Security at Scale: How to build a fast and secure network

Talking web security with Elad Rave, founder and CTO of Teridion.

internet web security risk
geralt (CC0)

The best innovations often come from those who stand at a tangent to the universe. Those within are mired in the muddy, log-filled data swamps. Those staring outside-in often question the status quo. Like why is latency still a major issue – or how can we build a more secure network from the ground up. The rest of us would have dismissed such questions, assuming it’s not possible to even go down that path. For Elad Rave, Founder and CTO of Teridion, the desire to build a safer and a faster web won him the Gold in the 11th Annual IT World Award.

I sat down with Elad at Teridion offices in San Francisco to find out how his team is changing web security.

You call the internet “a big bad wolf.” Why?

Lets face it – if you get online, you’ll get attacked one way or another. And if you are safe, page load times are getting abysmally slower. All content distribution platforms are working hard to ensure that the user experience is not getting any worse. It was not supposed to be this way. We should demand more.

What is the fundamental problem here?

The most fundamental protocols that route traffic on the internet are decades old and were not designed for speed. For example, Border Gateway Protocol (BGP) uses a cost-based logic. We all know that the cheapest path is not the fastest.  Packets hop around in a highly inefficient manner. For example packets can get routed from Los Angeles to Brazil and then to San Francisco. In the modern day, the Internet's routing and transport protocols are no longer sufficient. The network should be safe and speedy by design. It’s exactly the opposite today.

You claim to address two major issues – speed and security.  How are you delivering 10X+ speed improvements for web traffic – what’s driving this change?

We have designed and launched a system that adapts to a real-time congestion map of the Internet generated by our monitoring agents. Using our machine learning algorithms, we are able to predict networking issues before they happen. This helps us to find the best possible path from source to destination, taking into account bandwidth, latency and geography. We have shown up to 20x internet performance improvements. By setting up intelligent routing in the cloud, Teridion ensures that packets are delivered in the fastest and most efficient method possible. Thus, bandwidth is no longer a concern.

Internet optimization has been around for years. What are some of your innovative breakthroughs?

We live in the age of dynamic content which is being consumed by web and mobile users. We use public cloud to optimize application and content delivery. Unlike traditional Content Delivery Networks (CDNs), the Teridion KumoX solution is provisioned in minutes with no need for caching or application modifications. We sell dedicated Internet fast lanes directly to SaaS or content providers to solve performance issues for all of their end users in a region without requiring them (or their customers) to install  additional software or buy hardware. Our service scales on-demand, works for static and dynamic content, uploads and downloads, and is not limited by geography, end-user device or cloud provider.

How do your customers benefit?

First and foremost, the security posture for our SaaS customers is substantially different. Let’s compare the web with a cellular network. You cannot DDoS a cellphone tower simply because each cell user is authenticated via their SIM card. So we have created a similar environment where each user and packet is authenticated while traversing a Teridion fast lane. With Teridion KumoX, we can tackle DDoS mitigation effectively. Traffic peaks are handled automatically, and we can block spoofed IP addresses, as well as enforce domain name validation. As we do not cache any content, we don’t need any SSL certificates nor audits. Finally, we can help them comply with various data residency regulations by allowing them to connect quickly to application servers even if customer content is hosted locally. 

Secondly, we live in an era where speed matters. To improve user experience, content needs to be customized on the fly. Such targeted content is dynamic and can not be cached. Today's businesses need to deliver high-quality, rich content to users at unprecedented speeds without sacrificing reliability. New content delivery models are required that address security, bandwidth and latency requirements for bi-directional traffic, not limited to HTTP protocols.

We have a growing roster of customers including top SaaS and content companies like Atlassian and Box. We have been able to route and optimize their traffic effectively, yielding a much better UX and increased ROIs. For example, Egnyte is a file sync and share company has achieved rave performance reviews from analysts like IDG. Egnyte is powered by Teridion and has accomplished a lot with very little - we are very proud of the partnership.  

What needs to be ripped out / replaced to use your offerings? What are some integration and usage related training requirements?

Nothing. With a simple DNS change, we route your traffic in a highly secure way. There is nothing to install, no major upfront commitments and we have a “pay as you go” model. We live in a SaaS world and behave as such. We are confident in our offering and if the customers don't like it, they can leave instantly, without any sunk costs or penalties.

Why would I route all my traffic through your cloud?

First of all, we don’t have one. We actually use the infrastructure of a dozen or so leading public clouds like AWS, Google, IBM Softlayer, DigitalOcean, Vultr and many others, so you can trust the investment they have made in their cloud networks! Teridion KumoX simply spins up routing software on VMs along the best routes across all of them in real time, which means we can avoid outages or congestion in any one provider. Remember the Internet meltdown when AWS had that last outage?!

What was your “A-Ha” moment – that spark that lit this startup on fire?

Once during a networked Xbox gaming session between Israel and US, I experienced very poor performance. The game itself didn’t require much bandwidth and I wondered what’s going on. I found out that we use outdated logic and protocols to route traffic over multiple hops. We have little to no visibility around latency and packet losses. And if the content is dynamic, it even gets worse. The engineer in me could not sit still till we got to the bottom of this mess. And that's how we started down the path of building Teridion KumoX.

What does the future entail?

Security should be invisible and never impact speed or user experience. I hope we are getting one step closer to that world.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CSO delivered to your email inbox.