99.99% uptime guaranteed thanks to Fastly's Next-Gen WAF and network services

amazee.io's customers count on its ZeroOps platform to work seamlessly, keeping infrastructure out of sight and out of mind. The company relies on Fastly's CDN and Next-Gen WAF in the same way. "With Fastly, everything just works," says amazee.io Technical Account Manager Sean Hamlin. "We just don't have to think about it."

amazee.io has been a Fastly CDN customer since 2019, and as their customer base expanded, so did their need for other Fastly solutions, like Platform TLS for certificate management and Enterprise Support. The Next-Gen WAF was a natural next step for the ZeroOps platform, especially as more and more high-profile customers used Lagoon for business-critical applications with stringent security demands.

Next-Gen WAF minimizes false positives without constant tuning

"The concept of the Fastly Next-Gen WAF is groundbreaking," Hamlin said. Before implementing the Next-Gen WAF, false positives and alert fatigue were frequent sources of irritation. Other WAFs tend to leave users with untenable options: block every incoming request that matches a regex rule—which ends up blocking plenty of legitimate traffic, turn off entire WAF rules and increase the security risk, or expend lots of resources tuning and re-tuning the WAF.

By contrast, Hamlin reports even though the Fastly Next-Gen WAF does require tuning, it has all the building blocks needed to do this, in the UI. What he likes best is that rather than relying on regex, the next-gen WAF’s SmartParse technology, developed by Signal Sciences, takes a contextual approach to determine how signals are attached to traffic, and it is up to you to decide what to do with that information. That's especially important for amazee.io, given the transient nature of IPs. Bad behavior gets blocked automatically, but if an IP starts behaving normally again it regains regular access to a given website. Because amazee.io supports government websites, blocking legitimate traffic can lead to serious headaches. "With Fastly, that's managed before I even see it." Hamlin said. 

Low-maintenance web application security technology creates big customer wins

One of amazee.io's major customers has an active bug bounty to encourage developers and ethical hackers to find and report vulnerabilities. As a result, people scan the site every second of the day. Before using the Fastly Next-Gen WAF, the platform had to upsize that customer's database cluster dramatically just to deal with the load from security researchers. Since deploying the Next-Gen WAF, up to 80 percent of traffic is blocked before the application sees it, which enables amazee.io to reduce infrastructure costs and pass on cost savings for their customers. 

Fastly’s CDN and Next-Gen WAF have become a selling point for amazee.io's platform by adding value for its users in multiple ways. For some of its customers, compliance is a primary concern, especially in the case of government agencies. For others, downtime—especially the reputational risk and loss of revenue—is a major threat. "For some customers, we're actually saving their lives on a daily basis," Hamlin said. "We have a broad range of use cases."

Fastly's Next-Gen WAF and CDN are essential, enabling amazee.io to offer some of its biggest clients 99.99% uptime. At less than 5 minutes of unscheduled downtime per month, it's a very aggressive SLA. "We can offer that because of Fastly. We couldn't do it otherwise," Hamlin said. 

Self-service tools keep amazee.io in charge

When it comes to its own infrastructure, the team needs the flexibility to make changes without much ado. For example, amazee.io wanted to permit their customers to purge a single domain from a service—not the whole service, just one domain and every asset under that service. The team capitalized on Fastly's Surrogate Key Purge, adding them for every site on their platform in a VCL fetch hook and rolling out the feature globally. "We can solve problems specific to our needs without using our time and resources getting a professional services team involved," Hamlin said. "That makes us more agile, and our solutions are tailored to our customers’ needs."

amazee.io also takes advantage of Fastly Fiddle, a testing sandbox that allows the team to try out a proposed solution before actually putting it into production. "Pushing that button to implement a change can be quite scary," Hamlin said, "especially when you have 1,000 requests a second hitting a site. The Fiddle has been great for testing out weird and wonderful things and getting the assurance that they will play nicely."

Fastly Enterprise Support beats ticketing systems hands down

Self-service doesn't mean going it alone, however. Enterprise-level support makes it easy for amazee.io to get help when the team needs it.  Rather than submitting a ticket and waiting for triage, the amazee.io team can reach out in a dedicated Slack channel and get an answer "lickety-split," according to Hamlin. Just as important, if an issue needs to be escalated, Fastly is on it.

A fast, expert response was crucial when one of amazee.io's government sites experienced a subdomain takeover issue. "Fastly treated this problem extremely seriously and acted very quickly to put a solution in place," Hamlin said. "When we need Fastly to step up, they are right there, and we can pass that confidence on to our customers."