Fastly DDoS Protection mitigates disruptive and distributed attacks against your applications and APIs

The threat of application distributed denial of service (DDoS) attacks looms larger than ever as organizations increasingly lean on their digital presence to drive revenue. DDoS attacks are growing in size, frequency, and complexity. These attacks aim to disrupt web services by overwhelming networks, applications, and resources. According to Verizon’s 2023 Data Breach Investigations Report, over 50% of incidents were caused by DDoS attacks. To safeguard your web applications and infrastructure from potential damage, a scalable, automatic, and versatile solution is needed.

Mitigating DDoS on apps and APIs

Fastly DDoS Protection rapidly deploys and automatically protects against disruptive and distributed threats to maintain the performance and availability of your applications and APIs. From startups launching their first mobile app to the world’s largest e-commerce sites, every application and API on the internet is susceptible to DDoS attacks slowing their service, inflating cloud expenses, or, worse, taking them offline. With Fastly DDoS Protection, anyone can flip a switch and gain immediate protection. The solution leverages Fastly’s global capacity of 350+ Tbps as of June 30, 2024, to absorb massive network layer attacks while using a proprietary, adaptive technique to automatically block malicious application traffic before it impacts you.

Benefits Enhance resiliency - Ensure your application is performant and available for your customers to maintain revenue generation and limit outage-related brand reputation impacts Zero Attack Fees - Never pay for DDoS attack traffic we mitigate Reduced Cloud Spend - Stop attacks from hitting your origin and inflating egress costs while creating more consistent cloud spend overall

Stopping attacks with a scalable network

Disruptive attacks on apps and APIs don’t always target the application layer. Common DDoS attacks like TCP Floods and low-level protocol exploitation impact network layers and also disrupt site performance and availability without proper network architecture. Stopping application DDoS attacks targeting network layers requires a scalable network with massive bandwidth and localized infrastructure to reduce latency impacts on end-users.

Fastly DDoS Protection automatically defends your applications and APIs from disruptive, distributed attacks so your business stays up and running – no matter the size of the attack or the scale of your systems. Building on our powerful, global network offering 350+ Tbps capacity as of June 30, 2024 , we automatically absorb massive Layer 3/4 attacks while dropping irrelevant non-HTTP/HTTPS traffic (Image 1).

Image 1: Fastly DDoS Protection architecture

Fastly DDoS Protection fights attacks away from your origin. Our distributed edge processing and decision-making keep the fight against DDoS attacks away from your infrastructure, minimizing the costly latency seen in other solutions that force traffic through suboptimal centralized scrubbing centers. With the power of Fastly’s platform, we dynamically and proactively process, analyze, diagnose, and respond to DDoS attacks of all sizes so your team can uphold scalability, stability, and reliability – all with one click of a button.

By leveraging the massive network Fastly DDoS Protection is built on, you save on the fixed hardware costs required to absorb massive attacks while reducing latency and outage-related impacts to revenue.

Detecting, identifying, and mitigating DDoS automatically

DDoS attacks can run their course in seconds, leaving security teams with manual or complex solutions struggling to implement effective mitigations before the attack concludes. The result is often retroactive protection to hopefully stop similar attacks next time. This leaves the performance of apps and APIs at risk as new attacks emerge and others evolve to make their previous policies outdated and ineffective. If those risks come to fruition, false positive blocks on legitimate traffic or downtime cost many industries significant revenue each year. Ensuring DDoS attacks are mitigated requires a solution capable of automatically detecting, identifying, and mitigating with no tuning.

Fastly DDoS Protection enables with the flip of a switch and leverages our proprietary, accurate, and adaptive Attribute Unmasking techniques to detect, identify, and mitigate DDoS attacks in seconds. It automatically blocks application DDoS attacks – from everyday nuisances through never-before-seen traffic spikes – to ensure they don’t disrupt your business. By deploying on Fastly’s edge and leveraging Attribute Unmasking, Fastly DDoS Protection mitigates disruptive and distributed attacks against your applications and APIs (Image 2).

Image 2: Fastly DDoS Protection attack coverage

How Attribute Unmasking works

When unexpected volumetric traffic events arise, Fastly’s proprietary Attribute Unmasking technique validates their legitimacy. If malicious, it begins matching the traffic pattern against a comprehensive list of characteristics to identify the attacker and confidently mitigate their attacks, even if they rotate IPs.

Attribute Unmasking identifies anomalous attack traffic characteristics for every attack to offer more adaptive protection than rigid rate-limiting policies. This capability also allows it to catch novel attacks without updates. When 0-day attacks like HTTP Reset caused major incidents throughout the world, Attribute Unmasking automatically derived the anomalous attack traffic characteristics and mitigated the attack. It’s also built on a modular platform that allows Fastly’s team to quickly add coverage as new classes of attacks emerge.

Attribute Unmasking enables Fastly DDoS Protection to automatically mitigate attacks that cost security teams time and the organization revenue if successful. It reduces false positives as it accurately mitigates sophisticated attacks posing as legitimate traffic and minimizes the impact of maintaining performant protection so teams can shift resources to higher-impact initiatives.

Building on a versatile solution

As organizations transition towards DevSecOps practices, rigid, legacy DDoS tooling often stands in the way. It requires constant tuning to limit adverse impacts to legitimate customers and directly impacts delivery velocity as cycles are spent in security QA instead of immediately shipping to production. Worse, some solutions make procurement difficult or have predatory pricing practices. Moving towards enhanced DevOps or even DevSecOps practices requires building on versatile solutions that partner with you for long-term success.

Fastly DDoS Protection works with modern software delivery workflows, not against them, automatically protecting your apps and APIs from disruption. No matter your architecture, you can deploy Fastly’s DDoS Protection to gain speedy, scalable defenses without any upfront tuning – or any required tuning, even as you ship changes on demand. This facilitates better cross-functional work between teams, as security doesn’t impact DevOp's ability to ship code smoothly to production.

Fastly DDoS Protection mitigates distributed application attacks before they turn into incidents, without forcing engineering teams to become security experts or purchase confusing bundles. It is sold as a standalone product so teams can start with dynamic DDoS protection at the click of a button and then layer additional Fastly products for other security use cases and beyond when you’re ready.

We align our DDoS Protection pricing to the value you get, only billing for legitimate traffic that your business wants, never for the attack spikes we mitigate that you don’t want. With this straightforward approach – including never having to file post-attack claims – you can keep your sites up and running with more consistent, success-aligned operational spending.

“Application-level DDoS attacks often resemble legitimate traffic, which is why they are so difficult to detect and protect against. Now more than ever, organizations need DDoS protection that is simple to deploy and manage, able to detect stealthy attacks, and scalable to mitigate large attacks, all while helping to maintain cloud cost-certainty.” John Grady, Principal Analyst, Enterprise Strategy Group.

Keep your apps performant and available