Page Integrity Manager Quick Start

Detect attackers trying to steal data via first or third-party scripts that you use on your site. Page Integrity Manager identifies suspicious and malicious script behaviors, and helps you take action to protect your site and visitors. You don't need to deliver your content on Akamai's Intelligent Platform to use Page Integrity Manager. Apply detections to any website, no matter where you host it.

Magecart and other data hijack threats

All contemporary websites run with a constellation of third-parties we depend on to provide vital features like marketing automation, animations, web experience personalization, advertising, analytics, and other widgets that enrich your site’s user experience and inform your business. These third-party vendors do so via code they run on your site. That magic code in turn, relies on your vendor’s vendors who run their own code, which is also connected to your website, and so on.

If you look at an actual working website, the network is extensive:


scripts diagram for actual website
Blue dots represent requests the original site controls. All other nodes are third parties that connect to the original web site, with direct access to its users through the chain.

This setup creates a large attack surface for your website, which you can’t control or track. You may trust your vendors, but you wouldn’t know if they or any of their solution providers are compromised.

The code that your third-party vendors run on your site is separate from your code and your server, so traditional WAF protections aren’t part of the mix. More urgently, their code is in contact with your user and can listen in on user entries and send that data wherever it wants.

If a bad actor gains entry to the chain, it’s not much different from card skimmers in the physical world who insert their bogus device on a bank machine and wait for users to interact directly with that skimmer, while the bank knows nothing about it and can’t protect the user.

When attackers get access via third-party code, they can do nefarious things like copy the payment data every user enters in the shopping cart, intercept your users’ credential entries, or deface your site.

How detections work

Page Integrity constantly analyzes user interaction with your website to identify suspicious and malicious script behavior, potential vulnerabilities, and any script activities that violate policies you define. It lets you manage JavaScript-based threats without degrading the user experience or slowing application development.

When users visit your site, the solution monitors activity in their browser, collecting data on JavaScript activity. It tracks the source of scripts (usually your site’s vendors, whom you pay to run scripts on your site), the behavior those scripts execute, and any destination those scripts are sending data to.

Page Integrity collects JavaScript activity data from an user’s web browser and sends that back to our servers on a beacon A beacon is an HTTPS request (initiated before a user moves to the next page) that includes data, either as HTTP headers, body, or as part of the request’s query string. This data is commonly called Real User Measurement (RUM) data because it measures the experience of real users.

Note: Even when Page Integrity detects that a skimmer is hijacking data, it does not record the sensitive data your users may have entered, nor any personally identifiable information on them. These details are never included in your activity reports nor are they stored in any systems that run Page Integrity.

Your first Page Integrity Configuration

A Page Integrity Configuration contains the details of your script detection setup. You use it to:

  • Define areas of your site where users enter sensitive data, like passwords or credit card numbers.
  • Optionally monitor or constrain a domain's access to cookies, local storage, network destinations, or sensitive data.
  • Remember script sources you have blocked from sending outgoing data and other actions you’ve taken on suspicious incidents in the past.

  1. Visit https://control.akamai.com/ and log in.
  2. Go to > WEB & DATA CENTER SECURITY > Security Configuration.
  3. Click Page Integrity Configurations.
  4. On the Page Integrity Configurations table header, click +.
  5. Enter a name that's apt and descriptive.
  6. If you want, enter a description that explains what this configuration protects.
  7. Select the Contract and Group ID containing the users and properties you want to work with.
  8. In First-Party Domains, enter the full URLs of the websites where you will use Page Integrity, like www.example.com.
    Enter domains you control, so Page Integrity knows which domains belong to you and which belong to third-parties (those outside your organization). Entries here affect detection and reporting, but don't set protections directly. You can add more domains later. If you want, copy and paste a comma-delimited list.
  9. Click Save.

Define pages where users enter sensitive data

If your site features data-entry forms where users enter confidential or sensitive data, like login credentials or payment information, define these pages in your Page Integrity Configuration. Doing so helps Page Integrity focus protections and identify suspicious activity that centers around attempts to steal valuable data.

  1. On the left, under SITE AND PROTECTION SETTINGS, click Sensitive Data Forms.
  2. Enter the full URLs of form pages, like https://www.example.com/en/login. Wildcards allowed like https://www.example.com/*/login but include only pages that contain forms.
  3. Click Save.

Set up alerts

Tell Page Integrity whom to email when there's an incident you need to take action on.

  1. Under Alerts, enter the email addresses that should get a message when an incident occurs.
  2. Click Save.

Apply Page Integrity protection to your website

How you apply script behavior detection on your site, depends upon your setup. For full details and complete steps, read Page Integrity Manager Help login required.

Monitor and respond to incidents

Page Integrity constantly analyzes script execution behavior in real-user sessions. But how do you know what it's finding? Our reporting tools to let you scan general activity, home in on suspected threats, and even see what intelligence Page Integrity has on scripts that have run while users interact with your website.

When suspicious behaviors affect one of your users, Page Integrity records it as an event. When a chain of events affects many users, the pattern likely signifies a serious threat, and Page Integrity generates an incident. It emails anyone you specified and raises the alarm on the Page Integrity Console, where you can take the immediate action Page Integrity recommends, based on:

  • the traits of the incident
  • our threat research team's extensive knowledge of script and domain behavior

A high-level view of the flow looks like this:

To learn more about all your incident response options, and get the full story on using Page Integrity, read Page Integrity Manager Help login required.

Notice

© 2020 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered trademarks or service marks in the United States (Reg. U.S. Pat. & Tm. Off). Akamai Intelligent Edge Platform is a trademark in the United States. All other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject to change without notice. Published 4/2020