Powerful, Real-time DDoS Mitigation

The growing threat of DDoS attacks

In today's interconnected and digital landscape, the threat of distributed denial of service (DDoS) attacks looms larger than ever. These attacks are growing in size, frequency, and complexity, aiming to disrupt web services by overwhelming networks and web resources. According to a recent Gartner report, DDoS attacks are projected to become the most common type of cyberattack. To safeguard your web applications and infrastructure from potential damage, a robust and scalable solution is critical.

Fastly DDoS mitigation

Fastly offers a globally distributed network with multi-terabit-per-second capacity, capable of absorbing even the most massive DDoS attacks. Our real-time response capabilities, comprehensive protection against Layer 3/4 and Layer 7 attacks, and the ability to make on-the-fly configuration changes empower you to fortify your digital infrastructure and defend against disruptive DDoS threats. Additionally, we provide origin cloaking through various methods, allowing us to hide your origin IP or prevent direct access to it. This prevents your cloud-based DDoS protection from being easily circumvented.

Resolving DDoS challenges

With DDoS attacks, a clear pattern emerges - larger volume attacks tend to be simpler, while lower volume attacks exhibit greater complexity, requiring deeper contextual analysis. As requests progress through the layers of the OSI model, computational intensity increases, underscoring the need for multi-layered defense mechanisms.

Fastly's expansive Content Delivery Network (CDN) effortlessly absorbs Layer 3 and Layer 4 DDoS attacks, while caching your content on our CDN provides an additional layer of protection against disruptions to your web services. For cache busting and Layer 7 attacks, Fastly offers specialized features.

Edge rate limiting, seamlessly integrated into our CDN, offers an ideal defense against high-speed, high-volume attacks. By intercepting these attacks at the edge, without the need for request inspection, we effectively halt them before they reach your origin.

Advanced rate limiting, a distinguishing feature of Fastly's Next-Gen WAF, scrutinizes the actual request to counter slow and low attacks. This approach grants you maximum control over complex traffic, ensuring only malicious traffic is blocked.

By combining the capabilities of Fastly Delivery and the Next-Gen WAF, we provide comprehensive protection against volumetric DDoS attacks and low and slow attacks, shielding your production infrastructure from harm.

Fastly offers layered protection to protect against the different types of DDoS attacks.

Superior protection at all layers

Fastly’s edge-based filtering technology ensures broad DDoS protection by automatically blocking all types of highly disruptive Layer 3 and Layer 4 attacks at the edge before they hit your origin. To protect your network from complex Layer 7 attacks, our edge cache nodes act as enforcement points. Our security experts can apply rules using Varnish Configuration Language (VCL) to inspect the entire HTTP/HTTPS request, and block based on specific criteria (headers, cookies, request path, client IP, geolocation, etc.). We also give you the option to customize rules to fit your security needs. 

For Layer 7 application layer attacks like cross-site scripting (XSS), SQL injection (SQLi), or other OWASP Top Ten attacks, the Fastly Next-Gen WAF stops these through our proprietary SmartParse technology, which requires no tuning and provides immediate protection out of the box. The Next-Gen WAF also provides customizable rules and virtual patches to protect against vulnerabilities.

“By enabling us to mitigate DDoS attacks and terminate TLS at the edge, Fastly empowers us to protect our users while providing consistent and fast experiences."

Read case study

Comprehensive DDoS protection

Real-time visibility and control

Fastly provides real-time access to data logs and historical statistics, allowing you to identify suspicious activity, including DDoS attack traffic spikes, for immediate troubleshooting. We empower you to make real-time configuration changes using Varnish Configuration Language (VCL). With our highly modified and improved Varnish, you can apply custom DDoS rules in under a second, enabling powerful and rapid mitigation. With full access to HTTP requests, VCL can be used to create rules based on any attribute of the request or response.

Economic flexibility

We give you flexibility and control in making an economic decision after an attack. If you are under attack we will help you, no questions asked. Afterward, you can choose to enroll in our DDoS Protection and Mitigation Service or pay for overages based on the actual billing, eliminating the need for upfront decisions and enabling a more cost-effective approach.

Key capabilities 

• High-network capacity: Multi-terabit-per-second network capacity at the edge, ensuring resilience against massive DDoS attacks. 

• Broad DDoS protection: Secure your origin server from multi-layer attacks. 

• Real-time control: Craft custom DDoS rules with VCL to serve specific clients from cache during an attack.

• Highly automated: Majority of configurations can be done via API, unlike most security systems that rely on CLI. 

• High-performance: Tight integration of security with our edge cloud network ensures optimal performance. 

• Dedicated security team: 24/7 cybersecurity expertise and support.

“Fastly’s DDoS mitigation capabilities allow us to quickly scale while remaining protected from a wide range of security threats”

Read case study

Getting started

Join leading companies like Dunelm, The New York Times, and Yelp in fortifying your business against DDoS attacks. Contact us today to discover how our proven DDoS mitigation solutions can protect your digital infrastructure.