All blog posts

Page 31

DDoS attacks: how to protect + mitigate

Jose Nazario, PhD, Ryan Landry

In part one of this series, we took a look at the evolving DDoS landscape, offering a sense of what’s out there in terms of attack size and type to help better inform decisions when it comes to securing your infrastructure. In this post, we’ll share an inside look at how we protect our customers, lessons learned from a real-live DDoS, and our recommended checklist for mitigating attacks.

Security
Engineering

Requiring TLS 1.2 for the Fastly API & control panel

Phil Groman

As part of our vision for defending the modern web, the Fastly engineering teams are focused on providing you with a robust and secure platform that empowers you to protect your customers. Because we’re committed to providing secure experiences, we’re requiring clients that connect to our infrastructure to support TLS 1.2. Read on to learn about our deprecation plan, plus how to check which TLS version you’re using.

Security

Demystifying the cloud

Simon Wistow

Like it or not, the cloud is here to stay. Although 81% of executives surveyed experience cloud FOMO (“fear of missing out”), it’s not peer pressure alone that’s driving cloud adoption; the cloud offers undeniable benefits to your business: boosting engagement with your customers, cutting costs, and empowering innovation. In this post, we’ll take a look at the different methodologies of cloud computing, cutting through the noise to offer our recommendation and vision for what’s ahead.

Industry insights

Understanding the Vary header in the browser

Andrew Betts

Browsers need to understand and respond to Vary rules, and the way they do this is different from the way Vary is treated by CDNs. In this post, Principal Developer Advocate Andrew Betts explores the murky world of cache variation in the browser.

Performance

Videos from part 3 of our Security Speaker Series

Window Snyder

On October 26, we hosted an evening of drinks, snacks, and an excellent security discussion with the security research and engineering communities. Folks gathered at Bespoke Central Lounge in downtown San Francisco to hear from Alex Bazhaniuk, of Eclypsium, Inc., and Stephen Checkoway, of the University of Illinois. Watch the videos from their talks here.

Security

2018 starts with 46 POPs & 20 Tbps of connected edge capacity

Tom Daly, Ryan Landry

The Fastly Infrastructure and Edge Cloud Operations Teams wrapped up 2017 by completing major milestones in our point of presence (POP) deployments around the globe AND achieving 20 Tbps of connected edge capacity. Since our last update, we’ve deployed additional US POPs in Atlanta, Houston, Columbus, and Palo Alto, brand-new locations in Cape Town, South Africa and Columbus Ohio, plus a new 100GE-enabled POP in Tokyo, Japan. These upgrades empower us to scale to meet customer demands, reduce latency, and improve resilience to our network — read on to see what we’ve been up to.

Product
+ 3 more

How Fastly Supports an Ethical and Open Internet

Elaine Greenberg

Open source projects are the foundation of the internet; by sponsoring their important work, we support our vision for unfettered, scalable technical innovation. We’ve supported numerous open source projects since the inception of Fastly, and our founding team has invested time into open source development since our incorporation. Read on to learn about the evolution of our Open Source and Nonprofit Program.

Engineering
Culture

How natural disasters meet unprecedented engagement

Tyler McMullen

As part of our mission to serve the best of the internet, we’re honored to offer complimentary CDN services to nonprofits, including One America Appeal, Direct Relief, Reporters Without Borders, Khan Academy, and more. Although the fall of 2017 had more than its fair share of natural disasters, we were heartened to learn how people gave (and engaged) with nonprofits. Read on to see what we learned.

Observability

2017 holiday insights: biggest Cyber Monday yet

Tyler McMullen

Cyber Monday 2017 was the biggest yet, bringing in $6.59 billion in online sales — compared to $5.03 billion on Black Friday, and 16.8% more revenue than Cyber Monday last year. And, this Cyber Monday was the first $2 billion mobile shopping day. Similar to our observations last year, we saw significant increases in traffic to ecommerce sites during the week of Thanksgiving, with traffic climbing to 152% above average in the morning of Cyber Monday. Read on to see what we learned.

Observability

The evolving DDoS landscape

Ryan Landry, Jose Nazario, PhD

As an edge cloud platform, Fastly is in a unique position to monitor DDoS attack patterns and trends as they evolve. In this post, Jose Nazario, Sr. Director of Security Research, and Ryan Landry, Director of Edge Cloud Operations, take a look back at the history of DDoS, sharing how they’re changing and the trends we’re seeing. Getting a handle on the various shapes and sizes of DDoS will help inform how you address these attacks on your own infrastructure — you may not always be able to predict attacks, but knowing what’s out there and preparing for the worst will help you protect and mitigate.

Security
Engineering

Spotify on diagnosing cascading errors

Anna MacLachlan

Our customers’ war stories have taught us that even the most routine changes (like restarting a database or switching backends) can sometimes lead to unexpected errors, but savvy teams already have the tools and processes in place to resolve them as they happen. In this post, we’ll share how Niklas Gustavsson, Principal Engineer at Spotify, encountered live (in production, and accessible to end users) but unplayable content after what should have been a routine change, as well as lessons learned and Niklas’ favorite debugging tool.

Customers
Events

Diff at the edge with serverless cloud functions

Andrew Betts

Requesting the difference between two previously cached files — using just a CDN configuration and a serverless cloud compute function — is a great example of exploiting edge and serverless compute services to make your website more efficient and performant, and lower your bandwidth costs. Read on to learn more.

Performance
Compute

The QA mindset: designing for reliability

Alice Nodelman

Fastly’s engineering teams are smart and capable — they architect thoughtfully, write elegant code, and work carefully with incredible complexity and scale. So why would they (or anyone) need quality assurance (QA)? In this post, Senior QA Automation Engineer Alice Nodelman examines how the QA mindset works, touching on our approach to QA at Fastly and sharing how you could apply this mindset to your organization.

Engineering
Performance

Security Speaker Series, part 3

Window Snyder

We’re pleased to announce the next installment of our Security Speaker Series, which brings together researchers and engineers to share research, tools, and ideas. Join us for drinks, snacks, and a few hours of excellent security discussion on Thursday, Oct. 26 at 6pm PT at Bespoke Central Lounge in downtown San Francisco. Speakers include Alex Bazhaniuk, of Eclypsium, Inc., and Stephen Checkoway, of the University of Illinois.

Security

Building the Fastly WAF

Eric Hodel, Jose Nazario, PhD

In keeping with our security team’s vision for defending the modern web, we launched our Web Application Firewall (WAF) to help our customers secure their sites and applications while providing reliable online experiences for their users. In this post, two of the engineers who built our WAF will take you on a deep dive into the tech behind it, exploring how we built a performant, highly configurable, and comprehensive solution to secure customers’ infrastructure.

Security
+ 2 more

Deliberate practice in information security

Sandra Escandor-O’Keefe

Deliberate practice is the act of performing a set of tasks that are just slightly more difficult than what you’re used to, so you can get better at a specific activity and move from a novice to an experienced practitioner. In this post, Security Engineer Sandra Escandor-O’Keefe walks us through the art of deliberate practice, offering tips for novices and mentors alike.

Security
Engineering

Getting more out of IO with image transformation classes

Dom Fee

We’ve worked to ensure the Fastly Image Optimizer is simple, easy to use, and most importantly fully integrated into the platform. In an effort to give you even more control, we've developed image transformation classes to help streamline, secure, and support your image delivery workflow.

Product
Performance

Updates to the Fastly control panel

Jessica Allen, Brian Santiago

We’ve recently had the opportunity to turn customer feedback into new features for the Fastly control panel. Hear from our lead product designers on the latest changes, including an all services homepage, easier way to customize your VCL, and more.

Product
Customers

Reddit on building & scaling r/place

Anna MacLachlan

Altitude SF 2017 brought together technical leaders from Reddit, the ACLU, TED, Slack, and more to explore the future of edge delivery, emerging web trends, and the challenges of cloud infrastructure and security. In this post, we’ll share Daniel Ellis’ talk on how Reddit built and scaled r/place, their real-time April Fools’ project.

Events

The problem with patching in addressing IoT vulnerabilities

Jose Nazario, PhD

We need technology to provide capabilities to tackle the challenge of the cybersecurity gaps, recently highlighted by the WannaCry attacks. In this post, Director of Security Research Jose Nazario will explore these challenges as well as share research objectives that industry and academia must address soon before we can begin solving the security issues with IoT.

Security