Looking for a description of the differences in origin protection capabilities between Akamai Site Shield & Akamai Prolexic Services.
That is a very broad question. I'll try and keep it short as I can. Here goes..
SiteShield: It's best to consider SS as an origin cloaking solution as opposed to an origin protection solution. It provides a means by which the customer origin/firewall can define an ACL to allow only known Akamai/SiteShield parent IPs to access their hosted application. Defining this ACL at the customer origin/firewall helps customers from dropping unknown/unwanted hits to the origin coming from non-Akamai IPs. However, the origin is still routable via the internet and an actor with knowledge of origin IP address(es) can still launch direct to origin hits and flood their uplinks. SiteShield is a symmetric solution; request flows from End User -> Edge -> SS parent -> Customer Origin and back Customer Origin -> SS parent -> Edge -> End User.
Prolexic Routed/Connect: I'd like to focus on these two products as they provide origin protection capabilities. With Routed/Connect's "always-on" option customer traffic is routed via BGP advertisements to PLX's scrubbing centers. From the scrubbing center traffic is encapsulated via GRE tunnels/MPLS to the customer origin's gateway router. The customer's origin at this point is non-routable via the internet; meaning even if an actor has knowledge of the customer's origin IP(s), there is no router on the internet that will route this traffic to customer origin directly. The actor is forced to go through the scrubbing centers where our awesome SOC will implement mitigation techniques to protect the customer origin. Both Routed/Connect are asymmetric solutions; request flows from End User -> PLX Scrubbing Center -> Customer Origin and back Customer Origin -> Internet -> End User.
What is the actual question? :O)
I use the following analogy to distinguish between SiteShield and Prolexic:
SiteShield is like a bouncer at the front of your favorite pub. Some people get in and some get turned away by the bouncer. This is usually based on a ruleset that the bouncer has (eg: underage people are not allowed in).
But what happens when a very large crowd of underaged kids come to the front door of the pub? Well, the bouncer turns them away as usual. But what if there are so many kids that regular patrons can't even get through the crowd to get to the bouncer let alone get into the pub? This is where Prolexic comes in.
Imagine if you had bouncers standing at all the street corners and intersections -- intersections that all patrons will pass before going to the pub. Imagine these bouncers doing their job and turning away kids at these intersections before they become a crowd at the front door of the pub. This is the role of Prolexic.
Prolexic is the bouncer that gets involved and filters packets at the 'intersections' and 'streets' leading up to your ISP's gateway.
Retrieving data ...