Why Simplicity Is Good for Security

People often expect that security tools have to be complex. There’s a belief that if setting up a defense system takes hours, it must be harder to break. However, that’s not the case.

In fact, complexity can harm security. If security is so complex it takes thirteen steps to adjust a setting, you may find yourself behind when under attack.

Over the past year, we’ve had a chance to rethink how we deliver DDoS protection — not just in terms of detection or mitigation, but in how customers actually interact with it under pressure. That led us to launch Fastly’s single-toggle DDoS protection last year, and now, we’ve released Precise Defense: a one-click false positive override. 

Complexity Is a Tax

Complexity rarely arrives all at once. It might start with a toggle here, a dropdown there. One more setting to cover an edge case. Then another, and another. Each one feels justified in isolation, but added together, they make the process long and difficult.

When defense systems are hard to use, they tax valuable resources in multiple ways. 

First there is the time tax: the time it takes to perform a security task. You feel it every time you need to do something that takes longer than it should. The extra clicks, reviewing outdated documentation, and waiting for something to propagate are very distracting. Worst of all, these steps steal the minutes that your team could be using to respond to real threats.

Then, there’s the configuration tax. Every step introduces risks for human error. Every checkbox is a chance to get it wrong. Gartner predicts that this year, 99% of cloud security failures will be caused by customer misconfiguration. Companies make security harder than it needs to be.

Finally, there is the attention tax. This is the most dangerous cost of all. Every alert your team encounters trains them to ignore the next one. And when false positives flood your dashboard, you burn through your defenders’ most precious resource: focus. So, when a real threat finally shows up, no one sees it.

These taxes don’t have to be a part of defense systems. The antidote is to build clarity into the experience. 

One-Click Defense

False positives are one of the most challenging parts of DDoS protection. The system blocks something, but it turns out to be legitimate traffic, and suddenly, mitigation is the problem.

One of our key goals at Fastly is to keep the false positive rate extremely low. However, no automated solution can have a zero false positive rate. That is why we want to make overriding false positives easy for users, so that in rare cases when an automated block is too broad, they can act quickly. We pair this capability with visibility, so that decisions can be made right where the data is. 

Fastly DDoS Protection is designed to be simple: turn it on, get automated protection. Precise Defense builds on this foundation. It’s the next step towards security that works in practice.

See how powerful simple DDoS Protection can be: create a free account and get up to 500,000 requests on us.