A question was once asked to a VP of Product Management that if a specific product could be created, and he said there is no way. A few months afterwards, the same question was asked to a young CEO of a successful startup, and he answered, “hell yeah, we’ll create anything, anytime, as long as the money is there”. Well, the money is there. More than $3B has been invested in security companies from 2011 to 2013, funding over 300 security startups. In Q1 of 2014, twenty security companies were started or funded. In the past decade, Symantec, Checkpoint, MacAfee and other major security companies have invested tens of billions of dollars in their security offering.
Yet, it’s impossible to put the hacker within a security wall, whether it’s a sandbox, anti-virus product, next generation firewall, or whatever, and expect them to stay confined within that security wall. The entire global business landscape, including government agencies are at risk of getting hacked. Since today’s security solutions aren’t succeeded in stopping the attacks, can another industry step in, and lend a helping hand in protecting an organization’s most valuable assets? Yes, the content delivery network.
Snapshot of some Incidents
- Hospitals at Risk: Hospitals are behind other industries in securing their valuable assets. Their cyber defense systems are inadequate. Joseph Health System in Texas was hit by an attack in Dec in which data on 405,000 employees and patients were exposed. Cyber criminals charge $20 for health insurance credentials compared to $1 – $2 for each credit card.
- Microsoft Internet Explorer Zero Day: Unknown security flaw discovered by FireEye impacts IE9 to IE11 that enables hackers to install malware when a user merely visits a site.
- Mask Exploit: Malware developed by Spanish-speaking hackers targets earlier unpatched versions of Kaspersky anti-malware. Mask is comprised of sophisticated malware, rootkit and bootkit. Targets include government institutions, diplomatic offices, energy, oil, gas companies and others.
- IceFog: Backdoor controlled by hackers is used for cyber-espionage purposes that targets South Korea, Taiwan, and Japanese organizations. Spear-phising emails with attachments, or links to websites are used to infect victims. Targets government, military, telecom, satellite operators, technology companies and more.
How can CDNs Help
Content Delivery Networks haves assets in place that Symantec, Palo Alto, and other security companies don’t have in play, and that’s a global network. The network is fully tuned, hardened, and battle tested, ready for a security service that sits alongside caching services. An Internet virus spreads fast, hitting different countries at different POPs in seconds. A static security solution sitting at HQ or a data center is going to have a difficult time tracking the virus in different locations across the globe in real time. CDNs have the infrastructure to track viruses in real time to and fro different locals down to the byte level, and down to the last mile. For now we are putting technical constraints aside, just like the CEO did in paragraph 1, and having a brainstorming session.
|Endpoint Security||Checkpoint||Checkpoint and CloudFlare|
|Network Security||Palo Alto||Palo Alto|
|Data Center Security||Imperva||Imperva|
|Edge Security||CloudFlare||CloudFlare and Imperva|
For many years the traditional CDN security feature set of token authentication, SSL Certs, router with security plugins/features, and home-made custom security scripts was all that was needed to protect a customer’s content. Then came along the web application firewall (WAF) offering an extra layer of security. That’s was a big step forward for CDN security. However, the CDN security feature set is nowhere near where it needs to be. The good news, Imperva and CloudFlare have broken rank and done something that no other CDN has, they have crossed security tiers.
Imperva went from offering only data center security to data center and edge security, as outline in the matrix above. CloudFlare is more interesting in that they went from offering edge security to endpoint security, jumping two tiers. Although their endpoint security solution is a malware scanning service, nonetheless, it was a great leap forward. Now, if only a CDN can offer the CloudFlare and Imperva security feature set, the gap between security tiers shrinks. Maybe Akamai might is the one to bridge the security gap, by buying an interesting security company that goes into the various security tiers. If it does that it dramatically changes the CDN landscape, and turns the security industry upside down. In the next post we’ll explore further.