and indeed live most of our lives online. Whether we are enterprise users or endpoint consumers, our digital experiences are increasingly delivered

Transcription

1 1

2 lchannel Introduction := make(chan ControlMessage);work ercompletechan := make(chan bool); statusp ollchannel Digital security := has make(chan never taken on greater urgency. chan Today we bool); live in a worker Active := fundamentally false;go connected ecosystem admin(controlchannel,st where we increasingly work, play, and indeed live most of our lives online. Whether we are enterprise users atuspollchannel); for { select { case resp or endpoint consumers, our digital experiences are increasingly delivered Chan := to <- us on our statuspollchannel: connected devices wherever we are, whenever respchan we <- workeractive; want them. case msg := <-controlchannel : workeractive = true; go dostuff(msg,work For InfoSec professionals, this interconnected ecosystem is wreaking ercompletechan); havoc with the idea of the case perimeter. In status fact, the perimeter := as we <- know worker- CompleteChan: it no longer exists. workeractive The attack surface is always shifting = and status; continues to }}}; disperse across a wider area. At the same time, attacks continue to grow func admin(cc chan ControlMessage, statusp in size and volume, and are increasingly targeted. ollchannel chan chan bool) {http.handlefun c("/admin", No longer can func(w you secure the perimeter http.responsewriter, and trust that nothing will get r in or out. What you need to deploy and manage is being redefined right *http.request) { /* Hmmm, I wonder if this before your eyes, with or without you. You need to take security to works for the edge. THEIR domain */ hosttokens :=str ings.split(r.host, ":"); if len(hosttokens ) > 0 { host := hosttokens[0]; for i :=0; i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM From the Core to the Edge: 7 Reasons You Need Security at the Edge 2 2

3 What is security at the edge? From the Core to the Edge: 7 Reasons You Need Security at the Edge 3

4 lchannel := make(chan ControlMessage);work Security at the edge is an approach to defending your business, your ercompletechan customers all of your := users make(chan from security threats by bool); deploying statusp ollchannel defense measures := make(chan closer to the point of attack chan and as far away bool); from your worker assets (your people, applications, or infrastructure) as possible. Active := false;go admin(controlchannel,st atuspollchannel); The edge is the physical location for where { things select and people connect { with case resp Chan := the <- networked statuspollchannel: digital world. The edge refers to a distributed digital respchan <- topology where digital experiences are located closer to where things workeractive; case msg := <-controlchannel and people produce or consume those experiences. : workeractive = true; go dostuff(msg,work ercompletechan); The edge doesn t replace case the cloud. In fact, status in some ways it := completes <- workerthe cloud. Think of edge as a topology; where digital experiences occur. CompleteChan: workeractive = status; }}}; The cloud, on the other hand, is a style of computing. And increasingly, func admin(cc cloud experiences chan are pushing closer ControlMessage, to the edge. statusp ollchannel chan chan bool) {http.handlefun Focusing an approach at the edge will provide better digital c("/admin", interaction, better func(w efficiency, and http.responsewriter, better security, and ultimately allow r *http.request) organizations to save { money /* and concentrate Hmmm, resources I wonder additional if this revenue opportunities. works for THEIR domain */ hosttokens :=str ings.split(r.host, Along with these benefits also comes ":"); the opportunity if to len(hosttokens look at security ) > 0 { anew host closer to := the edge. hosttokens[0]; for i :=0; i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM From the Core to the Edge: 7 Reasons You Need Security at the Edge 4

5 The benefits of security at the edge. From the Core to the Edge: 7 Reasons You Need Security at the Edge 5

6 lchannel := make(chan ControlMessage);work By moving beyond appliance and perimeter-based security models, ercompletechan IT and security teams := have the make(chan opportunity to surpass a traditionally bool); statusp ollchannel reactive approach := make(chan to security and instead embrace chan innovation bool); new worker cloud services, new partners, and new customer engagement models Active := false;go admin(controlchannel,st all while implementing proactive protection closer to users and the atuspollchannel); incursions that threaten them. for { select { case resp Chan := <- statuspollchannel: respchan <- In-depth security as a service at the edge enables you to protect your workeractive; apps, your infrastructure, case and your msg people, := from the <-controlchannel core to the edge. : workeractive = true; go dostuff(msg,work ercompletechan); Applications case status := <- worker- Protect applications and APIs deployed anywhere in your data centers CompleteChan: or in the public cloud workeractive with DDoS protection, web app = firewall, status; and }}}; func admin(cc bot management. chan ControlMessage, statusp ollchannel chan chan bool) {http.handlefun Infrastructure c("/admin", Isolate and protect func(w your critical infrastructure http.responsewriter, as well as traffic the network r *http.request) with DDoS protection, { secure /* app Hmmm, access, and malware I protection. wonder if this works for THEIR domain */ hosttokens :=str People ings.split(r.host, Secure your workforce and customers ":"); from advanced if threats len(hosttokens with ) > 0 { targeted host threat := protection hosttokens[0]; and identity management. for i :=0; i < len(host)/2; i++ { if host[i]!=host[l Combine a hostile threat landscape with complex and often ineffective en(host)-1-i] security controls and { it s fmt.fprintf(w, clear why an intelligent yet simple security-atthe-edge return; approach is the direction }}}; of the r.parseform();count, future. Evolving digital business "invalidhos tname"); requirements have resulted in ever more complex systems, which can ultimately lead to even more risk. But the shifting landscape also offers "), 10, an 64); opportunity if for IT and err security leaders!= to nil take the lead { and fmt.fprintf(w bring new, err.error()); value to their organizations. return; }; msg := ControlM From the Core to the Edge: 7 Reasons You Need Security at the Edge 6

7 7 reasons you need to take security to the edge. From the Core From to the Core Edge: to 7 the Reasons Edge: You 7 Reasons Need Security You Need at the Security Edge at the Edge 7

8 lchannel := make(chan ControlMessage);work Given the complex and constantly changing digital ecosystem of today, ercompletechan you need adaptive, := intelligent make(chan security-at-the-edge strategy bool); designed statusp ollchannel to reduce := your attack make(chan surface and simplify security chan controls. bool); Security at worker the edge enables you to: Active := false;go admin(controlchannel,st atuspollchannel); for { select { case resp Chan := 1 Protect against attacks without <- compromising statuspollchannel: performance. respchan <- workeractive; case msg := <-controlchannel Customers and corporate users have come to expect effortless : workeractive digital interactions. They = expect true; these interactions go dostuff(msg,work to be glitch-free, ercompletechan); personalized, and engaging. case Because the status edge is the nexus := of physical <- workertopography and digital experience, there is maximum opportunity for CompleteChan: workeractive = status; }}}; elevated experiences based on proximity, and the benefits that proximity func admin(cc brings to real-time chan digital interactions. ControlMessage, statusp ollchannel chan chan bool) {http.handlefun c("/admin", 2 Stop func(w attacks at the http.responsewriter, edge before they r *http.request) reach your { data /* centers Hmmm, or applications. I wonder if this works for Protect THEIR applications wherever domain they are deployed */ hosttokens in your data :=str ings.split(r.host, center, the cloud, or across multiple ":"); clouds. The if best approach len(hosttokens to securing a dissolving perimeter is by following a defense-in-depth ) > 0 { host := hosttokens[0]; for i :=0; strategy, deploying defense measures that extend from applications and i < len(host)/2; infrastructure all the way to i++ the user. The { key if is that host[i] security is always!=host[l en(host)-1-i] situated between users { fmt.fprintf(w, and potential attackers, stopping threats "invalidhos closer to attackers before they can jeopardize your applications and infrastructure. tname"); return; }}}; r.parseform();count, "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM From the Core to the Edge: 7 Reasons You Need Security at the Edge 8

9 lchannel := make(chan ControlMessage);work ercompletechan 3 Defend against := make(chan massive scale attacks. bool); statusp ollchannel If history has := taught make(chan us anything, we will continue chan to see the bool); types worker Active := of attacks false;go we ve seen in the recent admin(controlchannel,st past only bigger. Take the memcached-fueled 1.3 Tbps attack in February 2018, for example, or the atuspollchannel); for { select { case resp Mirai-fueled Dyn authoritative DNS provider attack in It s not likely Chan := that <- you ll statuspollchannel: be able to handle the sheer size and volume of modern respchan attacks <- workeractive; within your own data case center. With msg an edge := approach, <-controlchannel you ll be able to stop attacks using the scale of your vendor s platform, calling on the : workeractive = true; go dostuff(msg,work ability to respond to all spikes of traffic legitimate or malicious. ercompletechan); case status := <- worker- CompleteChan: workeractive = status; }}}; 4 func admin(cc Manage chan a growing ControlMessage, attack surface. statusp ollchannel As the perimeter chan dissolves, chan the attack bool) surface expands. {http.handlefun The shifting perimeter is characterized by increasing enterprise cloud migration and c("/admin", func(w http.responsewriter, r digital business imperatives like a mobile-first strategy and an increasingly *http.request) API-focused back end. { These /* trends Hmmm, reveal new application I wonder and if this works for infrastructure THEIR vulnerabilities. domain Combined with */ continued hosttokens but increasingly :=str sophisticated malware delivery, phishing attempts, and lateral network ings.split(r.host, ":"); if len(hosttokens movement, the threats are formidable. Security at the edge adapts to ) > 0 { the host new normal, := meets hosttokens[0]; threats closer to their source, and knocks for them i :=0; i < len(host)/2; down before they penetrate i++ your critical { assets. if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); 5 return; Protect your }}}; users globally. r.parseform();count, Your workforce is increasingly on the go, and opportunities to add value "), 10, to 64); the business if present err themselves!= anytime nil and anywhere. { fmt.fprintf(w Edge security, err.error()); allows you to support the return; business as your users }; disperse msg and applications := ControlM are deployed across data centers, the public cloud, multi-cloud environments, anywhere in the world. From the Core to the Edge: 7 Reasons You Need Security at the Edge 9

10 lchannel := make(chan ControlMessage);work ercompletechan 6 Mitigate := future make(chan risk. bool); statusp ollchannel Adopting := an edge make(chan security platform will enable chan you to respond bool); to future worker Active := threats. false;go Seamlessly deploy new admin(controlchannel,st security capabilities and solutions as they become available, without disrupting your application or corporate atuspollchannel); for { select { case resp infrastructure. An edge approach also affords you critical flexibility that Chan := allows <- your statuspollchannel: security posture to better scale with your growing respchan business. <- workeractive; case msg := <-controlchannel : workeractive 7 = true; go dostuff(msg,work Empower yourself and your team. ercompletechan); case status := <- worker- Lastly, IT and security teams need to become a partner in digital business CompleteChan: workeractive = status; }}}; and a business enabler, not merely a cost center. Security at the edge func admin(cc provides the opportunity chan for you ControlMessage, to step out from behind the outdated statusp ollchannel roles you ve chan been relegated chan to in the bool) past. No longer {http.handlefun will you be the no innovation. Make it your business to bring value with an adaptive, c("/admin", func(w http.responsewriter, r proactive, and in-depth security-at-the-edge approach. *http.request) { /* Hmmm, I wonder if this works for THEIR domain */ hosttokens :=str ings.split(r.host, ":"); if len(hosttokens ) > 0 { host := hosttokens[0]; for i :=0; i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM From the Core to the Edge: 7 Reasons You Need Security at the Edge 10

11 lchannel Conclusion := make(chan ControlMessage);work ercompletechan := make(chan bool); statusp ollchannel Given the := growing make(chan threats posed by persistent chan attackers, attacks bool); worker Active := on a massive false;go scale, sophisticated admin(controlchannel,st bots, increasingly advanced malware, and a dissolving enterprise perimeter, it s clear that the old atuspollchannel); for { select { case resp perimeter-based understanding of security will not suffice. Instead, Chan := look <- to a security-at-the-edge statuspollchannel: approach that will greenlight your respchan digital <- workeractive; business transformation case while keeping msg what := you care <-controlchannel about most dependably secure. : workeractive = true; go dostuff(msg,work ercompletechan); case status := <- worker- CompleteChan: workeractive = status; }}}; func admin(cc chan ControlMessage, statusp ollchannel chan chan bool) {http.handlefun c("/admin", func(w http.responsewriter, r *http.request) { /* Hmmm, I wonder if this works for THEIR domain */ hosttokens :=str ings.split(r.host, ":"); if len(hosttokens ) > 0 { host := hosttokens[0]; for i :=0; i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, As 64); the world s largest and if most trusted err cloud delivery!= platform, Akamai nil makes it { easier for fmt.fprintf(w its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai s massively, err.error()); return; }; msg := ControlM distributed platform is unparalleled in scale, giving customers superior performance and threat protection. Akamai s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery solutions are supported by exceptional customer service and 24/7/365 monitoring. To learn why the top t: count}; financial institutions, cc online <- retail leaders, msg; media and entertainment fmt.fprintf(w, providers, and government organizations "Cont trust Akamai, please visit blogs.akamai.com, on Twitter. Published 02/19., count); From the }); Core to the http.handlefunc("/status",fu Edge: 7 Reasons You Need Security at the Edge 11