Security
Page 11
Security Speaker Series, part 3
We’re pleased to announce the next installment of our Security Speaker Series, which brings together researchers and engineers to share research, tools, and ideas. Join us for drinks, snacks, and a few hours of excellent security discussion on Thursday, Oct. 26 at 6pm PT at Bespoke Central Lounge in downtown San Francisco. Speakers include Alex Bazhaniuk, of Eclypsium, Inc., and Stephen Checkoway, of the University of Illinois.
Building the Fastly WAF
In keeping with our security team’s vision for defending the modern web, we launched our Web Application Firewall (WAF) to help our customers secure their sites and applications while providing reliable online experiences for their users. In this post, two of the engineers who built our WAF will take you on a deep dive into the tech behind it, exploring how we built a performant, highly configurable, and comprehensive solution to secure customers’ infrastructure.
Deliberate practice in information security
Deliberate practice is the act of performing a set of tasks that are just slightly more difficult than what you’re used to, so you can get better at a specific activity and move from a novice to an experienced practitioner. In this post, Security Engineer Sandra Escandor-O’Keefe walks us through the art of deliberate practice, offering tips for novices and mentors alike.
The problem with patching in addressing IoT vulnerabilities
We need technology to provide capabilities to tackle the challenge of the cybersecurity gaps, recently highlighted by the WannaCry attacks. In this post, Director of Security Research Jose Nazario will explore these challenges as well as share research objectives that industry and academia must address soon before we can begin solving the security issues with IoT.
How to bootstrap self-service continuous fuzzing
OSS-Fuzz is an innovative project that is both advancing the state of the art in OSS security engineering and immediately improving the overall quality of the software that serves the internet. In this blog post, I’ll describe how to use the open source components of google/oss-fuzz to bootstrap self-service continuous fuzzing for both private and public software using h2o, Fastly’s HTTP/2 proxy, as a running example.
The IoT industry’s response to emerging threats
Late last year, we took a look at how the Internet of Things (IoT) is under attack. We analyzed hundreds of individual IoT devices to see how often they were probed for vulnerabilities, with the intention of being employed for IoT botnet attacks. We did more robust vulnerability research on IoT devices that have been found vulnerable in the past and concluded that while malicious probes are constant, manufacturers have taken action to update their firmware and address security holes. Read on to hear our latest findings.
Anatomy of an IoT Botnet Attack
Understand how malware attacks happen to IoT devices and what companies can do to protect their devices from attacks.
Secure comms & Fastly advisories reminder | Fastly
We publish our security advisories to address vulnerabilities discovered on our own platform, as well as significant security vulnerabilities that affect the wider internet community.
Lean Threat Intelligence, Part 4: Batch alerting
In Part 3, we showcased a technology that allows you to route messages to and from topics via Kafka. Now that data is flowing, how can you start monitoring and reacting to security events? In this post, we’ll show you a batch alerting strategy that you can use with Graylog and Kafka.
Best practices for protecting your domain
We continuously work on making the edge more secure, and develop features you can leverage to protect your applications. However, in order for you to benefit from these investments, there are steps you should take at the crucial stage where traffic is handed off to the CDN. In this post, Director of Security Engineering Maarten Van Horenbeeck discusses how (and why) you can protect traffic on its way to the CDN.
Sponsoring the Tor project with content delivery services
Fastly has historically supported many open source projects. We’re happy to announce that Fastly now provides sponsored Content Delivery for the Tor Project. TorBrowser updates are served over the Fastly network, taking load off of the Tor Project's backend servers and speeding up downloads for end users.
Our security team’s vision for defending the modern web
Director of Security Research Jose Nazario describes our team’s vision for employing our CDN’s unique position to defend the modern web. Using the recent HTTPoxy vulnerability as an example, he outlines the benefits and challenges of this vision.
Battling log absurdity with Kafka
In “Lean Threat Intelligence Part 2: The foundation,” we explained how we built our log management system, Graylog, using Chef. Next, we’ll cover how we created a message pipeline that allows us to route messages to different endpoints for analysis or enrichment.
Announcing Limited Availability for HTTP/2
As promised in March of this year, we are excited to announce that our HTTP/2 Limited Availability (LA) program is here. Here’s how you get started.
TLS 1.2-only delivery is now available
Earlier this year we updated you on our revised deprecation plan for TLS 1.0 and 1.1. We’re happy to announce that you can now request migration to TLS 1.2-only hosts if you’ve purchased a paid TLS option.
Recapping our second Fastly Security Speaker Series
On May 25, we had over 50 security researchers and engineers from the Bay Area and beyond in our San Francisco office for our recurring Fastly Security Speaker Series. This event focused on hardware security, including how to detect firmware attacks, and how to execute hardware side-channel attacks.
Fastly Security Speaker Series: Second Edition
In February, our Chief Security Officer Window Snyder announced the Fastly Security Speaker Series, which we created to share cutting edge security topics with the wider community. We hosted over 50 security researchers and engineers in an event focused on machine learning and reverse engineering. Today, we’re happy to announce the second event in our Fastly Security Speaker Series, which will take place on May 25th from 6:00 to 8:45 pm. Join us at Fastly’s San Francisco headquarters for food, drinks, and ample opportunity for good discussion with your peers in the security research community. You can register to attend here.
Lean Threat Intelligence Part 2: The foundation
In part 1, I discussed the general workflow the Threat Intelligence team at Fastly uses to plan for projects. After performing research and seeing what others have done in this space, we can now move forward with technology selection.
College competitions build strong security teams | Fastly
Building a great team is one of the most difficult challenges security managers encounter. Luckily, there are a few initiatives that make things easier on us, including the Information Security Talent Search (ISTS) at the Rochester Institute of Technology.
Recap of the Fastly Security Speaker Series
On February 25, we hosted 50+ security researchers and engineers from the Bay Area and beyond in our San Francisco office for the first event in the Fastly Security Speaker Series. This event brought together security engineers and researchers to examine new perspectives around important security topics.
