Previously we looked at increasingly popular multi-CDN strategies, and how best to secure them. This part takes a broader look at CDNs in general, and how bringing back your security from the ‘edge’ can improve the overall security of your web applications.
Bringing back your security from the ‘edge’ of the CDN has many advantages – particularly in multi-CDN deployment scenarios. We take a look at the various deployment models for creating a centralized security protection layer, and when each should be considered.
Adopting a multi-CDN approach can be great for performance, but can also create some complex security challenges.
Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure. Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security. Penetration tests, a result of the corporate risk assessment, also fail to test on availability security. In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late. Availability is commonly handed off to be addressed by network engineering to design and build resilient networks. Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers. You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.
I was able to get to DerbyCon V this year for the first time – an annual conference founded by David Kennedy that is held at the end of September in Louisville, KY. One of the talks that I attended was also given at Blackhat 2015, “Bypass Surgery – Abusing Content Delivery Networks with Server Side Request Forgery, Flash, and DNS” by Mike Brooks from Bishop Fox and Matthew Bryant from Uber.
Imagine a world where smartphones were only upgraded every 15 years. It is hard to imagine waiting that long for new hardware and new functionality to meet consumer expectations and demands. It is even harder to imagine how the update will integrate all the changes in the way people utilize their smartphones.
In previous articles, we’ve reviewed content delivery networks (CDNs) from a variety of security perspectives – from how hackers have used them as weapons of DDoS to how bad actors can use free services to create astronomical billing issues. CDNs are often used as a mask, to levy API abuse and web reflector attacks that plague the Internet via bots and scrapers. Today, it is estimated that 65% of the traffic on the Internet is from such abuse. If you were to reflect on that idea, would you think that a CDN can protect you? That is the falsehood that is often believed.
During the past 12 months, we’ve worked to provide more than application delivery and security solutions. Our goal was (and is) to share knowledge with the IT community so you can assess upcoming trends, implement best practices, and gain insights through our research. Thanks to our readers, partners, customers, and team members for another great year of sharing our thought leadership.
Here’s a look at what resonated the most with our readers this past year. Happy Holidays and we wish you a smart, successful, and secure 2015. Cheers!
One of the most provocative findings in our latest State of the Union for Ecommerce Web Performance was the fact that using a content delivery network correlated to slower performance for retail sites. In today's post, we'll explore what this finding means (hint: correlation doesn't mean causation) and why you still need a CDN in your performance toolkit.
Nearly, two years ago I questioned the myth: does size really matter? and now it’s time to revisit the issue and also look at some of the changes occurring in the cybercrime scene.
The big myth of 2012 was that organizations need to prepare for enormous attacks. The attack on Spamhaus in 2013 supported this claim.