Announcing Fastly Security Labs: be the first to try new next-gen WAF features

Offensive and defensive security capabilities are evolving every day. At Fastly, we’re continuously working to improve our next-gen WAF and empower our customers to strengthen their security posture. We believe it’s important to bring our many security innovations to our customers faster, and to incorporate their feedback into our development process as early as possible. Today, we’re happy to announce the launch of Fastly Security Labs, a new program that empowers customers to continuously innovate by being the first to test new detection and security features — ultimately shaping the future of security.

How it works

Fastly Security Labs provides you an open line of communication directly to the Security Product team and bolsters our feedback loops for the Fastly Next-Gen WAF (powered by Signal Sciences), helping us create stronger products. We’ll use the program to test a wide range of features from new Signals and Templated Rules to new inspection protocols. 

Historically, we’ve been no stranger to including customers in our development process. Several of you reading this may have participated in one of our recent betas around the Fastly Next-Gen WAF Edge Deployment, Custom Response Codes, and GraphQL Inspection. Fastly Security Labs brings more structure to the release of our beta features and also provides you with new toggles within your management console that allow you to opt in or out of individual features.

Customers who are opted in to the program and visit their “Corp Settings” page will find a new section at the bottom with a toggle to enable or disable Labs features:

Fastly Security Labs Corp Settings page

With the launch of the program, we’re also introducing two new features for those participating in the Fastly Security Labs program to test:

  • A Changelog for our Signals and Templated Rules

  • A new attack signal (Log4J JNDI)

Changelog


While we’ve had release notes for quite some time for our agents and modules, we didn’t have one available for our Signals and Templated Rules. This is an important feature to expose so you can easily review the new features we’ve added. 

Log4J JNDI


The Log4J JNDI RCE vulnerability, commonly referred to as Log4Shell, was discovered in December 2021. In response, we immediately deployed a virtual patch to protect our customers and actively tracked exploitation attempts and variant payloads. Meanwhile, our engineers were hard at work leveraging the SmartParse capabilities within the Fastly Next-Gen WAF: we developed a new attack signal for detecting the Log4Shell vulnerability with a lower false-positive rate. This new attack signal also simplifies deployment as it won’t need to be enabled on a site-by-site basis.

Want to join?

We’re very excited about the launch of Fastly Security Labs as it provides a structured process for allowing you to get your hands on cutting-edge detection and security technologies while simultaneously improving your security posture. If you’re interested in participating in Fastly Security Labs, reach out to your account manager or sales@fastly.com to learn more.

Daniel Corbett
Senior Product Manager
Published
Want to continue the conversation?
Schedule time with an expert
Share this post
Daniel Corbett
Senior Product Manager

Daniel Corbett is a Senior Product Manager on the Security Product team, where he works on the Signals and Rules that power Fastly's Next-Gen WAF. He has over 15 years of security practitioner experience and has previously worked at a high-traffic managed hosting provider where he was architecting and building secure infrastructure, mitigating threats and attacks of varying degrees, and performing incident response. Daniel is a passionate teacher and mentor who enjoys helping others. When he's not working you can find him spending time with his family, working on home improvement projects, or trying to duplicate meals from his favorite restaurants.