Security Monitoring, Blocking, and Fraud Protections
Akamai Identity Cloud continuously monitors our production environments for the state and health of the Akamai Identity Cloud platform. We gather detailed key performance indicator (KPI) metrics on uptime and availability for every service. Abnormalities trigger alerts to the Network Operations Command Center (NOCC) staff, on-call 24/7/365.
Brute Force Attacks (Account Takeovers)
Akamai Identity Cloud offers account-locking functionality to protect against brute force password attempts. After a specific number of failed attempts from a user, Akamai Identity Cloud locks an account. This feature is completely customizable Customers determine when and how to block additional login attempts. In addition, the Akamai Identity Cloud offers CAPTCHA- and SMS-based authentication options. Customers can choose to implement these for step-up authentication at any login attempt threshold.
Advanced Persistent Distributed Attacks
Akamai Identity Cloud has experience in successfully staving off distributed attacks. By proactively monitoring for bots/malicious activity — correlating dozens of custom metrics specific to login and registration — we can block the numerous sets of dynamic IPs that malicious actors spin during an attack.
Through IP-blocking and whitelisting, Akamai Identity Cloud can ensure that access is granted only when authorized. For example, Akamai Identity Cloud can identify IP addresses from specific countries or regions and block them from registering and/or logging in on a per customer choice (geoblocking). It can also block specific lists of IP addresses (e.g., lists of known bad IP addresses and black hat-associated IP addresses). If IP addresses are legitimate but exceptions to standard rules, or if they’ve been erroneously added to blacklists, Akamai Identity Cloud can whitelist them ensuring that IP addresses on this list are always accepted.
Online Business Systems, Inc., an external third-party penetration testing firm, tested Akamai Identity Cloud’s ability to withstand DoS attacks. Bot mitigation strategies include rate limiting to mitigate bot DoS attacks, reCAPTCHA to mitigate bots that create fake user profiles, and both client- and server-side validation to ensure that all field values are legitimate.
Akamai Identity Cloud employs custom API monitoring on a per-customer basis to establish trends in usage as well as to identify and block abnormal usage patterns. It is proven to successfully identify and mitigate malicious activity on behalf of Akamai Identity Cloud customers. And because each customer is unique, Akamai Identity Cloud can implement alerting and blocking rules that reflect inherent trend differentiations.
Adjusting a customers custom blocking rules is a collaborative process between Akamai Identity Cloud and the customer. Different customers have different risk appetites and risk tolerances, and these affect trade-offs between blocking some legitimate traffic and assuming some costs of fraud. Advanced persistent attacks might involve multiple adjustments of the custom policy engine rules.
OSSEC intrusion detection system automatically reviews logs for suspicious activity on a regular basis. New account creation fraud protections include CAPTCHA- and SMS-based authentication — options that a customer may choose to implement as a step-up authentication protection against scripted account creation attacks. Akamai Identity Cloud proactively monitors for bots/malicious activity by correlating dozens of custom metrics specific to login and registration, as well as by identifying anomalies specific to a customer’s unique traffic patterns.