Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected.
But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)
CISO and Head of CyberSecurity at a tech services company with 51-200 employees
User
2020-07-21T13:19:02Z
Jul 21, 2020
CDN is not going to help you to avoid DDoS. The main function of a CDN is to deliver content faster. To mitigate the risk of a DDoS you need a Web Application Firewall (WAF). Todays WAF come with CDN capabilities.
Founder and Strategic Business Development with 11-50 employees
Jun 19, 2020
Because the CDN have normally a WAF, a reverse proxy and a lot of locations to replicate in miliseconds your site. I know Cloudflare better and this is the response can I answer you.
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Feb 10, 2021
Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected.
But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)
Of course with CDNs people always think about speed.
I see CDNs in a differently. A CDN provides users, and vendors a unique deployment spot based on its location within a network diagram, between the user and the origin web server. Due to this unique location you SHOULD expect more from a CDN than just performance. Why? Because this is the perfect place to layer on ancillary services.
Find a CDN vendor who has service you need, in addition to just plain old performance enhancement. CDN vendors offer all sorts of add on services including:
DNS Management
Malware Detection
Bot Detection
API Security
Web Application Firewalls
2 Factor Authentication
Load Balancing
Threat Intelligence and Fraud Detection
DDoS Protection
Etc.
If you're implementing a CDN as a net new project, stop and ask yourself "Do I have other projects that I can knock out at the same time?"
VP of Business Development at a marketing services firm with 1-10 employees
May 30, 2017
Downtime overall, ease of deployment, least resistance for buy-in. Is it forward looking and encompassing for future upgrades or requirements with little or no disruption?
Fastly, a content distribution network (CDN), experienced an outage on June 9 that knocked out several high-traffic sites, including The Guardian and The New York Times newspapers, a number of British government sites, Reddit, and Amazon.com. The company attributed the outage to a bug in software Fastly was using to upgrade a client’s infrastructure. The company apologized for the problem in a ...
CDN & Cybersecurity Engineer - Web performance & security at CDN Tech / Ecritel
Jun 11, 2021
"Imperva Incapsula’s stability is what stood out for a vice president of global IT security at an insurance company. He noted, “The stability of the solution is very good. I've never heard of any outages that I'm aware of. It doesn't crash or freeze. There aren't bugs or glitches. It's reliable.”"
-> 05/03/2021 https://status.imperva.com/inc...
-> 10/03/2021 https://status.imperva.com/inc...
It's almost right, but even that don't happen often, it happens (and both outage had a huge impact)
Layer 3 or 4 DDoS are absorbed by the CDN as design (IP, TCP ,UDP), the high volume doesn't reach your origin server so you are automatically protected.
But in case of layer 7 DDoS, all application attacks (SQL injections, XSS, Remote file inclusion), you need a Web Application Firewall (WAF) to protect against this kind of threat, the CDN will not "see" and of course not block these attacks (and it's not his role)
CDN is not going to help you to avoid DDoS. The main function of a CDN is to deliver content faster. To mitigate the risk of a DDoS you need a Web Application Firewall (WAF). Todays WAF come with CDN capabilities.