Sign Up

Security blog

The IoT industry’s response to emerging threats

Jose Nazario, PhD | May 10, 2017

Late last year, we took a look at how the Internet of Things (IoT) is under attack. We analyzed hundreds of individual IoT devices to see how often they were probed for vulnerabilities, with the intention of being employed for IoT botnet attacks. We did more robust vulnerability research on IoT devices that have been found vulnerable in the past and concluded that while malicious probes are constant, manufacturers have taken action to update their firmware and address security holes. Read on to hear our latest findings.

Read More


Phase two of our TLS 1.0 and 1.1 deprecation plan

Sean Leach | January 9, 2017

In February of last year we updated you on our plans to deprecate TLS 1.0 and 1.1 due to a mandate by the PCI Security Standards Council as well as our continued commitment to maintaining a trusted platform. Since then, we’ve observed a significant reduction in legacy TLS traffic on our network — here is the latest update on our deprecation plan.

Read More


The anatomy of an IoT botnet attack

Jose Nazario, PhD | December 15, 2016

We took a look at some of the more recent (and troubling) threats on the internet, and found that the emerging IoT market is under attack. Internet-connected devices are being churned out of factories and infected by malware, or malicious code, at an alarming rate. Just how big of a problem is this? We did an analysis of the anatomy of an IoT botnet attack — here’s what we found.

Read More


Forward secrecy and a reminder about Fastly security advisories

Maarten Van Horenbeeck | November 22, 2016

We publish our security advisories to address vulnerabilities discovered on our own platform, as well as significant security vulnerabilities that affect the wider internet community.

Read More


Lean Threat Intelligence, Part 4: Batch alerting

Zack Allen | October 13, 2016

In Part 3, we showcased a technology that allows you to route messages to and from topics via Kafka. Now that data is flowing, how can you start monitoring and reacting to security events? In this post, we’ll show you a batch alerting strategy that you can use with Graylog and Kafka.

Read More


Best practices for protecting your domain

Maarten Van Horenbeeck | August 25, 2016

We continuously work on making the edge more secure, and develop features you can leverage to protect your applications. However, in order for you to benefit from these investments, there are steps you should take at the crucial stage where traffic is handed off to the CDN. In this post, Director of Security Engineering Maarten Van Horenbeeck discusses how (and why) you can protect traffic on its way to the CDN.

Read More


Our security team’s vision for defending the modern web

Jose Nazario, PhD | August 12, 2016

Director of Security Research Jose Nazario describes our team’s vision for employing our CDN’s unique position to defend the modern web. Using the recent HTTPoxy vulnerability as an example, he outlines the benefits and challenges of this vision.

Read More


Lean Threat Intelligence Part 3: Battling log absurdity with Kafka

Zack Allen | July 28, 2016

In “Lean Threat Intelligence Part 2: The foundation,” we explained how we built our log management system, Graylog, using Chef. Next, we’ll cover how we created a message pipeline that allows us to route messages to different endpoints for analysis or enrichment.

Read More


TLS 1.2-only delivery is now available

Sean Leach | June 30, 2016

Earlier this year we updated you on our revised deprecation plan for TLS 1.0 and 1.1. We’re happy to announce that you can now request migration to TLS 1.2-only hosts if you’ve purchased a paid TLS option.

Read More


Announcing Limited Availability for HTTP/2

Jason Evans | June 30, 2016

As promised in March of this year, we are excited to announce that our HTTP/2 Limited Availability (LA) program is here. Here’s how you get started.

Read More