Yes, of course we’re faster. But we’re also more secure.
One of the most common trade-offs facing organizations as they build out their tech stack and processes is whether to sacrifice speed and agility in favor of security, or sacrifice their security posture in favor of faster innovation and shipping of products. At first this conversation was exhausting because there was no good solution, but now it's exhausting to hear people talk about it because there IS a solution – and it’s Fastly. Here are the four keys to how Fastly customers achieve better application and API security while keeping their application developers fast, happy, and innovative:
When security is easy for DevOps, SecOps is easy for organizations
Smarter security solutions that eliminate toil
A secure by design network and platform
Caching the uncacheable boosts security as well as performance
If you want an even deeper dive, feel free to jump straight into our new AppSec Guide for Multi-Layer Security.
1. When security is easy for DevOps, SecOps is easy for organizations
Great platform engineering uses solutions that build security into your existing processes. This lets you improve security while also making your life easier and your teams faster. If your application developers automatically provision and maintain your WAF as an integrated step in their normal deployment workflow, then you’ve reduced complexity, removed bottlenecks, and vastly improved security compliance all at the same time. DevOps loves the easy provisioning and management Fastly offers via Terraform, our API, SDK, or the Fastly app. It makes provisioning our network services offerings easy, but it also means that WAF provisioning can be baked into an organization’s CI/CD pipelines.
Our Next-Gen WAF (NGWAF) can be deployed anywhere – on the edge, on-prem, in the cloud, hybrid cloud, multi-cloud, in containers, and across multi-CDN architectures. Deploy NGWAF with containers, service meshes, API gateways, reverse proxies, ARM environments, and AWS Lambda. You name it.
You can now deploy a single WAF (and a better WAF!), managed under a single dashboard, across every application and API in your organization that exists today or in the future. It’s a simpler, unified approach for an organization with the added benefit of consolidating vendors to the extent that customers often find that it pays for itself. Set your application developers free to innovate faster while staying secure.
2. Smarter security solutions that eliminate toil
Security tools that require constant vigilance aren’t very secure by definition. WAFs that rely on regex rules become burdensome to manage, especially in organizations with CI/CD workflows where an application may be updated multiple or dozens of times per day. Vigilance over rule sets, exclusions, and application changes inevitably result in a sacrifice somewhere in the equation. You’re either excluding too much and ruining your security coverage or limiting development to try to ensure that coverage.
Regex is a wonderful and powerful tool, but it works best when you already know what you’re looking for, not for security rules where attacks are constantly evolving. Fastly’s Next-Gen WAF (NGWAF) uses SmartParse instead of regex to eliminate a lot of maintenance overhead while increasing accuracy because it understands the syntax of attacks, and can tell the difference between a benign request that might trigger other WAFs, and a request that is an attack. It’s also less fragile in the context of applications that are frequently updated with CI/CD workflows. You can trust your coverage to be solid without worrying about a scramble every time an application changes.
SmartParse’s accuracy provides other benefits as well. We run collective IP threat intelligence like no one else can, and use the approximately 4.1 trillion* monthly average requests that our WAF inspects across 90,000+ apps and APIs to feed our Network Learning Exchange (NLX), a real-time exchange of malicious IP addresses, that is automatically pushed to all Fastly NGWAF customers for smarter threat detection and provides the option of preemptively blocking IPs tagged by NLX before a request even comes through. If you want to start working on security tasks that move your organization forward rather than just treading water, come to Fastly and use a WAF that finally works – talk to us today.
3. A secure by design network and platform
In addition to the protection we can provide at the application layer, when you move your traffic onto the Fastly network and serverless edge you get immediate security benefits just by being there. In a recent study** Forrester Consulting noted a few significant findings from a composite organization comprised of interviewees with with experience using Fastly CDN:
With Fastly CDN’s core capabilities, interviewees shared how their companies were able to reduce cyberattacks and malicious traffic with layered security features that would kick in automatically. The chief security officer at one e-commerce company discussed: “We turned Fastly on, and suddenly all the malicious stuff, all the basic application-level attacks that used to trigger our operations center and response on our side, were just automatically dealt with. [It’s] hard to quantify cost or value on that, but I can sleep better.”
Interviewees shared that their companies were able to decrease downtime on their websites based on Fastly’s capabilities to stop malicious activity and quickly react to traffic surges. The director of engineering in one travel and hospitality company shared: “Fastly, in multiple situations, blocked large swaths of traffic hitting us, which then in turn prevented us from going down because we couldn't have coped with that sort of scale-up. Those incidents could have lasted several hours where we were trying to scale back up for that traffic surge.”
Security incidents decreased for representatives’ companies as they spent less time troubleshooting customers issues. One company saw a 40% decrease in security incidents with the deployment of Fastly CDN.
And the benefits only compound as you move more logic onto our Compute@Edge serverless edge platform. We built Compute@Edge to be secure by design with per-request sandboxing, and make it incredibly simple for teams to build functionality like login discovery, password validation, and more, and then safely deploy them globally – even for teams like SecOps that often have less serverless deployment experience. Here’s where you can read more about modern application development on the edge.
4. Caching the uncacheable boosts security as much as performance
Fastly has long been the choice for organizations that want the absolute best performance, want the most configurability, and want to cache as much of their content as possible. But many people are still realizing that better performance through caching also translates to better security. This post about cache hit ratio as a Security Metric does a great deep-dive into how and why to think about your content cache as a security layer, and why organizations should all be prioritizing a move onto our network, which can cache more content, and more types of content, for longer. We now include more edge data capabilities on Compute@Edge, so that you can move more forms of logic, data stores, and processing to the edge to keep your origin smaller, simpler, and more protected.
If you look at our products one by one, they’re amazing. But if you look at what we can do for you when you put them together, we’re unbeatable. Let us prove it to you – get in touch today.
*Average requests calculated for the trailing six months as of June 30, 2023
**The Total Economic Impact™ Of Fastly Network Services, a commissioned study conducted by Forrester Consulting on behalf of Fastly, July 2023