What is Holistic Web Protection and why does it matter?

richard-yew-headshotBy Richard Yew, Principal Product Manager

In recent years, web security has become a major concern for every organization with an online presence. High-profile security breaches from such industry leaders as Equifax and Facebook have made headlines, but giant corporations aren’t the only ones at risk; a recent survey found that half of all American businesses had been victims of some form of cyberattack.

To protect themselves, online business owners have traditionally employed a variety of appliances or cloud-based services to guard their web applications, most notably DDoS (distributed denial-of-service) protection and a WAF (web application firewall). But as businesses increasingly use content delivery networks (CDN) to deliver sophisticated and business-critical web applications where low latency and high availability are a critical requirement, it has become apparent that the scale and reach of these distributed cloud platforms are well-positioned to provide the most effective holistic web protection.

What is a Holistic Web Protection solution?

Holistic web protection integrates essential security technologies such as DDoS mitigation and WAF and is focused on delivering comprehensive protection of websites, web applications, and infrastructure. Holistic web protection addresses key security issues of availability, confidentiality, and transactions between the website owner and users.

A holistic web protection solution should have a few things in common. It must protect against DDoS attacks, data theft, and disruptive automated traffic, and should also provide encryption, rate limiting, and origin cloaking. A holistic web protection solution should also be cloud-based and have globally distributed points of presence (PoP) to ensure maximum scalability and performance under load.

A holistic web protection approach offers several immediate business advantages. Integrating all security features under a single service is both simpler and less costly than coordinating with multiple vendors. Having a cloud-based platform where the management of the physical devices and software are separate from customers also enables service providers to perform real-time security updates to combat new threats. The ability to quickly deploy virtual patches and rectify zero-day vulnerabilities is at the heart of an advanced security solution. Failure to patch a known vulnerability fast was the culprit in the infamous Equifax breach, which cost the company over $600 million and permanently tainted its reputation.

The evolved choice

Cloud security solutions were developed as part of a natural outgrowth of CDN platforms, which themselves act as a natural DDoS protection barrier by filtering unwanted traffic and only allowing proper HTTP request traffic to reach a customer’s origin servers. As more CDNs developed edge compute capabilities, it became possible to move more advanced logic directly onto the CDN platform. This allows businesses to push security logics out to the edge of the network rather than performing the expensive security inspections at their origin infrastructure. Extending the security parameter to the edge allows for mitigation of attacks close to where they originated, as opposed to mitigating them only when they get close to the origin servers where all the critical infrastructure lives. Having an integrated platform that delivers and protects the same traffic also facilitates greater visibility, allowing customers to have a single pane of glass view of all of their traffic, which can be correlated with all security incidents captured on the same platform.

As cyberthreats become more advanced, the importance of a multi-layered security solution has grown. A website whose only protection is DDoS has the equivalent of a home security system that only monitors the front door, while the windows are left wide open. But organizations that attempt to address these gaps with a siloed approach (using different vendors for WAF, DDoS, load balancing, bot mitigation, etc.) have the equivalent of separate security systems installed on every entrance to the house.

Not only is this strategy inefficient, but the isolated systems also aren’t capable of interfacing in the event of a sophisticated attack from multiple points of entry. Siloed security tools can miss complex threats, such as advanced persistent bot attacks, which are on the rise, and are evolving faster than traditional defenses can keep up. But a holistic web protection solution, with the ability to utilize collective insights gleaned from its entire network and layers of security mechanism, can detect and defend against new forms of attack as they arise.

Why Verizon Digital Media Services’ holistic web protection stands out

The market for holistic web protection is currently dominated by a few vendors, each of whom offers some variation of the features discussed above. In a 2018 Frost & Sullivan report on the sector, Verizon Digital Media Services excelled in both availability (having the capacity and architecture to effectively mitigate massive attacks) and performance (advanced security features that do not sacrifice speed or ease of use).

Verizon Digital Media Services is unique among holistic web protection vendors for both the size and the agility of our network, and every choice we’ve made for our security solution is designed to provide the best experience to customers, developers, and users. For example:

  • Our unique dual WAF architecture allows for seamless security rules updates to deal with evolving threats without introducing downtime in security or risking false positives.
  • We utilize an “API first” approach, giving customers the ability to tailor their solution to their unique needs and make informed choices based on real-time analytics. It’s a DevOps-friendly design that integrates easily with existing tools and workflows.
  • We provide security without hampering performance, thanks to our unique Super PoP architecture. This innovation makes our servers powerful enough to operate two WAFs simultaneously, so customers can test new protocols on one and run traffic on the other, ensuring a seamless user experience.
  • Our 63+ Tbps network has the bandwidth to absorb even the most aggressive DDoS attack, ensuring your website stays open for business.

As threats evolve, all your company’s security solutions should evolve with them. Taking a holistic approach to web protection is the next step toward keeping your systems and data safe, not just today, but into the future.

Download our Frost & Sullivan report summary to learn why they rated our multi-layered cloud-based solution at the top of its Global Holistic Web Protection Market Analysis.