The Akamai Kona service is a DDoS prevention system, though it has been limited to protecting Web applications only. In an analyst call to discuss the Prolexic deal, Akamai’s CEO Tom Leighton explained how Prolexic’s DDoS technology is different than what Akamai had been offering.
“Prolexic focuses on the data center and the IP space, and they go beyond the Web and go into enterprise applications that aren’t Web applications and they actually protect the data center,” Leighton explained. “Akamai doesn’t defend the data center; Akamai defends the Web application.”
Many large enterprises need to defend more than just their Web applications, which is where Prolexic fits the bill, Leighton said. From a technology perspective, Akamai has been providing its DDoS technology by way of the domain name server’s CNAME record, which points a Web domain to the proper IP address. Akamai customers direct their CNAME traffic to its service in order to filter and protect against malicious traffic. An attacker could potentially also go after the data center directly, Leighton said, which is not something Akamai’s existing technology would be able to properly block.
“Prolexic directs traffic via the Border Gateway Protocol (BGP) at the routing layer,” Leighton said. “Once that happens, attack traffic aimed at the data center gets directed to Prolexic’s scrubbing centers, and that’s where it gets cleaned up and only the good traffic gets through to the data center.”