Cachefly CDN Incorporates Varnish Plus
Cachefly, the first CDN to use exclusively TCP anycast for routing as opposed to DNS load balancing, has added Varnish Plus to its network. Varnish specializes in caching and uses open-source software to do so. Varnish Plus is an upgrade on their previous software and offers 300 percent to 1000 percent faster web content delivery and a backend server load reduction of us to 89 percent. Varnish also performs content compression, SSL/TLS support and has a software repository.
By adding Varnish Plus’ enhanced front-end web accelerator, Cachefly improved their TTFB performance while maintaining their “industry-leading throughput.” They can also now deploy new features more quickly, in a matter of minutes, not days. In short, Varnish will speed up content delivery of all kinds for Cachefly customers worldwide.
Hybrid DDoS Protection Now Offered Through Huawei and Nexusguard
Huawei, a global information and communications technology (ICT) solutions provider in 170 countries and regions, and Nexusguard, a leader in DDoS security solutions, have partnered to offer a hybrid DDoS solution for Huawei customers. The solution was built specifically for Internet Service Providers and enterprises, as these types of business comprise the majority of Huawei’s customers. Though Huawei already offered DDoS mitigation, it has now incorporated the cloud into the process through its partnership with Nexusguard.
Huawei and Nexusguard’s hybrid solution will use on-premise equipment to handle smaller DDoS attacks while the cloud will be available for failover if an attack overloads the network. This ensures that all attacks are mitigated while the network suffers minimal latency and jitter.
The availability of the cloud offers the network another avenue through which to eliminate the attack or to route traffic if the network is bogged down by the attack. In addition to these hybrid cloud capabilities, the solution also boastslow false positive rates, the ability to mitigate a DDoS attack of any size, immediate protection, real-time attack monitoring and security across multiple layers.
Incapsula’s IP Protection Aims to Mitigate Direct-to-Origin Attacks
Incapsula has released a new security product aimed at protecting IPs that may already have a layer of protection through a CDN and/or the cloud. Though these CDN-based security solutions do handle DDoS and OSWAP top 10 attacks, they are not built to protect non-HTTPS traffic.
A determined attacker, Incapsula believes, can use FTP, SMTP, MX and nearly all other non-web DNS records to learn the origin IP of the traffic. With this information, a network-layer DDoS attack can be launched directly at the origin, and firewalls will be unable to stop the attack. Flooding the network with this type of attack can cause intense congestion in the network and even take down the ISP.
Incapsula offers a few suggestions to protect a network from this type of attack. Though the origin IP address can still be gathered from non HTTPS traffic, when onboarding a CDN-based DDoS service, the IP addresses should always be switched. Using a set of IPs for web services from other C-Class ranges can also minimize attacks if it is possible for the network in question.
Use of on-demand infrastructure (BGP) DDoS protection during an attack can also help, as can using a proxy-based protection option, though this can introduce a high amount of latency in the network and renders firewalls ineffective. Incapsula’s best solution is to add protection for single IPs through which traffic can be routed, screened and, if clean, passed through GRE tunnels back to the network. This is what their new IP protection provides to networks.
Akamai Adds DDoS Scrubbing Center in Australia
Adding yet another expansion to its massive network, Akamai has opened a DDoS scrubbing center in Sydney, Australia. With at least 6 scrubbing centers worldwide, Akamai aims to alleviate the threat of increasingly prevalent and cumbersome DDoS attacks. A scrubbing center analyzes traffic in the cloud to identify and eliminate any threats that are present and then routes traffic back through the network and to the end user.With this additional scrubbing center, traffic that is routed to the scrubbing center when an attack is detected will have a shorter route and therefore experience decreased latency. This will result in overall QoE improvement for both the client and the end-user.
The new scrubbing center will also give Akamai more information on advanced forensic attacks in Australia, allowing them to specialize their systems for those specific attacks. Akamai’s latest State of the Internet: Security Report states that there was a global 149 percent increase year over year in DDoS attacks in Q4 2015. Additionally, a massive 309 Gbps attack occurred, dwarfing the previous quarter’s largest of 149 Gbps. Though Australia does rank among the top 4 major sources of attack traffic (China with 28 percent, Turkey with 22 percent, US with 15 percent and Korea with 9 percent in Q4 2015), a local DDoS scrubbing center will certainly improve network performance and likely make local Australian networks more secure.
Verizon Jumps on the OTT Bandwagon With Its Acquisition of Volicon
Verizon Digital Media, which now also incorporates AOL, has acquired Volicon, a company specializing in “video capture, archival, compliance monitoring and clip creation workflow for broadcasters.” Though you may have never heard of Volicon, you are guaranteed to have heard of some of their clients unless you have been living under a rock since the dawn of broadcast TV. Volicon boasts an extremely broad customer base (1,200 companies) spanning from HBO to Fox, E TV, DirecTV, Telemundo, CNN, CBS, AT&T, ABC, Google, Time Warner, and just about any other major broadcaster you can imagine, including some from Asia, the EMEA and Latin America.
Though the financial details of this buyout were not disclosed, it is a massive play for Verizon as it enters the OTT game. Verizon Digital Media Services’ Video Lifecycle Solution will be working with Volicon to encourage its customers to take advantage of the ability to easily transition their content directly to OTT cloud-based delivery models. With Volicon’s plush customer base and Verizon’s expansive network, Verizon is now poised to become a behemoth in the OTT landscape.
Fastly Announces Availability of Audit Logs
In a bold move toward transparency, Fastly has announced that it will be making companies’ audit logs available to them via the API. These audit logs will contain information on who, when and from where (IP address) a change to a company’s Fastly service was made. Key events that will be tracked include version management, user behavior, security (i.e. API key creation and 2FA en/disabled), account management, billing, purge all commands and configuration settings including creation, deletion and updates.
With this granular insight into the network, troubleshooting and debugging can be simplified and the identity of those who have access to the Fastly app can be identified, improving security. The Audit Logs are in limited availability currently, but will soon be expanded and additional network events will be added.