Why the security stack needs to move to the edge

Akamai’s chief technology officer Robert Blumofe makes the case for a decentralised security model to address cyber threats that are emanating from the network edge

The traditional security model underpinned by a centralised security stack is no longer effective against cyber threats that increasingly originate from the edge of a network.

That was the view of Robert Blumofe, Akamai’s executive vice-president and chief technology officer, who noted that a centralised security model would require enterprises to backhaul all web traffic to a central location for inspection and control.

“If you’re subject to an attack and you backhaul that traffic to your security stack, you’re actually creating more problems than you’re solving,” Blumofe said, “because you’re now giving that attack traffic more opportunity, more surface area and more opportunity to do harm.”

Instead, he called for enterprises to move the security stack to the edge where traffic is coming from, noting that this was an important concept for the future of security.

“The security stack needs to live not in a handful of locations but rather ubiquitously at the edge, because that’s where the threats, users and applications are,” he told Computer Weekly.

Blumofe said with the security stack spread across the network edge, it is important for security capabilities to be delivered from a single platform that is also capable of managing and abstracting the complexities of a distributed infrastructure.

“We have many capabilities on our platform, whether it’s image management, acceleration, TLS [Transport Layer Security] termination or bot management,” he noted. “But we can’t anticipate everything, so for something that we haven’t already built as a pre-packaged capability, our customers can program it themselves.”

As for manageability, Blumofe said enterprises using Akamai’s platform will only need to specify the policies and rules they would like to enforce. “We hide all of the complexity of the distributed system and they can interact with us as if it’s one unified system,” he added.

Besides Akamai, content delivery network suppliers like Singapore-based Toff Technologies are also touting the benefits of having security capabilities distributed across multiple edge locations.

Philip Chua, co-founder of Toffs Technologies, said in mitigating distributed denial-of-service (DDoS) attacks, for example, malicious traffic is dropped at the edge while legitimate traffic is allowed to pass through.

This differs from traditional clean pipe services that reroute the BGP (border gateway protocol) route to a centralised location before traffic can be scrubbed, resulting in latency.

As cyber threats can emerge from any edge location, suppliers like Toffs and Akamai have been expanding their global and regional footprints to include more points of presence (PoPs).

For Akamai, Blumofe said as the company expands into new markets where it may not have a strong presence, its network team will negotiate new co-location and network contracts.

“We can’t always be in every single location that we want to be, so we’re always re-evaluating that and we’re always doing new deployments based on where our customers are,” he added.

The issues around security at the edge will inevitably lead to discussions on internet of things (IoT) security.

Earlier this year, Akamai acquired Inverse, a Montreal-based company which built a platform that uses network data to identify IoT devices that could have gone undetected.

“Because devices communicate through different protocols and signatures, such as the way they interact with DHCP [Dynamic Host Configuration Protocol] services, we can tell you what the device is,” Blumofe said.

For low-powered cellular IoT devices, Akamai has also acquired Dublin-based Asavie whose platform creates an on-demand tunnel through the cellular network to the security stack.

“So, whenever a cellular device communicates, all its traffic is automatically tunnelled to the security stack, without any need for a special client or anything high-powered,” Blumofe said.

Read more about cyber security in APAC

  • Security experts at Black Hat Asia 2021 discuss the state of ransomware and supply chain attacks, two of the most common attack vectors that offer high returns for threat actors.
  • ViewQwest’s SecureNet service uses Palo Alto Networks’ next-generation firewall with deep packet inspection capabilities to guard against cyber threats.
  • Australia’s Channel Nine was taken off the air by a cyber attack on its IT systems that disrupted live broadcasts out of its Sydney broadcasting facility.
  • Security operations teams in India and Japan see the increased volume of cyber threats as their biggest challenge amid the Covid-19 pandemic.

Read more on Network security management