Home Blogs Layer0 Security: New WAF and Bot Detection Capabilities
Applications

Layer0 Security: New WAF and Bot Detection Capabilities

About The Author

Outline

When Limelight acquired Layer0 last year (now Edgio), we took a big step forward in our capabilities as a full-service edge services platform. With the closing of the acquisition, we re-launched Layer0 on the Limelight backbone in Q4 as our flagship AppCDN product for website and application delivery.

We knew that in having a cutting-edge AppCDN platform – that can deliver both monolithic and headless/Jamstack applications, we needed a strong security platform that our customers could deploy quickly and confidently. Previously we used EdgeJS logic to allow developers to deploy security features to help protect their applications. We’ve taken those capabilities a step further today.

Today, we’re excited to announce the launch of the Layer0 Security Platform. Layer0 customers can now sign up for the Layer0 Security Platform features integrating DDoS, WAF, and Bot management solutions for web applications. The Layer0 Security platform sits on the Layer0 by Limelight backbone and ensures that applications remain secure without sacrificing performance.

Why did we do it?

Being able to deliver a wide variety of highly performant traffic to every corner of the world is only part of what a customer demands from its CDN. Listening to your feedback, we understand that web and application security and your peace of mind is also top priority today, especially for enterprise sites.

Limelight has been a leader in delivering content for over two decades and now, with Layer0 Security, there is no need for your developers to manually integrate it into your edge logic. We’re taking the necessary steps to ensure our customers can quickly deploy security products and keep applications safe from various vulnerabilities and threats.

Tell me about the product!

Let’s start with one of the most important items we know our customers will ask about; everything within Layer0 Security is a fully PCI-DSS compliant solution and meets both GDPR and CCPA compliance standards.

We’ve deployed the Layer0 Security platform within our own network. This means Layer0 customers have a single pane of glass to control all of their services that sit within our highly performant Layer0 by Limelight backbone. We’ve long held onto the standard that DDoS protection should be a no-brainer for CDN customers. When you sign up with Layer0, our DDoS protections are automatically enabled and start protecting your account as soon as it is active.

Limelight’s high-bandwidth, globally distributed network is built to inspect and repel a wide variety of network layer DDoS attacks keeping your resources healthy and protected. We worry about the network, so you don’t have to. Going beyond DDoS, we needed the ability to deploy a Web Application Firewall (WAF) to keep traffic safe from more complex threats. To solve that, we created the Layer0 WAF and loaded it up with various managed rule groups that customers can deploy based on their application. The Layer0 WAF managed rule sets protect against attacks such as OWASP Top 10 vulnerabilities, Log4J threats, PHP object injection, SQL injections and other threats. You can enable these as broad rule groups or on a rule-by-rule basis to stop attackers.

The final leg of defense we’re releasing is a set of Bot Management rules that our customers can deploy within the Layer0 Security platform. These rules allow customers to detect and manage various bots that query their applications and consume valuable resources.

The managed bot rules capture the results of analyzing billions of requests to identify and block bad bots while allowing the good ones. Whether they are SEO, search engines, bad data centers, social media, or scraping bots – we give you the ability to flag those and stop them if the bot traffic is unwanted.

What’s next?‍

This is the first major security release for Layer0 this year but rest assured, it won’t be even close to our last. We’re investing heavily in security and have a 2022 roadmap full of enhancements and additional products we are working to deploy.

Keep an eye on the Edgio blog and newsletter for updates.