses to attacks

 

3) Your costs are not fixed

 

4) Are you really happy to 'outsource' your security, who is responsible if it fails?

 

 

I'm sure someone better informed than me where security is concerned will also provide some input.

Hi Steve

 

Akamai says they have a solution to protect the origin IP and configure some rules on your firewalls/routers to route back/deny direct access from the internet to the origin IPs

 

Costs could be also fix as they have a model where they just charge for one DDoS apparently on a monthly basis and everything in addition is covered in the monthly fee

 

Akamai promises a 100 % availability of their environment with 130000 servers around the globe.

 

But all those things rather relate to the DDoS feature than to the WAF features I'm looking for. I would seek some good comparison of technical features between Akamai and F5 WAF. There is a comparison model WAFEC that could provide a basis for comparion but the latest version is from 2006 and there is no actual information in the model, just the framework.

 

Regards

 

André

 

Hi André,

 

 

I'd talk with your F5 or partner SE to get a comparative list of features.

 

 

One major issue I see customers balk at with outsourcing app security is that they generally need to provide their SSL keys to a third party. Most security focused companies aren't willing to risk having their keys in an unknown environment.

 

 

Aaron