AWS EC2 Server Sensor plugin integration with Akamai API Security
In this blog, we will learn about AWS EC2 server sensor plugin integration with Akamai API Security.
Overview
- In the Amazon Web Services (AWS) Cloud, Amazon Elastic Compute Cloud (Amazon EC2) provides scalable, on-demand processing capacity. A virtual server hosted in the AWS Cloud is known as an EC2 instance. The hardware resources available to an EC2 instance on start are determined by the instance type that has been defined.
- An eBPF-based component that operates at the host level is the Akamai API Security Sensor. It analyzes the traffic that is passing through the engine.
How eBPF Enhances the Sensor Plugin:
- The eBPF allows event-driven custom code to run directly in the kernel of an operating system (OS). It adds kernel capability without needing any modifications to the application or kernel, allowing runtime security policies to be detected and applied.
- When eBPF is used for sensor integration, the sensor can inspect encrypted API traffic from non-Java apps.
- The eBPF module makes use of an SSL library. When an application in an EC2 instance sends or receives traffic, the module replicates it before the encryption or decryption process occurs.
Compatibility Matrix for EC2 Instances:
To ensure compatibility with EC2 instances, Akamai suggests confirming the following before installing the sensor plugin:
- EC2 Instance and OS Compatibility
- SSL Library Support
- eBPF Compatibility
API Workloads:
APIs hosted on the EC2 instance can be monitored through the Akamai API Security UI.
- Incoming and outgoing traffic sources for the EC2 instance may include load balancers (LB) or API gateways that expose the instance.
- These gateways may also encrypt and decrypt traffic from public or internet-facing zones.
- Once the sensor plugin has been successfully integrated, API traffic is seen in the Akamai API Security UI.
Akamai API Security UI offers the following features:
- Threat Detection: It detects the traffic including the attacks and The OWASP Top 10 Security Features
- Severity-Based Filtering: APIs are segregated based on their severity from low to critical.
- Traffic data: Generates API traffic data for periods ranging from 24 hours to a year. These reports contain:
- Security findings consist of incidents, posture, data, and reconnaissance findings.
- Inventory Details: APIs are categorized by types [such as XML, REST API], internet-facing status, and API Sources.
Using these features, enterprises, and organizations may ensure strong API security, quickly monitor traffic, and generate important data for proactive threat mitigation.