Content delivery network protection from malware and data leakage

What is claimed is: 1. A Content Delivery Network (CDN) protection method-comprising: in a cloud node in a distributed security system with a plurality of cloud nodes, receiving traffic between one or more origin servers and the CDN based on one or more of a push technique and a pull technique, wherein the CDN comprises one or more edge servers communicatively coupled to end users and one or more cache servers communicatively coupled to the one or more origin servers through the distributed security system, wherein the distributed security system is located external from each of the one or more origin servers and the CDN, and wherein the distributed security system is overlaid and incorporated in the CDN such that the traffic is restricted from the CDN to the one or more origin servers only via the distributed security system, wherein the origin server is configured to only accept traffic from the plurality of cloud nodes, to mitigate Distributed Denial of Service (DDoS) attacks on the origin server; monitoring the traffic based on policy; receiving an update to the policy comprising any of threat updates, new signatures, filters, and blacklists and instantly updating the monitoring based thereon, wherein the update is based on activity at another cloud node of the plurality of cloud nodes; detecting one or more of malware and data leakage in the traffic based on the policy; and blocking the traffic in the cloud node responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN. 2. The CDN method of claim 1 , wherein the cloud node is deployed at a perimeter of the CDN in a dedicated configuration, wherein the dedicated configuration comprises the cloud node solely receiving the traffic between the one or more origin servers and the CDN and participating in updates based on monitoring of other users in the distributed security system. 3. The CDN method of claim 1 , wherein the cloud node is deployed proximal to one of the one or more origin servers and the CDN in a public configuration, wherein the public configuration comprises the cloud node receiving the traffic between the one or more origin servers and the CDN as well as for other users and participating in updates based on monitoring of the other users in the distributed security system. 4. The CDN method of claim 1 , wherein the cloud node is deployed proximal to one of the one or more origin servers and the CDN in a hybrid configuration, wherein the hybrid configuration comprises the cloud node solely receiving the traffic between the one or more origin servers and the CDN as well as for other users and participating in updates based on monitoring of the other users in the distributed security system and a fallback configuration where the distributed security system takes over the receiving, the monitoring, the detecting, and the blocking responsive to a failure of the cloud node. 5. The CDN method of claim 1 , wherein the receiving is via one of generic routing encapsulation (GRE) and a virtual private network (VPN) between the CDN and the distributed security system. 6. The CDN method of claim 1 , wherein the origin server is configured to provide the traffic to the CDN via one or more of a push technique and a pull technique. 7. The CDN method of claim 1 , wherein the data leakage is detected by providing the cloud node associated data to monitor, wherein the associated data comprises any of source code, customer account names, and content files. 8. The CDN method of claim 1 , wherein the malware is detected using zero-day/zero-hour detection via sandboxing through the distributed security system. 9. A node in a cloud-based security system configured to protect a Content Delivery Network (CDN), comprising: a network interface, a data store, and a processor communicatively coupled to one another; and memory storing computer executable instructions, and in response to execution by the processor, the computer-executable instructions cause the processor to receive traffic between one or more origin servers and the CDN based on one or more of a push technique and a pull technique, wherein the cloud-based security system includes a plurality of cloud nodes including the node and is located external from each of the one or more origin servers and the CDN, and wherein the cloud-based security system is overlaid and incorporated in the CDN such that traffic is restricted from the CDN to the one or more origin servers only via the distributed security system, wherein the origin server is configured to only accept traffic from the plurality of nodes, to mitigate Distributed Denial of Service (DDoS) attacks on the origin server; monitor the traffic based on policy; receive an update to the policy comprising any of threat updates, new signatures, filters, and blacklists and instantly updating the monitor based thereon, wherein the update is based on activity at another cloud node of the plurality of cloud nodes; detect one or more of malware and data leakage in the traffic based on the policy; and block the traffic in the node responsive to the detecting the one or more of the malware and the data leakage in the traffic, prior to the traffic entering the CDN, wherein the CDN comprises one or more edge servers communicatively coupled to end users and one or more cache servers communicatively coupled to the one or more origin servers through the distributed security system. 10. The node of claim 9 , wherein the node is deployed at a perimeter of the CDN in a dedicated configuration, wherein the dedicated configuration comprises the node solely receiving the traffic between the one or more origin servers and the CDN and participating in updates based on monitoring of other users in the distributed security system. 11. The node of claim 9 , wherein the node is deployed proximal to one of the one or more origin servers and the CDN in a public configuration, wherein the public configuration comprises the node receiving the traffic between the one or more origin servers and the CDN as well as for other users and participating in updates based on monitoring of the other users in the distributed security system. 12. The node of claim 9 , wherein the node is deployed proximal to one of the one or more origin servers and the CDN in a hybrid configuration, wherein the hybrid configuration comprises the node solely receiving the traffic between the one or more origin servers and the CDN as well as for other users and participating in updates based on monitoring of the other users in the distributed security system and a fallback configuration where the distributed security system takes over responsive to a failure of the node. 13. The node of claim 9 , wherein node is communicatively coupled to the CDN via one of generic routing encapsulation (GRE) and a virtual private network (VPN). 14. The node of claim 9 , wherein the origin server is configured to provide the traffic to the CDN via one or more of a push technique and a pull technique. 15. The node of claim 9 , wherein the data leakage is detected by providing the node associated data to monitor, wherein the associated data comprises any of source code, customer account names, and content files. 16. The node of claim 9 , wherein the malware is detected using zero-day/zero-hour detection via sandboxing through the distributed security system. 17. A Content Delivery Network (CDN), the CDN comprising: one or more edge servers communicatively coupled to end users; and one or more cache servers communicatively coupled to