Verizon Enterprise Solutions, previously known as EdgeCast Networks, entered the cloud security space with their own WAF product in 2014. The CDN has offered network layer DDoS protection to its customers at no additional cost since its outset, however, the web application firewall supplemented this with an additional layer 7 protection to their DEFEND security offering.
The Verizon WAF is built with the Modsecurity OWASP and Trustwave rule sets. These are widely used and considered to be industry standard. It means customers have a large number of existing security rules to make selections from, plus access to an IP reputation database and various additional advanced features.
Verizon’s DDoS service is known as DDoS Shield. It is built upon the larger infrastructure of Verizon Digital Media Services, which allows for combination of its locally deployed mitigation appliances with a cloud-based mitigation service. If the attack is too large to be managed by the local servers, it can be moved to the cloud-based service, meaning Verizon can handle high-volume attacks. This also means that traffic is continuously scanned on its worldwide IP network for irregular patterns.
DDoS Shield protects the client’s IP address space regardless of the Internet service provider, even if a variety of service providers and carriers are used. This allows Verizon clients to maintain routing control and activate the Verizon DDoS mitigation service when needed.
DDoS Shield offers HTTP rate limiting, protecting websites from HTTP flood attacks with granular HTTP rate limiting, giving its clients detailed control and visibility over the traffic visiting its site. Its origin protection services defend the client’s origin even if other layers of security are contaminated, meaning that site data is secure.
The Verizon WAF is designed to compete with Akamai, but customers can configure and manage the Verizon WAF on their own without requiring the assistance of professional services. New rules can be run out to the network in as little as five minutes. A customer service online portal is available, allowing clients to monitor traffic and attack reports.
Nonetheless, it can be somewhat difficult to setup in comparison to CloudFlare for instance, and it is more expensive than some of the other DDoS protection services out there.
Integration is also available with Microsoft Azure for Standard Verizon or Premium Verizon, both of which add CDN services along with DDoS protection.
In terms of regular users, there are three levels of Technical Account Management (TAM) to choose from, and enterprise support can be added to any TAM package.