Content delivery network (CDN) service provider Edgio has added a new Distributed Denial of Service (DDoS) scrubbing ability along with improved Web Application and API Protection (WAAP) to its network security offering.Designed to reduce severe damages from sophisticated DDoS attacks, Edgio\u2019s scrubbing solution impersonates the customer\u2019s network by routing the customer\u2019s IP traffic through its scrubbing point-of-presence (PoP) and only sending the \u201cclean\u201d traffic back to the customer\u2019s infrastructure, according to Richard Yew, senior director, product management for Security at Edgio.A PoP is the point at which two or more different networks or communication devices build a connection with each other.\u201cCompanies like Edgio are always working to push the bar forward with mitigating DDoS attacks, while the bad guys continue to advance their bot armies \u2014 both in complexity and in sheer numbers,\u201d said Chris Steffen, research director at analyst and consulting firm Enterprise Management Associates. \u201cWhen coupled with threat detection and API protection, Edgio\u2019s solution will provide some interesting choices for customers dealing with continued DDoS attacks and API vulnerabilities.\u201dEdgio\u2019s scrubbing extends to origin serversA typical DDoS attack has an attacker holding a business\u2019 system, website or network hostage by overwhelming it with a large volume of requests, making it unavailable to legitimate users. The attack uses multiple compromised devices, referred to as bots or zombies to effect simultaneous requests.There are, however, other types of DDoS attacks that target the origin servers or IP addresses of a website or application, instead of targeting the front-end infrastructure or CDN. These are called direct-to-origin attacks.Edgio\u2019s new scrubbing capability promises protection at the source level against attacks from the non-web applications via a dedicated scrubbing capability that uses standard protocols such as Border Gateway Protocol (BGP) and generic routing encapsulation (GRE) tunnel for masking the original IP packets.\u201cCoupling DDoS scrubbing with edge\/CDN-based DDoS protection ensures we provide 100% protection against all forms of DDoS attacks today,\u201d Yew said.Outbound rule customizer and proxy detection Edgio has also added a set of improvements to its WAAP, which include advanced rule customizer, outbound data leak prevention, proxy detection, enhanced configurability and regional code support for geopolitical compliance.Conventionally, security rules are designed to inspect inbound requests to mitigate application attacks from the inside-in, lacking the outbound visibility. Therefore, Edgio has added the ability for security rules to scan outbound traffic as well, preventing data and code leakage.\u201cControlling outbound traffic is critical \u2014 one of the most significant control gaps there is, and continues to be the cause for abuse of APIs and the sensitive traffic that uses them,\u201d Steffen said. \u201cControlling that traffic (or \u2014 in the very least \u2014 having visibility to that traffic) is an important step on gaining control of data in motion, regardless of the source.\u201dOutbound rules typically have higher computational costs and tend to add too much latency if done via a point solution that\u2019s not edge based, according to Yew.Edgio has also added the ability to detect and block requests originating from anonymous proxies, providing additional control on the access to customers\u2019 applications. The enhanced configuration management will enable developers to directly import and export configuration JSON via both API and UI to protect new applications.Edgio\u2019s clients can also control access to their applications via new advanced access control rules like regional control down to specific regions and provinces.