You appear to be offline. Some site functionality may not work.
Sign Up

Security blog

Videos from part 3 of our Security Speaker Series

On October 26, we hosted an evening of drinks, snacks, and an excellent security discussion with the security research and engineering communities. Folks gathered at Bespoke Central Lounge in downtown San Francisco to hear from Alex Bazhaniuk, of Eclypsium, Inc., and Stephen Checkoway, of the University of Illinois. Watch the videos from their talks here.

Read More

The evolving DDoS landscape

As an edge cloud platform, Fastly is in a unique position to monitor DDoS attack patterns and trends as they evolve. In this post, Jose Nazario, Sr. Director of Security Research, and Ryan Landry, Director of Edge Cloud Operations, take a look back at the history of DDoS, sharing how they’re changing and the trends we’re seeing. Getting a handle on the various shapes and sizes of DDoS will help inform how you address these attacks on your own infrastructure — you may not always be able to predict attacks, but knowing what’s out there and preparing for the worst will help you protect and mitigate.

Read More

Security Speaker Series, part 3

We’re pleased to announce the next installment of our Security Speaker Series, which brings together researchers and engineers to share research, tools, and ideas. Join us for drinks, snacks, and a few hours of excellent security discussion on Thursday, Oct. 26 at 6pm PT at Bespoke Central Lounge in downtown San Francisco. Speakers include Alex Bazhaniuk, of Eclypsium, Inc., and Stephen Checkoway, of the University of Illinois.

Read More

Building the Fastly WAF

In keeping with our security team’s vision for defending the modern web, we launched our Web Application Firewall (WAF) to help our customers secure their sites and applications while providing reliable online experiences for their users. In this post, two of the engineers who built our WAF will take you on a deep dive into the tech behind it, exploring how we built a performant, highly configurable, and comprehensive solution to secure customers’ infrastructure.

Read More

Deliberate practice in information security

Deliberate practice is the act of performing a set of tasks that are just slightly more difficult than what you’re used to, so you can get better at a specific activity and move from a novice to an experienced practitioner. In this post, Security Engineer Sandra Escandor-O’Keefe walks us through the art of deliberate practice, offering tips for novices and mentors alike.

Read More

The problem with patching in addressing IoT vulnerabilities

We need technology to provide capabilities to tackle the challenge of the cybersecurity gaps, recently highlighted by the WannaCry attacks. In this post, Director of Security Research Jose Nazario will explore these challenges as well as share research objectives that industry and academia must address soon before we can begin solving the security issues with IoT.

Read More

How to bootstrap self-service continuous fuzzing

OSS-Fuzz is an innovative project that is both advancing the state of the art in OSS security engineering and immediately improving the overall quality of the software that serves the internet. In this blog post, I’ll describe how to use the open source components of google/oss-fuzz to bootstrap self-service continuous fuzzing for both private and public software using h2o, Fastly’s HTTP/2 proxy, as a running example.

Read More

The IoT industry’s response to emerging threats

Late last year, we took a look at how the Internet of Things (IoT) is under attack. We analyzed hundreds of individual IoT devices to see how often they were probed for vulnerabilities, with the intention of being employed for IoT botnet attacks. We did more robust vulnerability research on IoT devices that have been found vulnerable in the past and concluded that while malicious probes are constant, manufacturers have taken action to update their firmware and address security holes. Read on to hear our latest findings.

Read More

Phase two of our TLS 1.0 and 1.1 deprecation plan

In February of last year we updated you on our plans to deprecate TLS 1.0 and 1.1 due to a mandate by the PCI Security Standards Council as well as our continued commitment to maintaining a trusted platform. Since then, we’ve observed a significant reduction in legacy TLS traffic on our network — here is the latest update on our deprecation plan.

Read More

The anatomy of an IoT botnet attack

We took a look at some of the more recent (and troubling) threats on the internet, and found that the emerging IoT market is under attack. Internet-connected devices are being churned out of factories and infected by malware, or malicious code, at an alarming rate. Just how big of a problem is this? We did an analysis of the anatomy of an IoT botnet attack — here’s what we found.

Read More

Forward secrecy and a reminder about Fastly security advisories

We publish our security advisories to address vulnerabilities discovered on our own platform, as well as significant security vulnerabilities that affect the wider internet community.

Read More

Lean Threat Intelligence, Part 4: Batch alerting

In Part 3, we showcased a technology that allows you to route messages to and from topics via Kafka. Now that data is flowing, how can you start monitoring and reacting to security events? In this post, we’ll show you a batch alerting strategy that you can use with Graylog and Kafka.

Read More

  •  
  •  
  • 1
  • 2
  • >
  • »