An edge service is defined by its location rather than the nature of the service. A network gateway is an “edge device,” and an internet service provider is an “edge service.” Despite the definition of the edge being related to the service’s location, that situation between a client and a server does render the “Edge” concept more appropriate for particular types of services. For example, caching routers provide edge services because they deliver the content of a website from outside that business’s own network.
The edge strategy pushes network tasks outside onto the internet. Today, the proximity of the device delivering the edge service, to the network that it serves, doesn’t really matter. The edge service is an intermediary and this scenario is a great model for Cloud services.
Edge service type
Edge services have become increasingly advanced, offering servers in strategic locations around the world rather than one data center. This model enables businesses to protect their own infrastructure from damage or infection by pushing firewall functions out to a remote server. The providers of Cloud-based Web application firewalls specialize in cybersecurity and spread the expertise they acquire serving one client to all other customers. This knowledge base offers a website far greater protection than an on-premises firewall that constantly needs to be updated.
The edge model means that antimalware providers just need to keep their own server software up to date and don’t need to rollout virus database updates all over the world. The benefit to the business owner is that there is no danger that an update can be missed.
The defense systems of edge cybersecurity providers can be harnessed to provide DDoS protection and other traffic management services, including load balancing. The edge-based security system can take a lot of pressure off a web server and remove superfluous traffic and hacker attack strategies.
This load balancing operation leads onto another major channel of business for edge service providers, which is one of caching routers and content delivery systems. The concept of getting a gateway server to cache the most frequently accessed Web pages is not new. This practice speeds up access to internet content for the users of the served network. By pushing this service out onto the Cloud, an edge provider can assist the website to deliver faster rather than serve the receiver to get access faster. Thus, caching routers are now services aimed at delivering content on behalf of paying websites.
Edge service implementation
A typical edge-based content delivery system will store copies of the customer’s website on servers strategically placed around the globe. Web content can be transmitted around the internet very quickly. However, cutting out a lot of the distance that communications have to travel makes delivery even faster.
As a customer of an edge service, you won’t require much effort to implement the strategy. Large edge service providers have excess capacity, so you don’t have to worry about measuring traffic levels or assessing infrastructure capacity. Services are either charged for in advance through a subscription or in arrears as a metered service. These pricing models change the customer’s attitude towards traffic. You won’t need to bother planning for capacity anymore, although you will still need to measure it as it happens so that you can verify the charges coming from your edge service provider.
The edge service takes over your domain so that all requests to your Web server go through the provider’s servers first. That server can be employed to clean traffic and remove security threats, it can be used to redirect requests to one of a cluster of your own servers, or it can be deployed as a content server to either replace your own Web server entirely, or step in and deliver content when your own server gets overloaded with requests.
Edge service providers
You are most likely to consider edge services if you have your own website. As explained above, the most common uses for edge services are for website protection and traffic management and also for content delivery. Both of these services can be combined into a service package because both are implemented by letting the service provider take over your domain and act as a front end to your own servers. The following sections of this guide outline five recommended edge service providers.
- StackPath Edge Delivery 200 (LEARN MORE)
- Sucuri Web Security Platform (LEARN MORE)
- Incapsula services
- Akamai Intelligent Platform
The following sections of this guide outline five recommended edge service providers.
StackPath runs the complete range of edge services. These include a content delivery network, a web application firewall, a private DNS service, malware protection, and DDoS protection. The company doesn’t advertise load balancing or traffic management services.
The company offers each of its edge services individually by subscription and it also offers business bundles. These bundles include all of the edge services but are graded to suit enterprises of different sizes. Each package allows a different monthly transaction and speed allowance. The mid-sized package is aimed at small and middle-sized businesses and it is called Edge Delivery 200. Larger enterprises should look at the Edge Delivery 2000 package and independent bloggers are catered for by the Edge Delivery 20 plan which offers the first month for free.
StackPath also offers a delivery quality monitoring service. The company has a global network of data centers that can report on the load times of your websites for different audiences around the world. Those data centers are strategically placed to offer a solution to any performance problems through its content delivery system. The company will place your content on its servers so that they can be delivered faster to far away places. Those servers also field requests for your web services, filtering out any malicious activity and smoothing traffic patterns.
Sucuri blends the services of a Cloud-based web application firewall with delivery optimization run through its network of data centers around the world. The services of Sucuri are charged for on a subscription basis with two plan levels. The entry-level plan provides a web application firewall, a content delivery network, and DDoS protocol. A higher plan includes malware protection and a malware cleanup service.
If your website has been infected by malware, it has become a virus delivery system. The extra antimalware services of the higher plan, which is called Sucuri Platform, will clean out any malware hidden in your site as well as protecting it from future malware infection. The presence of malware in your site will seriously crush its visibility. This is because many other web edge services in the world would have blacklisted the site and will prevent anyone from accessing it. This block is widely implemented these days and is included in browsers and search engines. The Sucuri Platform service will notify all of the blacklists in the world that are blocking your site that it has been cleaned of viruses and has ongoing protection.
3. Incapsula services
Incapsula is the edge services brand of Imperva Inc, which is one of the leading cybersecurity companies in the world. In addition to top-grade protection, the company also runs a content delivery system.
Like the other options on this list, Incapsula is offered on a subscription service and is delivered on the Cloud. The subscription plans are pitched are three levels. The Pro version is suitable for individual sites, the Business option includes stronger security protection and the Enterprise option is a bespoke package that potentially includes all of Imperva’s edge expertise.
Imperva particularly excels at DDoS protection. The company takes over your domain and examines all incoming requests at both the application and network layers. The application layer check is included in the Business plan but the network level check is an add-on for all plans. The Incapsula DDoS protection can also be subscribed to as a standalone service. All plans include a very comprehensive Cloud-based web application firewall, which includes scraper protection and reputation management via virus protection and blacklist avoidance.
The traffic monitoring and filtering procedures of Incapsula include blacklisting and whitelisting based on source location, IP address, and attack signature detection. Incapsula maintains a database of known attack strategies, which is constantly updated. The caching capabilities of the service’s content delivery network include the reuse of connections, caching of static content, and image compression. Visit their website here for more details.
Cloudflare is also a prominent DDoS protection service. The company offers a Cloud-based web application firewall that is implemented in data centers spread throughout the world. The WAF is implemented as an edge service with global DNS entries being altered to point your domain to a Cloudflare server. Once traffic has been filtered, genuine requests are forwarded on to your server.
If you have problems caused by DDoS attacks, the company moves your assigned IP address to one of its servers, gets you an IP address registered in a cloaking name, and communicates with your server over a line that is secured by a VPN. With this service in place, all excessive traffic is absorbed by the Cloudflare servers and no one can find out your site’s real IP address to attack your site directly.
Cloudflare also caches websites and can deliver them directly, making them permanently available even when they are down for maintenance or redevelopment.
Cloudflare offers a subscription package, called Cloudflare Pick. The entry-level plan is free and it provides DDoS protection for a small website. The WAF is only available with the paid plans and higher plans include caching, image compression, and services to bypass internet controls in China. Visit Cloudflare here for more details.
5. Akamai Intelligent Platform
Akamai is a great source of cybersecurity research. The company produces regular reports on global security threats, gleaned from an excellent research department. That research is the bedrock of the Akamai service. The company uses its knowledge of attack strategies to protect its customers. This Cloud-based service pools the knowledge of that research department to protect all customers from a chain of data centers spread across the globe.
Like its rivals, Akamai offers DDos protection, a web application firewall, and web delivery optimization with caching, all delivered as edge services. The company doesn’t offer plans that include all services. Instead, customers subscribe to each edge service individually.
The Akamai Intelligent Platform adds delivery optimization to web security. The Platform is available on servers in 100 countries, enabling Akamai customers to keep their sites permanently available at high delivery speed. Learn more at Akamai’s website.
Edge service selection
As you can see from the list of edge service providers, this category of website support is really booming. You have some excellent options when you are looking for ways to protect your website and improve its delivery. All of these providers offer free trials and you can even get DDoS protection for a small website for free.
Akamai, Imperva, and Cloudflare are the three leading DDoS mitigation providers in the world, so you really are in safe hands with their edge services. StackPath and Sucuri are the ones to watch. These two up-and-coming edge service providers have global coverage, each with a network of data centers in strategic locations. Their subscription packages provide an out-of-the-box solution that is incredibly easy to set up.
The Cloud-based service providers are all online 24/7 giving your website constant availability no matter what disaster hits it.