Sitemaps
Experts

Chad Loder

Company founder, information security investor

Bio

Co-founder of Rapid7 ($900MM IPO exit).

Experience in executive leadership across engineering, product management, and operations roles spanning multiple countries and product lines. Multiple successful technology acquisitions, including the acquisition of Metasploit by Rapid7 in 2009.

Inventor / co-inventor of 4 foundational patents in computer security.

Recent Answers

Cloud Computing

What kind of setup with a load balancer and servers would be needed to accept a million emails from SparkPost using WebHooks?


Chad Loder

Company founder, information security investor

I'm assuming that you are sending mail through SparkPost and you're accepting email transmission events via webhook from SparkPost. The simplest way to implement and scale this would be to use Amazon's AWS API gateway connected to their AWS Lambda event-driven architecture. The architecture would look like: SparkPost -> AWS API gateway -> AWS lambda -> external services You can define webhook API's in the AWS API gateway very easily, with a GUI interface. The AWS lambda event driven code can be written in NodeJS (JavaScript). This will scale to arbitrary levels of events without requiring you to invest in a lot of infrastructure. See these examples: https://developers.exlibrisgroup.com/blog/Hosting-a-Webhook-Listener-in-AWS http://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html

Network Security

Which level of DoS protection is best to start off with for a startup building a social network from the ground up?


Chad Loder

Company founder, information security investor

For a startup, I'd suggest at a minimum you use a CDN like Fastly or Cloudflare in front of your application to prevent basic DDoS attacks. In addition, you'll need to pay particular attention to rate-limiting your login and registration APIs/forms so that you won't have bot attacks and brute-force attacks against your site. The CDN's usually don't provide rate-limiting so you may want to use something like Amazon AWS's functionality for this.

Network Security

Which CDN would you recommend for bot detection?


Chad Loder

Company founder, information security investor

Distil Networks is one of the leaders in this space. They have a good product, although it does add one more layer of complexity to your stack (especially if you already use a CDN). I'd suggest you look at Fastly's offering - they have partnered up with PerimeterX to provide Fastly CDN + Fastly WAF + PerimeterX bot detection all in one package.

Contact on Clarity

$

5.00

/min


Schedule a Call
Send Message

Stats

3

Answers

1

Calls

Areas of Expertise

StartupsInformation SecurityAdvisory BoardsNetwork SecurityRegulatory Compliance