Most web sites, web applications, and web servers receive and process requests from outside a company’s protected internal network. This makes them potentially vulnerable to a variety of malicious attacks including SQL injections, cross-site scripting, and application layer distributed denial of service (DDoS).
This exposure poses a threat to your infrastructure, the application’s performance, and the confidentiality, integrity, and availability of the data delivered by those resources over the Internet. These types of attacks can produce outcomes that are detrimental to your business, such as unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, and network downtime.
Protect your external web infrastructure against these threats through the following security measures:
-
DDoS ProtectionAutomatically protect your websites from Distributed Denial of Service (DDoS) attacks by serving them through our network. Our worldwide presence establishes an imposing and extensive barrier between an origin server and malicious traffic, regardless of whether it consists of a high-volume HTTP
GET
flood attack or a slow DDoS attack. -
TLS CertificatesWe strongly recommend end-to-end encryption for the communication between your clients, our network, and your servers. For this reason, we automatically generate and renew Let’s Encrypt certificates for your domains. Alternatively, you may upload an existing TLS certificate and we will install it across our entire network.
-
Origin ShieldShield your web servers from high volumes of traffic through our Origin Shield. Our Origin Shield consists of two intermediate caching layers through which traffic is filtered before it can reach your web servers. Consolidating requests through these caching layers dramatically reduces the volume of traffic that your web servers will need to handle. This ensures that your servers remain performant during peak traffic periods.
-
Web Application and API ProtectionMonitor, detect, and prevent application layer attacks with our Web Application Firewall (WAF), Bot Manager, API Security, and Client-Side Protection. Each security layer improves your security posture through the following threat detection activity:
- Inspects inbound HTTP/HTTPS traffic against reactive and proactive security policies.
- Identifies undesired traffic through HTTP request delivery profiles.
- Identifies undesired traffic through custom criteria that matches your business needs.
- Responds to malicious or suspicious activity in-band and on a real-time basis.
- Restricts the flow of site traffic (aka rate limiting) with the intention of:
- Diverting malicious or inadvertent DDoS traffic.
- Preventing your web servers from being overloaded.
- Filters out traffic generated by basic bots to prevent them from scraping your site, carding, spamming your forms, launching DDoS attacks, and committing ad fraud.
- Validates API requests against your API schema.
- Validates JSON Web Tokens provided within API requests.
- Detects violations of your Content Security Policy.
- Uses our open source Waflz rules engine that is optimized for low latency.
- Runs at the CDN edge to prevent malicious traffic from being proxied to the origin. This reduces the load on your web servers and improves site performance.
How Does It Work?
Edgio intercepts and filters out DDoS traffic before it reaches our security servers. This allows our security solution to focus on securing your web applications and API through the application layer. The following diagram shows how requests flow through our network.