Protect your apps from zero-day attacks and vulnerability exploits
Mitigate Vulnerabilities:Proactively protect against known vulnerabilities and verify current CVE protections.
Rapid Zero-Day Defense:Apply protections with unprecedented speed - often before zero days are publicly announced.
Volumetric DDoS Protection:Ensure you can scale to remain available when large attacks events occur.
Protect your APIs from exploits and logic abuse
Detection of Anomalous BehaviorDetect anomalies before abuse occurs with API monitoring including abnormal spikes in traffic, access patterns, or data payloads.
API Abuse Prevention:Eliminate the exploitation of business logic flaws, such as manipulating API request parameters.
Handling Sensitive Data (PII):Prevent data leaks by controlling PII handling with enforced constraints after a sensitive data request or response alert.
Ensure compliance with PCI DSS v4
Client-Side Compliance:Inventory, justify, and monitor JavaScript on protected payment pages to safeguard card data from client-side attacks.
Application Compliance:Maintain log compliance and protect against PII data leakage, zero-day attacks, and CVEs which can compromise systems and data.
API Compliance:etect and mitigate API behavior and logic abuse, log API activity, and implement responsive protections to protect data and systems.
Qualification Questions & Ideal Answers for AAP Opportunities:
What types of web applications and APIs are you looking to protect? Are they business-critical?
Customer has public-facing, business-critical applications and APIs needing robust protection.
What is your current security solution for web applications and APIs? What challenges or limitations do you face with it?
Existing solution lacks unified protection, struggles with advanced threats, or cannot scale with traffic.
Have you experienced any recent security incidents (e.g., DDoS, bot attacks, OWASP Top 10 vulnerabilities)?
Customer has faced security incidents or is concerned about emerging threats.
What compliance standards do you need to meet (e.g., PCI, HIPAA, GDPR)?
Requires compliance with industry regulations and needs automated, reportable protections.
Are you using cloud, on-premise, hybrid, or multi-cloud environments? How is your architecture structured?
PHas a hybrid/multi-cloud setup and needs consistent security across environments.
HHow do you currently manage security updates and policy changes across your applications/APIs?
Manual, fragmented process; seeking automation and centralized management.
What is your traffic profile (volume, geographic distribution, peak periods)? Do you expect significant growth or seasonal spikes?
High or variable traffic volumes; needs scalable protection.
Do you require automated API discovery and protection for shadow or undocumented APIs?
Concerned about shadow APIs and wants automated discovery and enforcement.
How important is unified visibility and reporting across all your applications and APIs?
Needs single-pane-of-glass reporting for incident response and compliance.
Are there DevOps or CI/CD processes in place that require integration with security tools?
Uses DevOps and wants security tools that integrate with CI/CD workflows.
What level of bot mitigation is needed, and do you face challenges with good vs. bad bot differentiation?
Struggles with bot attacks, especially distinguishing between good and bad bots.
Wants fast, easy onboarding with flexible support options.
HDo you need support for Kubernetes-native deployments or integration with NGINX Ingress Controller?
Runs Kubernetes and/or NGINX environments and needs native integration.
10 AAP Objection Handlings
Why should I choose Akamai AAP over other WAAP providers?
Focus on Akamai’s global scale, advanced threat intelligence, and unified protection for web apps and APIs.
Is Akamai’s WAF (Web Application Firewall) certified or compliant with specific industry standards (e.g., PCI DSS, SOC 2)?
Highlight Akamai’s robust compliance posture and globally recognized certifications, but clarify the specifics relevant to the customer’s needs.
What if legitimate traffic gets blocked by AAP’s security rules?
Emphasize granular policy tuning, comprehensive logging, and Akamai’s proven tuning methodology to minimize false positives.
How quickly can AAP respond to new and emerging threats?
Underscore Akamai’s real-time threat intelligence, global sensor network, and rapid rule deployment capabilities.
What is the integration effort for deploying AAP with our existing environment?
Point out native integrations, flexible deployment models (SaaS, hybrid, on-prem), and Akamai’s professional services support.
How does AAP handle API security compared to traditional web security?
Explain the dedicated API discovery, protection, and threat detection features—beyond legacy WAFs.
What if my company wants more control over rule management (e.g., self-service vs. managed mode)?
Detail the flexibility of self-managed, co-managed, and fully managed options, catering to various customer preferences.
AAP Product Comparison
App
& API Protector (AAP)
AAP w/ Included Delivery
AAP w/ Included Advanced Delivery
AAP w/ ASM Included Delivery
AAP w/ ASM Included Advanced Delivery
SIEM Integration
Included
Included
Included
Included
Security Configuration (SC)
1
1
10
10
Security Policy per SC
10
10
20
20
Rate Policies
15
15
15
15
Custom
rules
100
100
Unlimited
Unlimited
Adaptive
Security Engine
Auto,
self-tuning
Auto,
self-tuning
Auto, Manual,
self-tuning
Auto,
Manual, self-tuning
API
Security
Auto
inspection + Positive
Auto
inspection + Positive
Auto
inspection + Positive
Auto
inspection + Positive
Bot
visibility & Mitigation
Yes
Site
Shield
Yes
API Discovery
Yes
Client
Reputation
N/A
N/A
Yes
Yes
Delivery
module
DSA
ION
DSA
ION
mPulse lite
1
million beacon
Include
Entitlements
''3 Million Hits'' Image and Video Manager - Image
Optimization, ''10,000 Million Hits'' API Acceleration
''30 Million Events invoked'' Edgeworks Basic
Compute, ''30 Million Events invoked'' Edgeworks
Dynamic Compute
Cost
$
$$
$$$
$$$$
AAP Pricing Example
Item
Example
Target Price (Monthly)
Discount (Elite/Premier/Select)
w/o DR(%)
w/ DR(%)
NC DR Rebate(%) (1st Term)
Product
AAP Included Delivery
Included
1 domain, 15 RP, 1SC, 1 SS Map, DV
SAN SNI(Cert), mPulse lite
