Skip to main content

Security Services

Overview

Content providers consume security services at the edge using their existing CDN providers.
Examples of such services include:

  • DDoS Protection
  • Web Application Firewall (WAF)
  • Bot Management
  • API Security
  • Global Threat Intelligence

There are multiple benefits to consuming security services at the edge:

  • CDN providers operate massive, globally distributed networks.
  • Malicious traffic (SQL injection, XSS, etc.) is blocked before it reaches your application.
  • Since CDNs are already inline for caching and delivery, security services add no extra network hop.
  • Enforce authentication, schema validation, and rate limiting before traffic hits your APIs.

The Challenge in Multi-Edge Architecture

Inconsistent Behavior

Unfortunately, security services are not consistent across CDN providers.
Content providers operating in a multi-edge architecture are often forced to stop consuming security services at the edge, because each CDN offers different implementations. As a result, content providers cannot achieve consistent behavior across multiple CDNs.

For example, assume both CDN Provider A and CDN Provider B offer WAF services.
While the user can configure both, they will never behave the same way. Some traffic might be allowed by CDN A’s WAF but blocked by CDN B’s WAF.

These inconsistencies make multi-edge security architectures difficult — if not impossible — to manage.

Limited Visibility

In a multi-edge architecture, each CDN provider sees only a portion of the traffic. As a result, their security services become limited or even unusable.
For example, a CDN provider cannot enforce a global rate limit if it only sees part of the traffic.

The root cause is that in this architecture, no single provider has visibility into the complete traffic picture.

IO River Security Services at the Edge

IO River provides consistent security services at the edge using Edge Compute. By leveraging edge compute technology, IO River deploys identical security services across multiple CDN providers.

Security Serivces

With IO River’s security services, traffic is handled in the exact same way, regardless of which CDN provider is serving it. The same security services are deployed across all CDN providers’ edge compute platforms. In addition, users can manage these services centrally from the IO River Console — for example, custom WAF rules are defined once and automatically applied across all CDN providers.

The main benefits of IO River’s security services:

  • Works across multiple CDN providers
  • Deployed at the edge
  • Provides consistent behavior across providers
  • Centralized management