Improved API visibility has enabled proactive discovery of risks and rapid incident response
What is our primary use case?
Akamai API Security serves as our primary tool for API discovery, risk evaluation, and behavior-based threat detection. The platform provides us with visibility into all active APIs, including endpoints, and helps us reduce our attack surface.
Akamai API Security identifies undocumented APIs, commonly known as shadow APIs, and analyzes traffic to detect anomalies such as credential abuse, excessive requests, or suspicious patterns of data access.
When anomalous behavior is detected, the system alerts our SOC team and allows security policies to be applied before the traffic reaches our backend systems.
What is most valuable?
The best features that Akamai API Security offers, which I use most frequently and consider most important, are automatic API discovery and behavior-based anomaly detection.
My experience with automatic API discovery has shown that the platform continuously maps API endpoints and detects unusual traffic patterns, helping me identify exposed APIs that are uncontrolled and detect misuse.
The discovery of APIs and detection of usage based on behavior is an additional functionality that makes Akamai API Security different from traditional tools.
Akamai API Security has positively impacted my organization by greatly improving my visibility into API exposure and risk posture.
That improvement in visibility and risk posture has translated into concrete benefits for my organization, as I can now proactively identify risky endpoints and apply protection policies, which improves overall security and reduces response times to incidents.
What needs improvement?
I believe Akamai API Security could be improved specifically in the integrations so that they can be executed more effectively with platforms such as a SIEM or SOAR, which would help me automate workflows for incident response.
Another important improvement I consider necessary for the platform would be the ability to customize dashboards for executive reports on demand from the customer.
I do not consider any other improvements necessary for Akamai API Security beyond the ones I have already mentioned.
For how long have I used the solution?
I have been using Akamai API Security for approximately three years.
What do I think about the stability of the solution?
I consider Akamai API Security to be a very stable solution.
What do I think about the scalability of the solution?
The scalability of Akamai API Security is very appropriate for the architecture given that it is a SaaS application, so it adapts well to any infrastructure.
How are customer service and support?
My experience with Akamai API Security customer support has been minimal, and I did not encounter any problems.
How would you rate customer service and support?
How was the initial setup?
My experience with the cost, initial setup, and licensing of Akamai API Security is that the price is aligned with any security tool at an enterprise level. It may seem high, but it justifies the investment because of all the mapping of the APIs, and I did not encounter any problems with the implementation.
What was our ROI?
I have seen a return on investment with the platform in visibility, gaining 40 to 50 percent across my entire environment compared to what I had before, and the time reduction for incident investigation has dropped significantly.
What other advice do I have?
My main recommendation for organizations considering implementing Akamai API Security would be to complete a checklist before implementing it by first performing a complete inventory of APIs to understand which shadow APIs will be found and to consider how to integrate with different monitoring systems.
Unified API visibility has transformed governance and now supports compliance reporting
What is our primary use case?
Since multiple teams were involved in issue resolving, at least ten plus people from our side were involved in the implementation process. Everyone was contributing, even if we consider two per team. We are mostly talking about engineers, so they are all engineers. This ten plus people includes one from the NOC team, one from the operations team, and two or three from the security team.
What is most valuable?
What I already appreciate about Akamai API Security is that initially we were struggling with how to get this configured, but after that everything went smoothly. We were also surprised to discover there were five hundred plus endpoints that we are using across the organization, which was a surprise even to our management and leadership. We did not know that many teams were simply pushing small APIs and big APIs into the server. This gave us an overall picture of how many APIs we are using across our organization, and now we are more cautious about which APIs should be used publicly and how we secure our APIs. Since it gives a very good dashboard and a unified platform, it is very helpful for us to know which API is coming from which team and how many teams are using one particular API. All of this is a really good advantage for our management as well as our leadership, and we can even go back and show it to the respective project teams. API discovery and fingerprinting is the main feature that we appreciated.
We are showing the reports from Akamai API Security to HITRUST compliance and HIPAA compliance certifications. We are also using PCI, so we share these reports as evidence to these auditors when they come.
What needs improvement?
The tool is blocking and only the person who has access to the tool can actually see how many DDoS attacks were blocked. Since I do not log in to the portal myself, I am unaware of this capability.
I heard the word Akamai's anomaly detection from my team that they use this, but I don't know about it on the technical aspect.
I am unaware of Akamai API Security's ability to adjust security policies in real-time.
I am also unaware of which feature of Akamai API Security has helped us monitor API usage trends. Someone who is actually hands-on using Akamai API Security might know this.
For how long have I used the solution?
The procurement for Akamai API Security happened almost ten months ago, and actual work has started only a couple of months before.
What do I think about the scalability of the solution?
Good, its fast and easily scalable, the Akamai team is very helpful
How are customer service and support?
Regarding Akamai technical support, since I am not directly involved in it, I do not want to provide inaccurate information. I will rate it at eight.
How would you rate customer service and support?
How was the initial setup?
Because Akamai API Security was a new tool, we definitely needed support from the vendor directly. We were working only using Postman and Bruno. We had to directly move from installable tools to Akamai, which is a cloud platform. We definitely wanted some tool knowledge from the vendor, and once that was provided, things went very smooth. The tool started identifying the endpoints all by itself, and we ourselves do not have any visibility.
The main challenges we had with Akamai API Security were how to set it up on the AWS cloud environment and how to access this portal. We had to handle the major and basic configuration, and given that our organization had a lot of internal APIs which are not exposed to the outside environment, public APIs, and intermediary APIs, all these had to be interconnected. The vendor also had to understand our current environment and then recommend how to specifically access our internal APIs. All those network-related issues required us to bring in the NOC team and ask them to open certain ports specific to our APIs, and then everything went smoothly. The major heavy lift was done by the network team and the vendor side.
What was our ROI?
I can identify all of these benefits after the implementation of Akamai API Security. Identifying and following up with the team was previously very challenging. Teams are reluctant to provide information, some managers ask us to look at their Confluence page, our time is wasted, and everyone's time is wasted. We have to follow up with the developers, they are on leave, and everything was a mess. Getting everything from one single portal without anyone's interference saved us a lot of money, time, and frustration.
What other advice do I have?
I am unaware of Akamai API Security's ability to adjust security policies in real-time.
I am unaware of which feature of Akamai API Security has helped us monitor API usage trends. Someone who is actually hands-on using Akamai API Security might know this.
Regarding Akamai technical support, since I am not directly involved in it, I do not want to provide inaccurate information. I will rate it at eight.
I received a very good feedback from my team regarding Akamai API Security, so I would rate it as nine. My overall review rating for Akamai API Security is eight.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Improved API monitoring has saved time and now lets our team focus on higher‑priority security work
What is our primary use case?
Our main use case for Akamai API Security is securing the API security as we're using the API gateways.
A specific example of how we use Akamai API Security with our API gateways is when somebody hits our member-facing website from outside. We're actively monitoring where they're coming from and whether it's legitimate, and then we are doing all sorts of security checks based on our policy to ensure compliance.
What is most valuable?
The best features that Akamai API Security offers are the information and aggregation we get, as well as the alerts that we receive.
These features help my team in our daily work because my team is actually working on different things apart from making sure the lights are on, and even though API security is something they would look into, they can't spend a whole lot of time on this. We definitely depend on these kinds of tools. When we get an alert, we try to look at the information so it's at a high level so we can act accordingly. Once we know the information we're looking at, our team can go deeply and investigate that. In terms of aggregation, we heavily rely on these alerts.
Akamai API Security has made a positive difference for our organization by improving our security posture and saving our team time, as we can actually prioritize tasks unless there are some false positives, but it is definitely saving a lot of time.
We definitely see that our posture is much better.
What needs improvement?
I don't really have anything to add about any needed improvements at this point.
For how long have I used the solution?
I just started with Akamai API Security before evaluating other options.
What do I think about the stability of the solution?
Akamai API Security is stable.
How are customer service and support?
I don't have any issues with customer support right now.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I previously used a different solution before Akamai API Security, which was Check Point.
What was our ROI?
I have seen a return on investment, and the main thing is the time saved, allowing our employees to focus on other priority work.
What's my experience with pricing, setup cost, and licensing?
The experience with pricing, setup cost, and licensing is that it's a totally different team to work on, but I heard the setup is pretty straightforward.
What other advice do I have?
I would definitely advise others looking into using Akamai API Security to do a POC. I found this interview really great and don't think anything needs to change for the future. I would rate this experience an 8.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Good option to extend existing global webservice to China
What do you like best about the product?
Integrated with existing Akamai solution. For any company that is already invested and utilizing Akamai CDN network, this is the easiest solution to extend your reach to China. The team is professional in dealing with specific regulations requirements in China.
What do you dislike about the product?
Slightly higher cost compared to some local providers from China. However, we still found a single global service provider is much easier to manage than having to deal with a specific service provider for a specific region.
What problems is the product solving and how is that benefiting you?
Deploying our existing web service to China. Helping with solving regulatory requirements.
REAL GAME CHANGER FOR WEB PERFORMANCE AND SECURITY
What do you like best about the product?
Akamai software has a vast content delivery network which has drastically improved our website load times. Their Web Application Firewall (WAF) and DDoS mitigation services are also outstanding.
What do you dislike about the product?
More budget-friendly options tailored to startups and smaller enterprises would be a great deal.
What problems is the product solving and how is that benefiting you?
the software has eliminated of slow website loading times. This for us has boosted user satisfaction and engagement, ultimately driving business growth.
Akamai All in One Solution
What do you like best about the product?
In terms of security solutions, Akamai provides many different security solutions depending on the requirement. The highlights here are that all their solutions can work as one meaning all data are consolidated and correlated afterward, giving you the best data for visibility.
What do you dislike about the product?
Akamai is known for acquiring other vendor to add it to their current solutions. The drawback here is that so many added solutions within a short time make it harder to learn and gain expertise on it.
What problems is the product solving and how is that benefiting you?
Akamai helps protect to secure web traffic within a given environment. It can be through HTTP/HTTPS layer, DNS layer protection and any other protocol residing on Layer 7 of OSI Layer. As a distributor, it helps us to position this product easily because of its offerings. As a user, I can easily manage all these solutions because of a central management system or single pane of glass management available out of the box.
Akamai for business
What do you like best about the product?
Akamia is an industry leader in WAF solutions and their DDOS protection is one of the best services in terms of configuration, very low latency issue, high availability, and cost
their WAF is also integrated with various AST solutions to protect assets and apply patches temporary by integration with AST
Their account takeover protection is also provide advance protection with spoofing attacks
What do you dislike about the product?
Akamia App and API security is a little bit complex to configure and needs some changes in an existing production environment plus minor changes in code and there are some latency issues in production during high traffic
What problems is the product solving and how is that benefiting you?
Akamia provides multiple solutions in a single basket (App and API security, DDOS protection, and account takeover protection), the best thing about Akamia is we can easily integrate it with various application security tools to create rules as soon as a vulnerability is reported so it will act as a temporary patch
It's way costly but definitely worths the price
What do you like best about the product?
Our best alternative for content delivery network is Akamai after Cloudflare. We have a lot of customers for those we have developed custom software, and on each case, Akamai has given us precisely what we need. Also it is quick and simple to use.
What do you dislike about the product?
Akamai's preliminary configuration is hard to understand, and the API is difficult to implement. We also encountered initial issues with large pictures and videos struggling to load, which demanded extra development work.
What problems is the product solving and how is that benefiting you?
We use this for Streaming mainly, one of our clients has an online image editing tool, which requires heavy transfers of stock images. We use Akamai for enterprise use only, it offers a robust API to scale and a better solution category.
Best tool for cache clear process
What do you like best about the product?
It helps to cache clear for CDN and is able to generate the traffic reports and block the unwanted IP. it helps to do the load test, performance testing, and optimize for the mobile and web user
What do you dislike about the product?
A little bit lagging for support as well as alert.
What problems is the product solving and how is that benefiting you?
cleared the akamai cache to reflect the content in the website immediately
Recommendations to others considering the product:
Good load balancing tool
CDN Experience
What do you like best about the product?
Self-configuration options and support is great
What do you dislike about the product?
Cost is a bit high and every component are separate charges
What problems is the product solving and how is that benefiting you?
Edge level Caching, Routing based on cookies, origin & host headers, SSL Offloading, Application Security at EDGE, etc
