Nine Strengthens and Streamlines Security with Fastly’s Managed Security Service

Nine, Australia’s largest locally-owned media company, is home to Australia’s most trusted and loved brands in news, business and finance, lifestyle, entertainment, and sport. Nine’s investments include the 9Network television channel, major publications such as The Sydney Morning Herald, digital properties such as nine.com.au, subscription video platform Stan, and several radio stations.

The challenge

As Nine prepared to grow their web application security footprint, their platform engineering team realized they needed to consolidate on a single partner to help manage the security of their web applications. The partner would proactively deliver threat detection and response for Nine web applications as well as collaborative security expertise when needed. The right managed security service would also reduce the overhead of multiple service vendors and streamline tools and management with Nine’s infrastructure-as-code approach. With a managed service to monitor for and proactively mitigate attacks, the Nine engineering team would have more time to focus on products and services to build the company’s brands.

The solution

Nine chose the Fastly Next-Gen WAF and Managed Security Service for the security expertise, scalability, technology fit, and value.

Security expertise

Rather than Nine having to train their engineers as web application firewall (WAF) experts, they knew it would be more beneficial to use Fastly’s Managed Security Service and let Fastly’s experts proactively manage the Next-Gen WAF. “Nine welcomed the opportunity to allow Fastly to come in and make changes on our behalf,” said Lee Webb, senior engineering manager at Nine.

“My principal engineers are impressed by the security experts that we've been given from Fastly — there’s a high level of respect. It helps build trust when you've got folks who are just as talented as you are.”

Nine’s own SOC found great value in the threat-hunting reports that are a part of the Managed Security Service. “Fastly provided tuning recommendations as well as actionable threat intelligence and recommendations with concrete steps we could use to mitigate. It was on the strength of that we went down the path of implementing the Fastly Managed Security Service for all our public sites,” said Webb.

By onboarding all of Nine’s public-facing sites to Fastly’s Managed Security Service, Nine removes complexity and duplication from its environment, including fewer toolsets. “There’s a lot of time saved,” said Webb.

Trusted partner

Nine engaged with Fastly in 2017 to re-platform legacy systems to a microservices approach. At that time, the company took on Fastly as a Content Delivery Network (CDN) provider. Over the years, Fastly proved to be easy to work with and capable. During a beta program, the Fastly Managed Security Service team proved its ability to proactively protect web apps from cyber threats and provide expert cybersecurity collaboration.

When Nine used the Managed Security Service during some of its biggest sporting events, such as the Australian Open tennis tournament, Fastly’s Customer Security Operations Center (CSOC), which provides 24/7 monitoring and response for the Managed Security Service, proved to be a proactive and service-oriented partner. “We were very happy with the security service Fastly provided,” said Lee.

“Our relationship with Fastly is trusted but verified,” said Webb. “We trust that Fastly can get the job done because they’ve proven it as our relationship has grown.”

Reduced toil

“Fastly enabled our teams to not focus as much on that toil aspect, on that day-to-day monitoring. It's enabled us to focus on the implementation side and how our services might be delivered from a technology perspective and focus on the user experience,” said Andre Lackmann.

A related benefit that Nine has seen is the substantial reduction of alert spam going to their security operations center (SOC). Not only does the Fastly Next-Gen WAF feature far greater accuracy and virtually no false positives, but with Fastly’s CSOC monitoring the WAF, only escalated alerts come through. The team appreciates the use of Slack as the primary notification channel with guidelines for when SMS and phone calls are warranted.

Natural technology fit

Fastly’s edge cloud platform, including its CDN, security products, and managed services fit well into Nine’s infrastructure-as-code approach to software delivery. Fastly slots in easily, rather than Nine having to accommodate a different approach from another vendor. “The technology fit is amazing,” said Webb.

Nine engineers look after their applications all the way to the edge and can do that with Fastly security tools such as Next-Gen WAF, as Fastly empowers Nine to maintain control over their technology stack while seamlessly integrating advanced security measures. “Other managed security vendors didn't allow for that,” said Webb.

Focus on the next three Summer Olympics

Looking forward, as the threat landscape evolves, Nine values the peace of mind that Fastly’s Managed Security Service gives them. “There’s professional security assistance that stays on top of emerging threats, monitors continuously, and helps us respond. And that becomes really important as Nine takes on the rights for the Summer Olympics,” said Andre Lackmann, technology director at Nine. “We're no stranger to larger events but there isn't any event larger than the Olympics. It’s a massive undertaking from a technology point of view, including security. So, we're looking forward to working with Fastly as we deliver a high-quality user experience for our Australian viewers and readers.”