CNME Editor Mark Forker managed to secure an exclusive interview with Richard Yew, Senior Director, Product Management – Security at Edgio, to find out how their ‘holistic’ approach to security is really striking a chord with users on a global scale.
Richard Yew has enjoyed a fruitful career in the cybersecurity sector and is recognised as an industry thought leader by many of his peers.
In a decorated career to date, Yew worked with major content delivery players such as Akamai and Edgecast.
In June 2022, Edgecast was acquired by Limelight to create Edgio where Richard has been tasked with the responsibility of helping the content delivery network service provider expand its market presence worldwide.
CNME spoke to the dynamic security professional to find out how the company has been able to make such a positive impact in what is an ultra-competitive marketplace.
He began the conversation by highlighting how the company pursued a ‘holistic’ approach in terms of the way they tackle security.
“When it comes to security, at Edgio, we pride ourselves on our holistic approach. We provide end-to-end solutions from the basic infrastructure security standpoint right through to data encryption, DDoS and application layer protection. I believe it’s important to always go back to the basics and look at things objectively – and a good starting point is to ask what is the definition of security? Security for me, is what we do to help ensure that a system maintains the confidentiality, integrity and availability required to ensure that you are protected at all times,” said Yew.
Yew used the example of the crippling DDoS attacks that happened in airports across the United States in October 2022, as the perfect illustration of the devastating impact DDoS attacks can have.
“Those airports were shut down by DDoS attacks, now granted it was only brief, but all those airports had sophisticated security solutions, so the question becomes all about how where they penetrated? What organisations have a habit of doing is focusing solely on one area, so what they do is put the best DDoS solutions on the edge, which is their web applications, but they forgot to protect the rest of their systems and origin infrastructure,” said Yew.
In an effort to avoid that oversight, Yew said Edgio was fully committed to giving their customers ‘complete visibility’ with access to cutting-edge solutions that provide them with robust and resilient security offerings.
“Our goal at Edgio is to provide our customers with access to the most advanced solutions, but also to ensure that we provide them with 360-degree protection across their network and applications, because essentially everything that is exposed to the internet needs to be protected, not just your log-in page, your API, or your end-point – everything needs to be protected at all times,” said Yew.
Edgio’s diverse security solution offering has certainly resonated with users, but what is it that differentiates the company from other cybersecurity providers?
According to Yew, it’s nuanced, and incorporates a combination of factors, but he highlighted how some organisations are guilty of emphasising far too much focus solely on prevention.
“Most organisations will allocate the majority of their budgets to the prevention of an attack, at the expense of the other two components of security: the detection of an attack and the response to an attack. I like to use this analogy – despite the preventative measures we all take to stay healthy, we will still get sick at some point, it’s inevitable. So, it’s just as important to detect any illness quickly and to apply the appropriate remedy. The same for organisations – they need to really invest their resources on security detections in addition to their response,” said Yew.
Yew said one of the key capabilities that they equip their customers with is visibility and insights on the traffic coming in and out of their networks.
“We provide a lot of capability that enables businesses to really get a better understanding and comprehensive overview of the detections across all of their network traffic, using our sophisticated edge platform and our web application and API protection (WAAP). We strive to ensure that we equip our customers with the ability to respond to Zero-day vulnerability in the quickest time. To summarise, what we do better than our competitors is ensure that the security operations teams of our customers get things done fast, and when it really counts. You need to equip customers with the tools they need, so they know that Zero-Day exploits are mitigated in the shortest possible time,” said Yew.
Edgio’s Applications Platform has drawn widespread acclaim – and again, Yew stressed how the platform was designed and engineered with a ‘holistic’ mindset and approach.
“We want to provide our users with access to the most holistic application platform, one that is edge-enabled and has the capabilities to allow users to scale in order for them to protect their sites, accelerate their web applications – and improve their development velocity. Edgio Applications is pioneer of web application performance by implementing a next-generation, headless platform that lets users decouple their frontend and their backend and build CDN logic into the code,” said Yew.
From a performance perspective, Yew disclosed how the application performance platform is a next-generation CDN.
“The Edgio Performance solution allows us to do predictive pre-fetching, which utilises the capabilities of advanced machine learning derived from data from the client side. For example, when users browse a page online our technology can predict and fetch the next page that the user is most likely to click onto. This is a way in which we can achieve instant page load time and improve the Google Core Web Vitals score. This is a great example of what a next-generation CDN can do for you, and can help you improve your overall performance and revenue,” said Yew.
Data from a number of comprehensive reports show that almost half of traffic on the internet is generated by bots.
As Yew pointed out, 42% of the entire internet traffic is generated by bots. It’s a huge challenge for many organisations as it can be exhaustive on resources. Edgio understands the challenge and to tackle this Edgio’s Bot Management is a practical and easy to implement solution.
“A large proportion of that 42% figure is what we describe as bad bots, and that is a significant waste of bandwidth and resources in terms of the needless consumption of many businesses’ infrastructure, their cloud and network resources, and all it serves to do is increase their costs,” said Yew.
However, according to Yew, there can be more severe implications when it comes to bad bots.
“Unfortunately, a lot of these bad bots are performing real and harmful attacks, like account takeover, fake account creation, and fraud. Edgio handles about 5% of the internet, so we have a lot of data, and we see a lot of the traffic coming in and out of our platforms, and what we do is utilise machine learning technology on the server side to look at the traffic to, not only identify those bots, but to also categorise those bots,” said Yew.
Yew conceded that there are a lot of good bots within that internet traffic, like Google Bot and SEO Bot – and cited that many partners could be running bots to ensure that they get the most business critical information from you. That’s why customers need an intelligent bot solution. This is a key differentiator about Edgio bot management of good and bad bots, and not just bot mitigations like many of their competitors.
“Edgio can give users the ability to determine who are the good bots, and who are the bad bots – and that is a gamechanger for a lot of organisations. We call this bot management, but a lot of industry providers call it bot mitigation, but we are not just doing bot mitigations, we are doing bot management. Bot mitigation is just a subset of bot management, bot management provides the mitigations of bad bots, but also gives organisations the visibility and control they need for all types of bots, both good and bad,” concluded Yew.