The NOC Architecture
At the core of what helps differentiate the NOC platform from the rest of the market is our architecture. While there may be multiple CDN providers, few leverage our design and even fewer provide a complete proprietary stack that doesn't use third-parties services. Yes, this means we own and build every piece of the stack ourselves.
Our CDN/WAF stack is built on an Anycast Authoritative DNS (AuthDNS) network. In our previous lives, the CDN/WAF was built on an Anycast network. There are very stark differences and benefits in this approach, and those get transferred to our customers.
In a traditional Anycast configuration, a CDN is the whole of the network. This means you immediately get the whole network, whether you need it or not. In a design that leverages an Anycast AuthDNS we are able to choose the whole or a subset of the whole. This is what that means:
You get the global CDN, no choice.
Choose if you want a global CDN, or a localized CDN focused on a region (e.g., Europe, US, etc..)
Another key benefit of this design is the ability to ensure business continuity and resiliency for our users of the platform. By using AuthDNS we are able to account for single points of failures, allowing us to respond accordingly in the even of system failures anywhere in the stack (i.e., self-identification and self-healing technologies).
As illustrated above, our new design leverages the AuthDNS layer for all routing. This layer includes optimized performance by leveraging smart routing options. This layer is also able to handle L3/4 DNS attacks more efficiently before hitting the CDN itself.
The AuthDNS is then paired with a local instance of the CDN/WAF that corresponds with the location. Additionally, using our performance monitoring technology, the AuthDNS is able to dynamically switch between other CDN/WAF nodes in the event of any availability issues in the stack.
The NOC Stack
In addition to the architecture we're employing, what really helps set NOC apart from the industry is how the whole stack works together. It was designed to optimize for what today's attacks against the Network (L3/4) and Application (L7). This means that unlike a lot of CDN providers, it was critical that security was at it's foundation.
Volumetric attacks against L3/4/7 are now handled between the CDN and AuthDNS, while exploit attempts and hardening is handled by the Web Application Firewall (WAF). All this happens in the NOC platform, and never hits your origin environment. This means that your organizations enjoys utilizations cost savings, but also benefits from reduced security risks.
The illustration above highlights how the three technologies (i.e., AuthDNS, CDN, WAF) work to provide your organization the best in speed, performance and security.
Web Application Firewall (WAF)
The WAF is doing the heavy lifting as it pertains to the application, and uses a proprietary approach to identifying exploit attempts. This means your organization can take the time it needs to evaluate updates and push them at a pace that conforms with your existing protocols with little concern of exploitation. This is critical for organization worried about conflicts, or that work in a critical environment that can't afford downtime do to updates.
Content Delivery Network (CDN)
The CDN is responsible for the content caching and distribution, it's also the layer that is responsible for mitigating DDOS attacks against your application. It's what keeps your website performant and ensures your customers have an enjoyable online experience.
Authoritative DNS (AuthDNS)
The AuthDNS is busy ensuring that incoming requests are optimized and routed appropriately, it's also busy working to mitigate DNS based DDOS attacks.