The CDN provider's new DDoS scrubbing offering impersonates the customer’s network to phase out malicious traffic, and employs advanced IP masking at source to prevent direct-to-origin attacks. Credit: Igor Stevanovic / Getty Images Content delivery network (CDN) service provider Edgio has added a new Distributed Denial of Service (DDoS) scrubbing ability along with improved Web Application and API Protection (WAAP) to its network security offering.Designed to reduce severe damages from sophisticated DDoS attacks, Edgio’s scrubbing solution impersonates the customer’s network by routing the customer’s IP traffic through its scrubbing point-of-presence (PoP) and only sending the “clean” traffic back to the customer’s infrastructure, according to Richard Yew, senior director, product management for Security at Edgio.A PoP is the point at which two or more different networks or communication devices build a connection with each other.“Companies like Edgio are always working to push the bar forward with mitigating DDoS attacks, while the bad guys continue to advance their bot armies — both in complexity and in sheer numbers,” said Chris Steffen, research director at analyst and consulting firm Enterprise Management Associates. “When coupled with threat detection and API protection, Edgio’s solution will provide some interesting choices for customers dealing with continued DDoS attacks and API vulnerabilities.” Edgio’s scrubbing extends to origin serversA typical DDoS attack has an attacker holding a business’ system, website or network hostage by overwhelming it with a large volume of requests, making it unavailable to legitimate users. The attack uses multiple compromised devices, referred to as bots or zombies to effect simultaneous requests.There are, however, other types of DDoS attacks that target the origin servers or IP addresses of a website or application, instead of targeting the front-end infrastructure or CDN. These are called direct-to-origin attacks. Edgio’s new scrubbing capability promises protection at the source level against attacks from the non-web applications via a dedicated scrubbing capability that uses standard protocols such as Border Gateway Protocol (BGP) and generic routing encapsulation (GRE) tunnel for masking the original IP packets.“Coupling DDoS scrubbing with edge/CDN-based DDoS protection ensures we provide 100% protection against all forms of DDoS attacks today,” Yew said.Outbound rule customizer and proxy detection Edgio has also added a set of improvements to its WAAP, which include advanced rule customizer, outbound data leak prevention, proxy detection, enhanced configurability and regional code support for geopolitical compliance.Conventionally, security rules are designed to inspect inbound requests to mitigate application attacks from the inside-in, lacking the outbound visibility. Therefore, Edgio has added the ability for security rules to scan outbound traffic as well, preventing data and code leakage.“Controlling outbound traffic is critical — one of the most significant control gaps there is, and continues to be the cause for abuse of APIs and the sensitive traffic that uses them,” Steffen said. “Controlling that traffic (or — in the very least — having visibility to that traffic) is an important step on gaining control of data in motion, regardless of the source.”Outbound rules typically have higher computational costs and tend to add too much latency if done via a point solution that’s not edge based, according to Yew. Edgio has also added the ability to detect and block requests originating from anonymous proxies, providing additional control on the access to customers’ applications. The enhanced configuration management will enable developers to directly import and export configuration JSON via both API and UI to protect new applications.Edgio’s clients can also control access to their applications via new advanced access control rules like regional control down to specific regions and provinces. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe