Tailoring Automated DDoS Protection

Principal Product Manager

Senior Product Marketing Manager, Security

Fastly DDoS Protection Precise Defense Update
DDoS attacks are an unfortunate reality for any public application or API, and 2025 has been no exception. Examining the DDoS application landscape over the past year, attacks have steadily increased in volume (Image 1).
Attacks are more frequent, too. Fastly DDoS Protection observed nearly 2 attacks every minute on average in May. Add to this that the majority of attacks last less than a minute, making the need for an automatic solution clear.
Building on over a decade of expertise in combating volumetric attacks, we launched Fastly DDoS Protection last year: our latest adaptive and automated solution to mitigate application DDoS. Today, we’re excited to announce an update that allows teams to fine-tune their protection.
Meet the Precise Defense Update
While today’s threat landscape demands automated defenses, some large bursts of traffic appear to be attacks, but are completely intentional and must be allowed. For example, Platform and Security teams often need to send large volumes of requests through their applications and APIs for routine activities, such as load testing and penetration testing. Imagine that, as part of the internal testing process, a single IP address initiates a flood of traffic from Apache Benchmark for load testing purposes. Without context, it’s an attack; however, with context, you recognize it as an intended and mandatory step in the software development lifecycle (SDLC). To address this need, we’re thrilled to share that any rule created can now be easily disabled (or enabled) with just a click. A simple yet impactful feature addition, you can now modify any rule by moving it from its default state to blocking, logging, or off (Image 2).

Once a rule’s status is updated, Fastly DDoS Protection will consistently apply that action to all identical rules until the status is changed again. In doing so, you are given free rein to allow traffic floods you deem to be legitimate without losing automatic mitigation of what’s not.
The ability to turn off rules brings two additional benefits to Fastly DDoS Protection:
Teams new to Fastly DDoS Protection or those with a low risk tolerance can leave the service in logging mode, validate the efficacy of the rules, and then move them into blocking mode individually until they’re confident enough to transition into blocking mode for the entire service.
In the unlikely scenario of an inaccurate mitigation, you can quickly turn off the problematic rule, and it won’t reappear until you turn it back on.
The speed, complexity, and increasing volume of DDoS attacks necessitate an automatic solution, but it can’t come at the cost of impacting SDLC workflows. The Precise Defense update addresses this need and provides the flexibility you need to stay in blocking while adjusting your protection as needed. Create an account to see just how effective Fastly DDoS Protection is and receive up to 500,000 free requests.