2020-06-18T11:21:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at a tech services company with 51-200 employees
  • 3
  • 271

How does a CDN protect against DDoS attacks?

How do CDNs work to mitigate threats?

2
PeerSpot user
2 Answers
EW
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Real User
2021-02-10T08:22:26Z
Feb 10, 2021

Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected.


But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)

Search for a product comparison in CDN
ER
Founder and Strategic Business Development with 11-50 employees
User
2020-06-19T02:50:25Z
Jun 19, 2020

Because the CDN have normally a WAF, a reverse proxy and a lot of locations to replicate in miliseconds your site. I know Cloudflare better and this is the response can I answer you.

Learn what your peers think about Imperva DDoS. Get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
686,748 professionals have used our research since 2012.
Related Questions
ER
Founder and Strategic Business Development with 11-50 employees
Feb 10, 2021
If you have a CDN, does it mean you don't have to worry about DDoS attacks or will hackers still succeed in carrying out DDoS attacks?  I'm a VAR/System Integrator and I don't see any problem once you have Cloudflare.
See 2 answers
ID
CISO and Head of CyberSecurity at a tech services company with 51-200 employees
Jul 21, 2020
CDN is not going to help you to avoid DDoS. The main function of a CDN is to deliver content faster. To mitigate the risk of a DDoS you need a Web Application Firewall (WAF). Todays WAF come with CDN capabilities.
EW
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Feb 10, 2021
Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected. But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Feb 10, 2021
Let the community know what you think. Share your opinions now!
2 out of 4 answers
it_user350457 - PeerSpot reviewer
Director of Product Marketing at Distil Networks
Dec 3, 2015
Of course with CDNs people always think about speed. I see CDNs in a differently. A CDN provides users, and vendors a unique deployment spot based on its location within a network diagram, between the user and the origin web server. Due to this unique location you SHOULD expect more from a CDN than just performance. Why? Because this is the perfect place to layer on ancillary services. Find a CDN vendor who has service you need, in addition to just plain old performance enhancement. CDN vendors offer all sorts of add on services including: DNS Management Malware Detection Bot Detection API Security Web Application Firewalls 2 Factor Authentication Load Balancing Threat Intelligence and Fraud Detection DDoS Protection Etc. If you're implementing a CDN as a net new project, stop and ask yourself "Do I have other projects that I can knock out at the same time?"
it_user675075 - PeerSpot reviewer
VP of Business Development at a marketing services firm with 1-10 employees
May 30, 2017
Downtime overall, ease of deployment, least resistance for buy-in. Is it forward looking and encompassing for future upgrades or requirements with little or no disruption?
Related Articles
HT
Enterprise Technology Analyst at Journal of Cyber Policy
Jun 11, 2021
Fastly, a content distribution network (CDN), experienced an outage on June 9 that knocked out several high-traffic sites, including The Guardian and The New York Times newspapers, a number of British government sites, Reddit, and Amazon.com. The company attributed the outage to a bug in software Fastly was using to upgrade a client’s infrastructure. The company apologized for the problem in a ...
See 1 comment
EW
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Jun 11, 2021
"Imperva Incapsula’s stability is what stood out for a vice president of global IT security at an insurance company. He noted, “The stability of the solution is very good. I've never heard of any outages that I'm aware of. It doesn't crash or freeze. There aren't bugs or glitches. It's reliable.”"  -> 05/03/2021 https://status.imperva.com/inc... -> 10/03/2021 https://status.imperva.com/inc... It's almost right, but even that don't happen often, it happens (and both outage had a huge impact)
Related Articles
HT
Enterprise Technology Analyst at Journal of Cyber Policy
Jun 11, 2021
Putting the Fastly Outage in Perspective
Fastly, a content distribution network (CDN), experienced an outage on June 9 that knocked out se...
Download Free Report
Download our free Imperva DDoS Report and get advice and tips from experienced pros sharing their opinions. Updated: March 2023.
DOWNLOAD NOW
686,748 professionals have used our research since 2012.