A content delivery network or content distribution network (CDN) is a globally distributed network of proxy servers deployed in multiple data centers. The goal of a CDN is to serve content to end-users with high availability and high performance. CDNs serve a large fraction of the Internet content today, including web objects (text, graphics, and scripts), downloadable objects (media files, software, documents), applications (e-commerce, portals), live streaming media, on-demand streaming media, and social networks. CDNs distribute content for websites and content portals by caching updated content on a network of locally available servers in various geographies. This architecture enables CDNs to enable fast, personalized and local access to content for users of the websites and content portals. ‘Content’ servers in a CDN fetch content from a customer's ‘Origin’ servers and distribute it globally to the CDN edge servers across the globe within milliseconds over a dedicated high-speed network. These CDN edge servers are then accessed by end users through client applications. While CDN servers provide fast access and localized content to end users, it is also vulnerable to malware and security threats due to a compromised origin server. A compromised CDN node can potentially infect other servers and nodes in the network, which can infect millions of users worldwide.
CDNs are susceptible to following attack vectors: (1) compromised origin servers can push malware to CDN content servers. While common viruses and malware may be detected using legacy signature-based threat detection engines, nowadays sophisticated attacks can only be detected and blocked by an inline advanced threat protection and sandboxing technologies capable of detecting and blocking threats based on behavior. This would result in users going to a legitimate, high-reputation websites to be infected with malicious content. (2) Origin servers may leak proprietary and confidential content to CDN by oversight. (3) Origin servers may become a target for Denial of Service (DoS) attack. This stops the CDN from being able to fetch the updated content causing the website not to be updated and serving stale content. (4) Compromised origin servers would be blacklisted by service providers and would lead to a bad reputation for CDN, causing adverse impact to CDN's reputation and business.
When CDN networks poll their customer's Origin servers, it is not possible for them today to scan content for malware or data leakage due to high traffic volume, which has led to many security incidents in the recent past. As more and more content portals rely on CDNs for content delivery, eventually end users are exposed to potential malware threats from a compromised origin server. Also, there may be circumstances that due to human error or misconfiguration, a customer's IP (Intellectual Property) may be leaked through the CDN. This could be lead to legal liability as well as security exposure for the CDN network. An example is the recent phone hacking scandal and subsequent distributed of the photos.
Thus, there is a need for protecting CDNs from malware and data leakage.