VDMS Introduces Managed Security Services

As part of its new suite of security services, Verizon Digital Media Services has recently announced a new set of managed cloud security services. The new addition complements already available security features within VDMS’ Cloud Security Solution, including DDoS protection, dual WAF, advanced bot management, and real-time analytics and reporting.The new managed solution adds continuous support from a dedicated Computer Security Incident Response Team who provide 24 hour monitoring and mitigation from Verizon’s Security Operations Center.

According to Cyberedge’s 2018 Cyberthreat Defense Report, 77% of organizations surveyed were victimized by one or more cyber-security breaches. This represents a substantial jump from 2014’s 62%. Consequent financial losses can be substantial. Not only do stock prices fall an average of 5% after a data breach, but other less immediate losses also typically occur. When IBM reviewed the hidden cost of data breaches, it found that costs include lost business due to the negative impact of a breach on a company’s reputation, plus the employee hours dedicated to recover. The global average cost of a data breach is $3.86 million. This represents an increase of 6.4% since 2017.

VDMS Managed Cloud Solution

Verizon’s new, managed cloud solution (MCS) is an addition to its already existing suite of services intended to counter the ever-evolving threat landscape. The MCS introduces a 24/7, 365 monitoring and mitigation offering from the Computer Security Incident Response Team.

“By leveraging our managed cloud security feature, our customers can now lean on our dedicated security teams to monitor and protect their web and mobile applications, so they can concentrate on growing their business,” said Frank Orozco, Chief Technology Officer for Verizon Digital Media Services.

As part of the Cloud Security Advisory service, VDMS will provide a security architect to work with enterprises on a specific and ongoing basis. The certified Security Solution Architect will provide a number of services, including ensuring that the WAF is tuned and updated, in addition to reviewing customized rule sets, tuning, implementation, generating reports, running training, and creating custom rules upon request. The ensuing protection is highly personal and continuous, creating opportunities for an easy review of anomalies along with possible misuse of websites and mobile apps.

Verizon’s Overall Suite of Services

Verizon’s overall Cloud Security Solution is one of the largest cloud security networks with 57Tbps of global network capacity and 125+ PoP. Its extensive configurations are highly granular, allowing Verizon to work with organizations to customize their defense strategies based on their specific needs and the latest threats. VDMS’ sophisticated HTTP Rate Limiting features help absorb the biggest DDoS attacks to guarantee application and/or mobile performance. The VDMS proprietary technology stack (offered as its integrated Holistic Web Protection solution) provides assurance that protection against threats are not operating in silos, which can mean that more complex or multi-vectored attacks are missed a result of a lack of a broader understanding of the threat landscape.

The VDMS suite of Cloud Security Services aimed at protecting enterprise websites and mobile apps includes:

  • A Dual Web Application Firewall. Instead of employing just one as is typical for other CDNs, Verizon employs two full-time Web Applications Firewalls (WAF). This enables dual protection via a parallel rule set. Customers can continue to use an existing WAF rule set in conjunction with testing a new rule set in production. The parallel rule set ensures that production traffic is not impeded while allowing businesses to stay up-to-date of the most sophisticated current and evolving threats. Rules and configurations can be customized and updated quickly without creating any protection gaps. Also, by testing rule changes in audit mode, the dual firewall minimizes false positives. The VDMS WAF services provide protection against the OWASP Ten Threats and vulnerabilities that are application-specific, such as WordPress and Joomla.

  • Bot mitigation. Verizon leverages leading fingerprinting technology to protect against persistent advanced botnet attacks while still enabling access to legitimate users and benign bots. Bot protection is provided through a native integration of Distil Networks’ BRM technology.

  • Real-time analytics and reporting. Changes are monitored and alerts sent live to notify businesses about attacks within seconds of occurrence, meaning threats can be acted on in near real-time.

  • Layers 3, 4 and 7 DDoS Protection. Triple-layer protection ensures mitigation against multiple types of DDoS attack in order to ensure that websites and applications are always open for business. Verizon also employs HTTP rate limiting to protect an enterprise’s web applications both in advance of and during an attack. Verizon also protects against attacks aimed directly at individual IP addresses through DDoS Shield. DDoS Shield is an infrastructure-based service that uses BGP routing to send customer traffic to Verizon scrubbing centers so that clean traffic can be returned via GRE tunnels, protecting your origin infrastructure.

  • “API-first” analytics and reporting solution with a self-service web interface. This allows clients to customize their solution, integrating the service with already-existing security workflows and SIEM tools, in addition to viewing real-time analytics. The analytics provide information in under 60 seconds and a history of up to 30 days in order to evaluate attacks, past and present. The self-service interface also allows for quick security deployments with configuration updates being propagated in under five minutes.

Looking Ahead

Frost & Sullivan recently recognized VDMS as one of the top Holistic Web Protection solutions available (full report here).

Key differentiators for VDMS from the rest of the industry that Frost & Sullivan identify are:

  • Market Offering:

    • VDMS’ parallel rule set, unique within the industry

    • Self-service monitoring interface and real-time analytics

  • Architecture:

    • 57Tbps+ of capacity via the Anycast network with super PoPs, offering enhanced cache efficiency

    • API-based solution supporting continuous integration and DevOps principles

    • Holistic Web Protection service on a proprietary technology stack

  • Value/Integration:

    • SSL/TLS encryption as part of the baseline package

    • MCS services, including 24/7 monitoring and support

    • Integration with DDoS Shield

Digiprove sealCopyright secured by Digiprove © 2018