Most Loved Security Company Chooses Most Trusted Web Defense

The challenge

Duo was seeking application security visibility for its leading authentication platform and websites that didn’t introduce additional security or operational risk.

Duo customers trust its platform to support the scale and frequency of billions of authentication requests across the globe every week. Duo’s security team needed to see and secure this traffic without negatively impacting user experience or introducing additional security risks. Prior experience with hardware and cloud WAFs that introduced single points of failure and had difficulties wedging into the path of traffic was the reason the team considered an alternative approach.

The solution

Duo chose Fastly for our ability to provide immediate security visibility and blocking with an architecture that operations teams were confident would scale without impacting performance.

Our pragmatic approach appealed to all stakeholders
Duo knew that Fastly’s approach was based on our previous experience running engineering and security at one of the Alexa top-100 ranked sites. Across engineering, operations, and security, Duo proved out our ability to keep their site running fast, with accurate detections that could be deployed in blocking mode with enhanced visibility

Our secure architecture easily integrated into Duo’s environment
Duo was cautious in selecting a product that wouldn’t take a lot of resources to deploy, and one that wouldn’t itself become an attack surface. Duo confirmed that Fastly’s software wasn’t susceptible to additional attacks. Our patented module and agent architecture is guaranteed to fail-open, of which VP of Production Engineering Nick Soulliere said, “One -- it hasn’t failed, but two--if it were to, it, would fail gracefully, and that’s huge.”

Security doesn’t have to compromise user experience
The security team found that real security--not just a product deployed in logging mode--is possible with the Next-Gen WAF, without negatively impacting performance of its customers. Duo’s team has experienced zero false positives while installed in production, which means legitimate customers can continue to authenticate while the malicious actors are stopped short.