Availability, or the big “A” is often the overlooked corner of the CIA triad. Perhaps a contributing factor is the common belief among security professionals that if data is not available, it is secure. Corporate executives have a different opinion, as downtime carries with it a hefty price tag. While today’s corporate risk assessment certainly involves the aspect of availability, it is focused on redundancy, not on security. Penetration tests, a result of the corporate risk assessment, also fail to test on availability security. In fact, pen testing and vulnerability scanning contracts specifically avoid any tests which might cause degradation of service, often leaving these vulnerabilities unknown until it’s too late. Availability is commonly handed off to be addressed by network engineering to design and build resilient networks. Common risk mitigations in this arena include redundant power, internet links, routers, firewalls, web farms, storage, and even geographic diversity with use of hot, warm and cold data centers. You get the picture; there is a ton of money invested in building network infrastructure to meet corporate availability requirements.
I was able to get to DerbyCon V this year for the first time – an annual conference founded by David Kennedy that is held at the end of September in Louisville, KY. One of the talks that I attended was also given at Blackhat 2015, “Bypass Surgery – Abusing Content Delivery Networks with Server Side Request Forgery, Flash, and DNS” by Mike Brooks from Bishop Fox and Matthew Bryant from Uber.
Imagine a world where smartphones were only upgraded every 15 years. It is hard to imagine waiting that long for new hardware and new functionality to meet consumer expectations and demands. It is even harder to imagine how the update will integrate all the changes in the way people utilize their smartphones.
In previous articles, we’ve reviewed content delivery networks (CDNs) from a variety of security perspectives – from how hackers have used them as weapons of DDoS to how bad actors can use free services to create astronomical billing issues. CDNs are often used as a mask, to levy API abuse and web reflector attacks that plague the Internet via bots and scrapers. Today, it is estimated that 65% of the traffic on the Internet is from such abuse. If you were to reflect on that idea, would you think that a CDN can protect you? That is the falsehood that is often believed.
During the past 12 months, we’ve worked to provide more than application delivery and security solutions. Our goal was (and is) to share knowledge with the IT community so you can assess upcoming trends, implement best practices, and gain insights through our research. Thanks to our readers, partners, customers, and team members for another great year of sharing our thought leadership.
Here’s a look at what resonated the most with our readers this past year. Happy Holidays and we wish you a smart, successful, and secure 2015. Cheers!
One of the most provocative findings in our latest State of the Union for Ecommerce Web Performance was the fact that using a content delivery network correlated to slower performance for retail sites. In today's post, we'll explore what this finding means (hint: correlation doesn't mean causation) and why you still need a CDN in your performance toolkit.
Nearly, two years ago I questioned the myth: does size really matter? and now it’s time to revisit the issue and also look at some of the changes occurring in the cybercrime scene.
The big myth of 2012 was that organizations need to prepare for enormous attacks. The attack on Spamhaus in 2013 supported this claim.
*NB: Don't panic. Correlation does not equal causation. More on that later in this post. In our latest quarterly research into the performance of the top 500 ecommerce sites, we found that while 75% of the top 100 websites use a content delivery network, CDN usage doesn't correlate to faster load times. Sites that use a CDN take a full second longer to render primary content than their non-CDN-using counterparts. Today, I want to discuss why these findings aren't as surprising as they sound, what CDNs fix versus what they can't fix, and how site owners can ensure they're covering all their performance bases.
This is one of the most frequently asked questions I encounter. To understand how a front-end web performance optimization (WPO) solution complements a CDN — and ultimately delivers dramatic acceleration gains for your web pages or enterprise applications — you need to understand which pain points each solution addresses.
Most people have a rough idea that latency has something to do with the delay in moving content from the host server to the user, but when pressed, they struggle with explaining the real-world implications of latency on application performance. In this post, I'm going to explain what latency is, its impact on page load, and how we can fight back.