TL; DR: StackPath, the much-heralded company helmed by SoftLayer Founder and CEO Lance Crosby, is now getting headlines for more than their massive $180 million initial investment. Barely two months after bursting onto the scene, StackPath launched the first component of their “built-on, not bolt-on” Security-as-a-Service platform. Featuring a global network of content servers, cloud-based DDoS mitigation tools, and a web application firewall, SecureCDN aims to give developers a holistic solution for securing their applications, infrastructure, and assets against threats. With a strong API, StackPath hopes to include developer input in future products to continually improve security and performance.
Nathan Moore, Principal Architect of MaxCDN, wasn’t sure what the future held. His employer had just been acquired by a new company that no one knew much about, and he joined his colleagues in a conference room waiting to learn more.
In walks Lance Crosby, the entrepreneur who sold SoftLayer to IBM for $2 billion. He explains the vision for his newest venture, an intelligent and comprehensive web services platform for security, speed, and scale. Along with the billionaire innovator, StackPath already had $180 million in funding and four major acquisitions:
- MaxCDN, a powerful content delivery network that speeds up websites and applications
- Fireblade, a web application firewall using a behavioral and data-driven approach to security
- Staminus, DDoS mitigation that protects points-of-presence and network architecture
- Cloak, a leading consumer VPN platform that provides encrypted access to the Internet
Nathan and his colleagues listened as Lance detailed how each team would fit into “the new ecosystem he’s putting together,” as Nathan described it.
“It was a very compelling vision,” he said. “It was very obvious that, yes, this has to happen. You could see, just sitting there, that if we do this, that, and the other thing, then we can put it all together and end up with something brand new.”
SecureCDN Debuts as StackPath’s First Service
StackPath’s initial product incorporates technology from several of their acquisitions. Launched in October 2016, SecureCDN includes a global network of content servers, a web application firewall, and cloud-based DDoS mitigation.
“We’re trying to compete on performance and trying to compete especially on security,” said Nathan, SecureCDN’s Principal Architect. “We’re trying to make sure we’re getting the right blend and the best optimization between the two. That’s the ultimate target as we’re rolling along.”
Optimized Global Network Empowers Developers to Deliver With Speed
StackPath leveraged MaxCDN’s resources to supply customers with a first-rate delivery network, reliable infrastructure, and 19 global points-of-presence, or PoPs.
StackPath’s regional edge servers replicate content files in multiple locations around the world to be closest to their customer’s end-users.
“We’re always looking at various technologies and methods of accelerating how we move content between our various PoPs to make sure we get out to the edge where the actual customer is,” Nathan said. “We have to guarantee that we are within milliseconds of our average customer so that we can deliver things incredibly quickly.”
While that’s all fairly standard for a top CDN, Nathan said StackPath’s solution benefits from a genuinely secure platform that punches out 100Gbps connectivity from high-performance switches and SSD servers.
“We can guarantee a very fast, yet secure connection between any one of our PoPs,” he said. “We’re able to push very large amounts of data in very short periods of time. That’s definitely something that we’re doing differently. In my opinion, it’s very much superior to a lot of what our competitors are going to be doing.”
Web Application Firewall Analyzes Behavior to Outwit Bots and Threats
StackPath calls their WAF the “only enterprise-grade web application firewall that was designed from scratch to outwit today’s real-world threats rather than yesterday’s theoretical problems.”
Built with behavioral and reputational algorithms, the WAF prevents bots from scanning or attacking vulnerable resources or areas commonly compromised, such as forms and login pages. By taking advantage of machine learning, StackPath’s platform will adapt to threats based on the data it gathers.
SecureCDN customers can create rules that block, challenge, or whitelist traffic based on a wide range of parameters.
“We’re doing the utmost to protect the customer’s origin as well as protect the edge,” Nathan said. “We want the content to be delivered globally, and we can do a very good job of that, but at the same time we cannot permit the CDN platform from being used as an attack vector against the customer’s origin.”
Cloud-Based DDoS Mitigation Protects Apps and Infrastructure
StackPath’s cloud-based DDoS protection is integrated directly into SecureCDN’s network architecture and defends against SYN and UDP floods, and volumetric attacks, among others.
With strategically located sinkholes, the network can neutralize the largest attacks. Because DDoS protection is installed in all of SecureCDN’s PoPs, customers won’t see geographic increase in latency.
The StackPath teams spent an incredible amount of time balancing ultimate security with speedy performance needs, according to Nathan, who pointed out the two attributes are often at odds; more security checks and logic adds time that conflicts with performance optimizations.
“You have to work very, very hard to get the blend right to make sure that you’re guaranteed a very high level of security and yet are incredibly performant,” he said.
StackPath Seeks Developer Feedback and Involvement with Rich API
StackPath’s innovative approach to security, speed, and scale is an attempt to change how developers approach building an application, Nathan said. Instead of stepping back and trusting StackPath to handle security and performance, a deep API empowers developers to blend the attributes and control dynamic versus static content.
“The fully fledged API allows the developer to define what is going on behind the scenes,” he said, adding that StackPath intends to heavily invest in expanding the API’s reach and functionalities — especially after gathering developer feedback.
“We have to make sure that we’re building out something that is very usable and is guaranteed to make the sort of changes the end-user wants to get done,” Nathan said. “It has to be done easily. It has to be intuitive. It has to be straightforward to work with.”
Next: DNS and Origin Storage That Improve Security and Performance
Nathan said StackPath teams are continually examining some of the “foundational technologies of the Internet” for new ways to optimize both performance and security.
“We absolutely anticipate a large customer demand for secure content delivery, but we also think there’s going to be a very big demand for our subsequent products,” Nathan said, adding that StackPath is “taking a very hard look” at DNS.
Also in the queue might be an origin storage solution. Many CDNs get content from external origins, like web hosts, before distributing the information across the world. StackPath’s solution would skip that first step.
“Instead of getting content on demand, we would actually have the end-user go ahead and push their content to us, which we then have to replicate out globally to the appropriate location to guarantee a very fast response,” Nathan said.
Teams Unite Their Technologies Under StackPath’s Mission
Since the fateful meeting in the conference room, Nathan has been impressed with how the separate teams from StackPath’s acquisitions have united under the company’s vision.
Usually when multiple companies come together, he said teams aren’t on the same page, they can’t move quickly, and companies have to adjust expectations.
“That wasn’t the case at all,” Nathan said. “We’ve been lucky. I have been so impressed with everyone here.”
He attributes that success to Lance’s vision for StackPath and the ability to articulate “how all the parts fit together to make the whole,” he said.
“There are a lot of new ideas and this overall acceptance that, yes, absolutely, security has to be a part of this. We can’t just depend on the same-old, same-old content delivery.”