About
Articles by Andy
Activity
-
Cybersecurity improves significantly when there's a thriving community of hackers and security researchers. We're excited to launch our public bug…
Cybersecurity improves significantly when there's a thriving community of hackers and security researchers. We're excited to launch our public bug…
Liked by Andy Ellis
-
Thank you to Fortune for including me in this timely discussion on #outage management. It was great to share some of the tactics we use at Akamai…
Thank you to Fortune for including me in this timely discussion on #outage management. It was great to share some of the tactics we use at Akamai…
Liked by Andy Ellis
-
Today, Mimecast proudly announced the acquisition of Code42 (acquired by Mimecast), an industry leader in insider threat and data loss prevention! On…
Today, Mimecast proudly announced the acquisition of Code42 (acquired by Mimecast), an industry leader in insider threat and data loss prevention! On…
Liked by Andy Ellis
Experience & Education
Patents
-
Traffic on-boarding for acceleration through out-of-band security authenticators
Issued US 9819582
A traffic on-boarding method is operative at an acceleration server of an overlay network. It begins at the acceleration server when that server receives an assertion generated by an identity provider (IdP), the IdP having generated the assertion upon receiving an authentication request from a service provider (SP), the SP having generated the authentication request upon receiving from a client a request for a protected resource. The acceleration server receives the assertion and forwards it to…
A traffic on-boarding method is operative at an acceleration server of an overlay network. It begins at the acceleration server when that server receives an assertion generated by an identity provider (IdP), the IdP having generated the assertion upon receiving an authentication request from a service provider (SP), the SP having generated the authentication request upon receiving from a client a request for a protected resource. The acceleration server receives the assertion and forwards it to the SP, which verifies the assertion and returns to the acceleration server a token, together with the protected resource. The acceleration server then returns a response to the requesting client that includes a version of the protected resource that points back to the acceleration server and not the SP. When the acceleration server then receives an additional request from the client, the acceleration server interacts with the service provider using an overlay network optimization.
Other inventorsSee patent -
Protecting Websites and Website Users By Obscuring URLs
Issued US US20120124372A1
Websites and website users are subject to an increasing array of online threats and attacks. Disclosed herein are, among other things, approaches for protecting websites and website users from online threats. For example, a content server, such as a proxying content delivery network (CDN) server that is delivering content on behalf of an origin server, can modify URLs as they pass through the content server to obscured values that are given to the end-user client browser. The end-user browser…
Websites and website users are subject to an increasing array of online threats and attacks. Disclosed herein are, among other things, approaches for protecting websites and website users from online threats. For example, a content server, such as a proxying content delivery network (CDN) server that is delivering content on behalf of an origin server, can modify URLs as they pass through the content server to obscured values that are given to the end-user client browser. The end-user browser can use the obscured URL to obtain content from the content server, but the URL may be valid only for a limited time, and may be invalid for obtaining content from the origin. Hence, information is hidden from the client, making attacks against the website more difficult and frustrating client-end malware that leverages knowledge of browsed URLs.
-
Method and system for protecting web sites from public internet threats
Issued US US7260639B2
The present invention addresses the known vulnerabilities of Web site infrastructure by making an origin server substantially inaccessible via Internet Protocol traffic. In particular, according to a preferred embodiment, the origin server is “shielded” from the publicly-routable IP address space. Preferably, only given machines (acting as clients) can access the origin server, and then only under restricted, secure circumstances. In a preferred embodiment, these clients are the servers located…
The present invention addresses the known vulnerabilities of Web site infrastructure by making an origin server substantially inaccessible via Internet Protocol traffic. In particular, according to a preferred embodiment, the origin server is “shielded” from the publicly-routable IP address space. Preferably, only given machines (acting as clients) can access the origin server, and then only under restricted, secure circumstances. In a preferred embodiment, these clients are the servers located in a “parent” region of a content delivery network (CDN) tiered distribution hierarchy. The invention implements an origin server shield that protects a site against security breaches and the high cost of Web site downtime by ensuring that the only traffic sent to an enterprise's origin infrastructure preferably originates from CDN servers. The inventive “shielding” technique protects a site's Web servers (as well as backend infrastructure, such as application servers, databases, and mail servers) from unauthorized intrusion—improving site uptime and in the process, customer loyalty.
-
Method and system for secure content delivery
Filed US US20040093419 A1
A method of and system for secure content delivery. The method is carried out by a content delivery network service provider (CDNSP), which operates a secure CDN. The secure CDN may be a dedicated network or a subset of a larger distributed network that is managed by the service provider. A Web site obtains secure content delivery, preferably as a managed service, by aliasing the site (or given domains) to the CDN. Edge servers are selectively authenticated into the secure CDN before they can…
A method of and system for secure content delivery. The method is carried out by a content delivery network service provider (CDNSP), which operates a secure CDN. The secure CDN may be a dedicated network or a subset of a larger distributed network that is managed by the service provider. A Web site obtains secure content delivery, preferably as a managed service, by aliasing the site (or given domains) to the CDN. Edge servers are selectively authenticated into the secure CDN before they can be used to deliver secure content, and the CDN service provider serves SSL pages over a secure connection on the site's behalf, preferably using an SSL certificate provided by the site. A copy of the customer's SSL certificate resides on the secure edge servers to allow them to serve SSL content on the customer's behalf. A key agent running on the edge server, however, ensures that the copy of the certificate only resides in memory and not on disk. Further, a server that cannot be fully monitored by the CDN service provider removes the certificate from its memory and no longer serves the SSL traffic.
Other inventorsSee patent
Honors & Awards
-
Podcast of the Year
SANS
Cloud Security Reinvented was selected as Podcast of the Year at the 2022 SANS Difference Maker Awards.
-
CSO Hall of Fame Inductee
CSO Magazine
The CSO Hall of Fame is bestowed upon the individuals whose work has advanced the CSO/CISO role, secured business, and inspired others in the industry.
Recommendations received
2 people have recommended Andy
Join now to viewMore activity by Andy
-
What an amazing Day 1 at the Code42 (acquired by Mimecast) offices in beautiful Minneapolis! Thank you Joe Payne for building a great company and…
What an amazing Day 1 at the Code42 (acquired by Mimecast) offices in beautiful Minneapolis! Thank you Joe Payne for building a great company and…
Liked by Andy Ellis
-
There are a lot of security and safety issues in our enterprises. The state of application security is basically a disaster. Shared responsibility…
There are a lot of security and safety issues in our enterprises. The state of application security is basically a disaster. Shared responsibility…
Shared by Andy Ellis
-
When I first started my journey as an entrepreneur, I was determined to find problems that #AI could uniquely solve. I settled on two types of…
When I first started my journey as an entrepreneur, I was determined to find problems that #AI could uniquely solve. I settled on two types of…
Liked by Andy Ellis
-
YL Ventures’ Sara Behar and Or Salom just released our 10th CISO Circuit Report: CISO Reporting Landscape 2024! Based on interviews with members of…
YL Ventures’ Sara Behar and Or Salom just released our 10th CISO Circuit Report: CISO Reporting Landscape 2024! Based on interviews with members of…
Liked by Andy Ellis
Other similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Andy Ellis in United States
-
Andy Ellis
-
Andy Ellis
-
Andy Ellis
Business Intelligence | Strategy | Coaching
-
Andy Ellis
President at Phil Ellis Associates, Inc.
517 others named Andy Ellis in United States are on LinkedIn
See others named Andy Ellis