Making Life Easier for Developers: How Fastly’s Edge Cloud Platform Simplifies App Security for Developers
Security platform provides preemptive protection and convenience to security customers, featuring real-time IP reputation intelligence.
Join the DZone community and get the full member experience.
Join For FreeIn the constant struggle between security and agility, developers often draw the short straw. Tasked with rapidly building and deploying code, engineers get bogged down handling security incidents or remediating vulnerabilities. The friction between creating quickly and creating securely slows innovation velocity.
I recently met with edge cloud platform provider Fastly to explore how their technology flips this narrative. Fastly acquired web application firewall company Signal Sciences in 2020 to expand security capabilities. I spoke with Fernando Medrano, Deputy CISO, and Simran Khalsa, Staff Security Researcher, to understand their approach.
Fastly’s Next-Gen WAF Protects Apps at the Edge
At the core of Fastly’s security portfolio lies a next-generation web application firewall (NGWAF) delivered through its edge cloud network. By integrating the WAF directly into the edge rather than on-premise, Fastly is able to identify and block the majority of attacks before they ever reach customers’ infrastructure and applications.
As Malicious traffic is stopped at the perimeter, dangerous requests are prevented from overwhelming origin servers. This shields developers from disruptive denial-of-service situations that can bring down applications and interrupt innovation activities.
Powered by Deep Visibility Into the Threat Landscape
Fastly’s recently published 2022 Network Effect Threat Report provides insights into the enormous scope of threats analyzed by their security platform. The Network Learning Exchange (NLX) ingests and distributes real-time IP reputation data across Fastly’s NGWAF installed base. This allows preemptively blocking confirmed malicious actors before requests arrive.
In Q2 2023 alone, NLX flagged attackers targeting more than 90,000 web applications and APIs handling 4.1 trillion requests per month. An important observation is that most campaigns fan out across multiple companies rather than pinpointing specific victims. For example, 69% of hostile IPs impacted multiple Fastly customers, with 64% of incidents spanning various industries.
Fastly’s immense scale provides unparalleled visibility into emerging attack trends. For instance, the report reveals that while SQL injection remains prevalent at 27% of incidents, traversal techniques now comprise almost one-third of exploit attempts. Attackers aggressively probe across business sectors, seeking soft targets before escalating to more focused efforts.
Turning Shared Threat Data Into a Network Effect
By confirming and distributing information about malicious IP addresses through NLX, Fastly is able to create a “network effect” that benefits all customers. Once an IP is identified as hostile based on conclusive evidence, every Fastly NGWAF instance is informed to preemptively block the attacker.
This shared threat data enables customers to prevent access from known bad actors even before a single request reaches their applications or infrastructure. Rather than just detecting attacks, customers collaboratively build collective immunity. Each contributes to and benefits from the aggregate intelligence.
Slashing Alert Fatigue by Stopping Attacks in Their Tracks
Fastly’s NGWAF is also able to reduce alert fatigue by automatically preventing up to 90% of web attacks before detection. As Khalsa explained, confidently blocking malicious traffic remains challenging for many WAF solutions, making Fastly’s 90%+ automated blocking rate truly differentiated.
By proactively stopping the vast majority of threats at the edge, Fastly minimizes disruptive alerts that detract developer focus. Security teams avoid wasting cycles investigating and responding to commodity attacks that are blocked at the perimeter. Developers don’t get pulled into remediation efforts that slow velocity.
Exploring AI’s Emerging Role in App Security
When discussing AI, Medrano acknowledged the nascent role of generative AI in facilitating novel social engineering and disinformation campaigns. However, he views issues like training data provenance and robustness as bigger near-term concerns around AI security. Khalsa highlighted potential opportunities for using AI to enumerate attack variants and more rigorously stress test defenses.
While tracking the AI landscape, Fastly remains focused on enhancing core offerings like DDoS protection and the WAF through a developer-centric lens. The scale of their edge network provides immense volumes of threat data to inform robust app defenses powered by technology like NLX.
Freeing Developers From Security Burdens
For developers, Fastly’s edge-based security model means robust protection without having to implement anything. Performance-draining denial-of-service floods are absorbed at the edge rather than overwhelming origin infrastructure. Alert overload disappears as most threats never reach engineers’ tools.
Apps benefit from hardened environments where defense happens transparently in the background. Engineers avoid distractions when handling security incidents or remediating vulnerabilities. They can stay focused on delivering innovation and business value through code.
Fastly’s infrastructure moves security concerns entirely out of developers’ scope. The platform enables security teams to protect the business while freeing developers to create without constraints. By turning security into a faithful background ally rather than a painful foreground hassle, Fastly profoundly improves everyone’s quality of life in IT.
The Bottom Line
In summary, Fastly's edge-based approach aims to flip the script on the historically adversarial relationship between security and developer velocity. Their technology offers the best of both worlds — robust protection for apps coupled with frictionless agility for engineers. As Medrano put it, "We want to change the narrative from security being a constraint to an enabler for digital transformation and innovation."
Opinions expressed by DZone contributors are their own.
Comments