If you were talking to someone whose organization is considering Akamai Kona Site Defender, what would you say?
How would you rate it and why? Any other tips or advice?
My advice for anybody who is evaluating this solution is to first evaluate your needs, and then check to see how much you need to put into this solution. The biggest lesson that I have learned from using Site Defender is that you should do an analysis first, to see how it will fit into your ecosystem. You decide whether to buy it based on that, rather than because it is a good product. You have to make sure that it is compatible with your environment. Overall, I am happy with Site Defender because what it's doing, it's doing well. I can't think of a single feature that might be missing. I would rate this solution an eight out of ten.
As far as DDoS protection is concerned, I'm firmly in the Akamai Kona box. In terms of consistency, I think people should consider API-based adoption for Kona configuration. That gives us a broader state which looks and feels the same, and a small team can support it rather than needing a large team to support it. For what it does, it's really good. For what we want it to do, there's room for improvement. I'd give it an eight and a half out of ten. In order for it to be a 10 I would say that it should be one of the market-leading WAF solutions and not just a volumetric solution.
Keep your eyes open. There are a lot of solutions out there. You can even see products being deployed in the public cloud, which is nice for scaling up. Keep your eyes on the horizon. There's a lot to look forward to. For Kona, we use several products, including their Site Acceleration Services. Our security maturity is very different from when we first started using Akamai.