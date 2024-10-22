Building a better application DDoS solution

Distributed Denial of Service (DDoS) attacks remain among the most prevalent and disruptive, despite being around for decades. From the MAFIABOY attacks in 2000 (800 Mbps), to the Mirai botnet in 2016 (1 Tbps) and, more recently, the massive 3.47 Tbps attack on Azure, there’s no question that DDoS remains a threat to even the largest services. DDoS attacks are not only increasing in size but in frequency and sophistication as well. Not only do attacks deny legitimate requests, but also slow down legitimate requests and increase operator costs. While the big attacks make headlines, the reality is that DDoS is a threat that every organization is actively fighting. Our apps and APIs have become some of our organization’s most valuable assets. They generate opportunities and directly contribute to revenue. However, Verizon’s DBIR notes the attack is “responsible for more than 50% of incidents analyzed this year”. It’s clear that we need to reassess the effectiveness of existing solutions.

DDoS impacts all types of infrastructure. For example, solutions focused on DNS, the network, and applications are available. Threats to application DDoS remain acute. For example, NETSCOUT identified a 43% increase in application-layer attacks compared to 1H 2023. DDoS remains a threat to all applications and APIs.

Fastly and others in the market have offered application DDoS solutions for over a decade. However, there are several areas where today’s solutions can be improved upon:

1. Identifying attacks automatically for customers of any size, especially smaller ones

2. Mitigating accurately without customer tuning

3. Enabling quickly and working immediately

Introducing Fastly DDoS Protection

We set out to build a better application DDoS solution. Today, we’re excited to announce the general availability of Fastly DDoS Protection .

Fastly DDoS Protection rapidly deploys and automatically protects against disruptive and distributed threats to maintain the performance and availability of your applications and APIs. From startups launching their first mobile app to the world’s largest e-commerce sites, every application and API on the internet is susceptible to DDoS attacks slowing their service, inflating cloud expenses, or, worse, taking them offline. With Fastly DDoS Protection, anyone can flip a switch and enable immediate protection. The solution leverages Fastly’s global edge capacity of 353 Tbps as of June 30, 2024, to absorb massive network layer attacks while using proprietary, adaptive techniques to automatically block malicious traffic before it impacts you.

Identifying attacks automatically for customers of any size

The security community notes when the latest vendor announces they’ve mitigated the largest DDoS attack on record, and while we agree that’s a feat worth publicizing, the reality for many organizations is that they’ll never experience an attack on that scale. Instead, you’ll face a barrage of smaller attacks that impact performance and availability but frequently aren’t detected or mitigated. Why? They weren’t big enough to register as an attack. Catching a massive spike in traffic is straightforward, but catching an attack at your scale requires a better approach.

Fastly DDoS Protection is built to flexibly scale to address DDoS for the biggest customers in the world, down to the smallest. Our detection is fed continuously by the baseline traffic on each of your services. This is especially important for organizations that have big discrepancies in traffic across their applications and APIs. Your main services may be heavily trafficked, whereas others see far less. However, both are accessible to attackers, and both need protection. Protection at your scale results in fewer false negatives (DDoS attacks let through) that impact your performance, availability, and operational costs as that traffic floods your cloud or other origin infrastructure.

Mitigating accurately without customer tuning

Organizations are quickly moving (or aspiring) towards a DevSecOps motion that brings platform engineering teams into tasks traditionally managed by security teams. DDoS attacks are counterproductive to platform engineering efforts focused on keeping a site scalable, stable, reliable, up and running.

DDoS attacks represent an attempted disruption of business and if the job of platform engineering is to keep the site up and running, this would fall squarely in their lap. This highlights the importance of a solution that requires no tuning or even security expertise. That benefit isn’t lost on security teams still owning DDoS mitigation. A solution that doesn’t require fine-tuning enables security teams to spend less time fighting DDoS attacks, but rather dedicate those resources to initiatives that require their expertise.

Fastly DDoS Protection is built on our proprietary and adaptive Attribute Unmasking technology. Originally developed to protect our platform, we’ve enhanced the core technology to automatically detect, identify, and mitigate DDoS attacks on your services. Attribute Unmasking is highly accurate and limits undesired impacts to legitimate traffic. Attribute Unmasking doesn’t rely solely on signatures or fingerprints like other tools. When unexpected volumetric traffic events arise, Fastly’s proprietary Attribute Unmasking validates their legitimacy and, if malicious, begins scanning a comprehensive list of characteristics to identify and confidently mitigate attacks.

Imagine you’re at the optometrist and they’re flipping through lenses getting your prescription. “Option 1 or 2, 1 or 3”. Over time, they add, and subtract lenses until they identify your unique prescription. Attribute Unmasking works using a similar concept. When attacks come in, Attribute Unmasking starts with one attribute that roughly matches the spike and continues to improve the match by adding and subtracting characteristics such as IP address, HTTP protocol, TLS properties, GeoIP, network egress/ingress routes, and more until it uncovers the unique identity of the attacks. Then, it blocks.

Mitigating accurately without manual, custom tuning means you’ll never waste resources fighting DDoS attacks. Surely, those resources can be better spent elsewhere. Fastly DDoS Protection nearly eliminates your ongoing product maintenance.

Deploying quickly and working immediately

DDoS attacks can occur suddenly and without warning. This can result in urgent situations where a solution must be procured and deployed quickly, particularly when revenue is threatened or impacted.

Fastly DDoS Protection deploys at the Fastly edge and automatically protects your apps and APIs from disruption. No matter your architecture, you can deploy Fastly’s DDoS Protection to gain speedy, scalable defenses. Deployment happens in seconds, and once your service is set up for traffic, protection is as simple as flipping a switch – click on, DDoS gone. Fastly DDoS Protection can begin protecting your apps and APIs immediately. Deploying quickly and working right away creates incredibly fast time-to-value (TTV) for your organization so you can keep your sites performant and available while making the most of your investment.

Every application and API needs DDoS protection