Mitigating DDoS attacks faster and with even more accuracy

Announcing the Adaptive Threat Engine update for Fastly DDoS Protection

Building on over a decade of fighting the world’s biggest DDoS attacks, in October of last year, we launched our automated Fastly DDoS Protection product. Since then, some of the world's largest brands have adopted the solution, and we’ve made continuous improvements to enhance its efficacy along the way. Heading into the holiday season, where performance and availability are critical to many companies achieving their revenue goals, we’re excited to announce a final major upgrade for the year: Meet Fastly DDoS Protection’s Adaptive Threat Engine.

If you’ve been following Fastly DDoS Protection for some time, you’ve likely heard of the proprietary Attribute Unmasking technique that the solution was originally built on. However, with the updates we’ve made since launch, our capabilities have increased substantially. That’s why the two latest updates create the perfect opportunity to combine Attribute Unmasking and everything else under the hood into what’s now our Adaptive Threat Engine.

The latest updates to Fastly DDoS Protection

We’re thrilled to introduce two major enhancements to Fastly’s Adaptive Threat Engine to aid customers ahead of a busy holiday season: 

• Mitigation accuracy has been notably increased even further

• Mean Time to Mitigation (MTTR) has drastically decreased

Increasing mitigation accuracy

Accuracy is paramount to any DDoS solution – you can’t stop an attack by blocking all requests visiting your site after all. For those unfamiliar, our Adaptive Threat Engine has historically had two major controls, and our latest update introduces an impactful third.

1. Both overall traffic and the traffic’s underlying characteristics (10+ behavioral and client-based traits) are baselined and continuously updated. When traffic spikes and the underlying characteristics diverge from established norms, we can be confident that there’s an attack.

2. Rules created by our Adaptive Threat Engine cannot mitigate on a single error-prone attribute (think things like country code)

3. NEW Before any mitigation can take place, automatically generated rules are now cross-referenced against multiple recent legitimate traffic samples to ensure there is no impact on normal traffic.

While the first two controls produced highly accurate mitigations with minimal impact on legitimate traffic, the latest further reduces any possible impact.

Reducing the MTTR for DDoS attacks

In light of the additional controls we’ve implemented, it’s an exciting engineering feat that we’ve also simultaneously reduced the mean time to resolution by drastically decreasing the time it takes for us to detect an attack and create tailored rules to mitigate it.. At the heart of this innovation are two key updates. The first is reducing the detection refresh rate, making it even more continuous. The second is our adoption of HTTP Long Polling to achieve real-time communication and respond more quickly when attacks are observed. While this technique can be associated with significant downsides, when combined with Fastly’s platform and its unique ability to collapse requests, we find scale and efficiency that few others can yield. You can expect a technical deep dive from our engineering team on this topic very soon!

Comparing MTTR against what we observed as recently as May, estimates suggest that attacks are being mitigated 72% faster than just a few months ago. The result is not only that any potential impact of an attack is drastically reduced, but also that the bursty attacks that come and go quickly can be blocked before they can cause disruption.

Together, these updates, along with all the others we’ve made this year, make Fastly DDoS Protection and its Adaptive Threat Engine the optimal choice for organizations that must maintain the performance and availability of their applications and APIs.

Maintain performance and availability during the holiday season and beyond

We hope this holiday season is fruitful for your organization and uneventful for your site reliability and security teams; however, please know we’re here to help if it isn’t. As you head into Black Friday, Cyber Monday, and the rest of the holiday season, Fastly DDoS Protection and our team are here to help ensure attacks don’t impact your bottom line. If you come under a DDoS attack during this period, sign up for an account and self-enable Fastly DDoS Protection, or fill out our Under Attack form to get help during global business hours. If you’re a current customer, simply submit a customer support ticket to receive assistance.