1
lchannel Introduction := make(chan ControlMessage);work ercompletechan := make(chan bool); statusp ollchannel Whether you re := focused make(chan on public-facing websites chan or your company s bool); worker Active := assets and false;go users, as someone who admin(controlchannel,st cares about digital security, your life is dominated by these trends that characterize the state of all things atuspollchannel); for { select { case resp security in 2019: Chan := <- statuspollchannel: respchan <- workeractive; Attacks are case growing, msg evolving, := <-controlchannel : workeractive and becoming = more true; sophisticated. go dostuff(msg,work ercompletechan); And the types of case attacks we status see := <- worker- CompleteChan: are proliferating. workeractive = status; }}}; func admin(cc chan ControlMessage, statusp Business depends on flawless digital experiences. This is true for the enterprise to communicate, collaborate, and produce at the highest c("/admin", level. And it s func(w true of core business http.responsewriter, offerings like seamless online retail r *http.request) and financial transactions, { /* OTT video Hmmm, delivery, online I healthcare wonder portals, if this and for connected devices on the manufacturing floor. works for THEIR domain */ hosttokens :=str ings.split(r.host, There used to exist the idea of a ":"); constant immovable if security len(hosttokens perimeter. ) > 0 { You host could put a := wall around hosttokens[0]; and protect anything inside your data for center. i :=0; Nothing in. Nothing out. The problem is, the perimeter as we know it is i < len(host)/2; i++ { if host[i]!=host[l dissolving. How do you protect your crown jewels when the castle has en(host)-1-i] no walls? { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, The answer is at the edge. "), 10, When 64); you deploy if security err at the edge,!= you nil are protecting { your fmt.fprintf(w changing assets closer to the attack itself and moving digital experiences, err.error()); return; }; msg := ControlM closer to users. In essence, you re deploying a single pane of glass, essage{target: an extension of your r.formvalue("target"), infrastructure, that sits between you your users, Coun t: count}; your digital cc experiences <- msg; and the always-changing fmt.fprintf(w, nature of today s "Cont digital environment. Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 2
What we mean when we say edge. Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 3
lchannel := make(chan ControlMessage);work Bob Gill of Gartner defines edge simply as the physical location ercompletechan where things and people := connect make(chan with the networked bool); digital world. statusp ollchannel := make(chan chan bool); worker In a sense, it s a question of physical topology. At a time when users Active := false;go admin(controlchannel,st expect seamless digital experiences on demand, pushing interactions atuspollchannel); to the edge, closer to the source for of the data { being select generated, not { only case resp provides better experiences, but it is also the best location to construct Chan := <- statuspollchannel: respchan <- safeguards between your business and your widely distributed users and workeractive; consumers of digital case experiences. msg := <-controlchannel : workeractive = true; go dostuff(msg,work The shift in focus to the edge has been driven by several factors: ercompletechan); case status := <- worker- CompleteChan: - Consumers workeractive growing intolerance for latency. = status; }}}; func admin(cc chan ControlMessage, statusp - The rising consumption of bandwidth-gobbling rich content. c("/admin", - The sheer func(w enormity of content http.responsewriter, being delivered and consumed. r *http.request) { /* Hmmm, I wonder if this - The realization that centralized data centers aren t ideal works for THEIR domain */ hosttokens :=str for delivering or securing the kind of engaging content we ve ings.split(r.host, all come to expect from ":"); our digital experiences. if len(hosttokens ) > 0 { host := hosttokens[0]; for i :=0; As we look to the future, Gartner predicts that the topology of i < len(host)/2; i++ { if host[i]!=host[l networked data centers will push over the next five years from a en(host)-1-i] centralized, mega { data center fmt.fprintf(w, approach, to one augmented by multiple, "invalidhos tname"); smaller, return; distributed sources }}}; and sinks of r.parseform();count, content and information. By moving to the edge, they argue, businesses will be able to create entirely new markets based on the benefits it offers. "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); This is an opportunity for return; security and information }; services msg teams := to ControlM leverage a simple, agile security platform to move beyond merely being essage{target: a cost center, and instead r.formvalue("target"), becoming a strategic partner that empowers Coun t: count}; business and cc drives <- revenue. msg; fmt.fprintf(w, "Cont Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 4
What we mean when we say security at the edge. Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 5
lchannel := make(chan ControlMessage);work With processing happening so close to where data is generated, edge ercompletechan architecture can provide := a better make(chan experience, better efficiency, bool); and better statusp ollchannel security, and := ultimately make(chan allow companies to save chan money and bool); concentrate worker resources on additional revenue opportunities. Active := false;go admin(controlchannel,st atuspollchannel); Along with the benefits the edge for brings, { there select also comes the { case resp opportunity to look security anew. The network perimeter as we know Chan := <- statuspollchannel: respchan <- it is dissolving, so approaches to securing it must adapt. workeractive; case msg := <-controlchannel : workeractive Enter security at the edge. = true; go dostuff(msg,work ercompletechan); case status := <- worker- Security at the edge is an approach to defending your business, your CompleteChan: customers all of workeractive your users from security threats = by deploying status; }}}; func admin(cc defense measures chan closer to the ControlMessage, point of attack and as far away from your statusp assets (your people, applications, or infrastructure) as possible. Security at the edge is dynamic and adaptive. It allows you to surround and protect c("/admin", your users or func(w consumers wherever http.responsewriter, they are at the core, in the cloud, or r *http.request) on the edge, and everywhere { /* in between. Hmmm, I wonder if this works for THEIR domain */ hosttokens :=str ings.split(r.host, ":"); if len(hosttokens ) > 0 { host := hosttokens[0]; for i :=0; i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM essage{target: r.formvalue("target"), Coun t: count}; cc <- msg; fmt.fprintf(w, "Cont Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 6
What you re protecting isn t what you used to protect. Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 7
lchannel := make(chan ControlMessage);work Whether adapting to the shifting nature of the perimeter or endeavoring ercompletechan to protect evolving public-facing := make(chan applications, it s clear that bool); what you are statusp protecting has fundamentally changed, and will continue to do so. The ollchannel := make(chan chan bool); worker attack surface isn t what it used to be. For example: Active := false;go admin(controlchannel,st atuspollchannel); - Applications are constantly for updating { select with new versions, { case resp new functionality, and new microservices. Chan := <- statuspollchannel: respchan <- - Applications are continually moving from on premises to the workeractive; cloud, and back case again. msg := <-controlchannel : workeractive - Websites are = in a state true; of transformation go from dostuff(msg,work traditional, legacy infrastructure to mobile-first and API-based back ends. ercompletechan); case status := <- worker- - Data centers are perpetually being expanded or consolidated. CompleteChan: - Infrastructure workeractive is regularly being added to or removed. = status; }}}; func admin(cc - Employees chan are always on ControlMessage, the go. Rarely does the 9-to-5 statusp paradigm exist and, increasingly, neither does a centralized brick-and-mortar workplace. c("/admin", func(w http.responsewriter, r *http.request) In such an environment, { you re /* protecting Hmmm, a mix of applications: I wonder if this premises, in the cloud, or multiple clouds. At the same time, the teams works for THEIR domain */ hosttokens :=str within your organization are composed of different groups of people with ings.split(r.host, varying priorities making independent ":"); decisions. if They may len(hosttokens all be sound ) > 0 { business host decisions, := but hosttokens[0]; the unpredictable nature of the process presents for i :=0; great challenges. i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] The answer lies in { a cloud-agnostic fmt.fprintf(w, security practice that can respond "invalidhos to tname"); your return; business when it changes }}}; directions r.parseform();count, uses multiple cloud solutions simultaneously. Your solution lies at the edge. "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM essage{target: r.formvalue("target"), Coun t: count}; cc <- msg; fmt.fprintf(w, "Cont Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 8
How do I deploy security at the edge? Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 9
lchannel := make(chan ControlMessage);work Your mission is to protect applications wherever they are. Deploying a ercompletechan single security solution := at the make(chan edge minimizes the time and bool); resources statusp spent training on that solution. And with that one solution that single ollchannel := make(chan chan bool); worker pane of glass you can protect applications anywhere any platform. Active := false;go admin(controlchannel,st atuspollchannel); The exact combination of security for solutions { appropriate select for each { case resp organization may vary, but the following measures are critical pieces of Chan := <- statuspollchannel: respchan <- effective edge security strategy: workeractive; case msg := <-controlchannel : workeractive DDoS Protection = true; go dostuff(msg,work It s not uncommon for organizations to be hit with hundreds if not thousands of DDoS ercompletechan); attacks a month. It s critical to keep case applications status and IT services available := even through <- workerthe largest of these attacks. CompleteChan: workeractive = status; }}}; Web Application Firewall func admin(cc chan ControlMessage, statusp Websites and web applications are increasing in complexity and risk, with new vulnerabilities discovered daily. A superior firewall can offer protection performance. c("/admin", Bot Management func(w http.responsewriter, r Bots can represent 30 to 70% of an organization s website traffic, with impacts ranging *http.request) from poor performance to { lost customers /* Hmmm, to fraud. It s incumbent I on wonder the organization if this to deploy a capable and adaptive bot strategy to bring scrapers under control and works for THEIR domain */ hosttokens :=str mitigate credential stuffing. ings.split(r.host, ":"); if len(hosttokens Secure Enterprise Application Access ) > 0 { Business host models have := changed. hosttokens[0]; Enterprise digital ecosystems, cloud applications, for and i :=0; distributed users mean that IT needs agility and your users need safe but seamless i < len(host)/2; access. Simple, secure remote access i++ management { if needs to host[i] be easy for IT, provides!=host[l inherently better security, and delivers an exceptional user experience. en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); DNS return; }}}; r.parseform();count, Protect your authoritative DNS service and stay connected with your users and employees. Architected for performance and availability, our solution maintains a fast and available DNS experience even through the largest DDoS attacks, and can also "), 10, protect 64); against DNS if forgery err and manipulation.!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM Malware Prevention essage{target: Ensure that your users and r.formvalue("target"), their devices can safely connect to the Internet anytime, Coun anywhere, by proactively identifying and blocking targeted threats such as malware, t: count}; ransomware, cc phishing, <- DNS data msg; exfiltration, and fmt.fprintf(w, zero-day attacks. "Cont Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 10
Maintain trust with security at the edge. Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 11
lchannel Consumers := of make(chan digital experiences expect ControlMessage);work their data and transactions to ercompletechan be secure and their privacy := to make(chan be protected. And companies bool); need to statusp protect their workforce from incursion attempts. When you protect your ollchannel := make(chan chan bool); worker assets and your people from the outside in and the inside out Active := you ve taken false;go an important step admin(controlchannel,st cultivating trust as a core brand value. atuspollchannel); for { select { case resp And don t underestimate trust: According to research conducted by Chan := <- statuspollchannel: respchan <- Frost & Sullivan, 86% of customers surveyed said they prefer security workeractive; over convenience, case and the more msg trust placed := with a <-controlchannel company, the more : workeractive money they would be = willing true; to spend with go that organization. dostuff(msg,work In fact, as Forrester reports, the mere whiff of suspicion of a company s data use ercompletechan); case status := <- workerpractices can cut revenue by up to 25%. CompleteChan: workeractive = status; }}}; func admin(cc The security landscape chan is shifting. ControlMessage, Today s security professionals are statusp faced with persistent attackers, sophisticated bots, and advanced command and control software, along with an enterprise perimeter that c("/admin", is increasingly func(w difficult to enforce. http.responsewriter, To maintain users trust, organizations r *http.request) need security at the edge { that /* surrounds Hmmm, and protects I the wonder entire if this architecture clouds, sites, content, apps, and users. works for THEIR domain */ hosttokens :=str ings.split(r.host, ":"); if len(hosttokens ) > 0 { host := hosttokens[0]; for i :=0; i < len(host)/2; i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, 64); if err!= nil { fmt.fprintf(w, err.error()); return; }; msg := ControlM essage{target: r.formvalue("target"), Coun t: count}; cc <- msg; fmt.fprintf(w, "Cont Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 12
lchannel Conclusion := make(chan ControlMessage);work ercompletechan := make(chan bool); statusp ollchannel := make(chan chan bool); worker The laws of physics the speed of light, data gravity, limitations in Active := bandwidth false;go require a change admin(controlchannel,st the way we think about security. The atuspollchannel); demand for more real-time interactions for between { select things, people, { and their case resp digital experiences is pushing all toward the edge. Which is a good Chan := <- statuspollchannel: respchan <- thing. It s already expanding business opportunities, and fundamentally workeractive; changing how we case live, interact, shop, msg and work. := <-controlchannel : workeractive = true; go dostuff(msg,work But along with this evolution, attack surfaces will continue to shift and ercompletechan); case status := <- workerbecome highly distributed. Attacks will continue to grow and target with CompleteChan: more precision. Trust workeractive based on a single network location = will status; no longer }}}; func admin(cc be relevant. These chan trends, and the ControlMessage, ever more complex systems in digital statusp business, ultimately will result in even more risk. But they also provide security teams considerable opportunity the opportunity to become a c("/admin", business partner func(w and a driver of http.responsewriter, value for their organization. r *http.request) { /* Hmmm, I wonder if this You can do this by employing an edge security strategy one that works for is adaptive, THEIR in-depth, and domain designed to preempt */ the hosttokens expanding attack :=str ings.split(r.host, surface and simplify security controls. ":"); One that brings if users len(hosttokens closer to the digital experiences and knocks down attacks where they re generated. ) > 0 { host := hosttokens[0]; for i :=0; One that breeds trust and puts the confidence and control back in i < len(host)/2; your hands. i++ { if host[i]!=host[l en(host)-1-i] { fmt.fprintf(w, "invalidhos tname"); return; }}}; r.parseform();count, "), 10, As 64); the world s largest and if most trusted err cloud delivery!= platform, Akamai nil makes it { easier for fmt.fprintf(w its customers to provide the best and most secure digital experiences on any device, anytime, anywhere. Akamai s massively, err.error()); return; }; msg := ControlM distributed platform is unparalleled in scale, giving customers superior performance and threat protection. Akamai s portfolio of web and mobile performance, cloud security, enterprise access, and video delivery essage{target: r.formvalue("target"), Coun solutions are supported by exceptional customer service and 24/7/365 monitoring. To learn why the top t: count}; financial institutions, cc online <- retail leaders, msg; media and entertainment fmt.fprintf(w, providers, and government organizations "Cont trust Akamai, please visit www.akamai.com, blogs.akamai.com, or @Akamai on Twitter. Published 01/19. Everything You Always Wanted to Know About Security at the Edge, But Were Afraid to Ask 13