Back to blog

Follow and Subscribe

Fastly/Signal Sciences: one year update | Fastly

Dana Wolf

SVP Product and Marketing, Fastly, Fastly

When we acquired Signal Sciences, we put a stake in the ground as a company that cares about the complete delivery path and making it not just resilient and performant, but inherently secure as well. 

We made a huge leap forward in that mission last week, when we announced the beta availability of the Signal Sciences agent on our edge cloud platform. Given that great news, and the fact that we’re coming up on a year since we announced our intent to acquire Signal Sciences, I wanted to give you an update on where we stand — the progress we’ve made over the past year, what’s next with our product integration, and what you can look forward to with a security policy enforced at the edge.

Looking back 

Last year, we talked about four ways we focus on security: by building one secure network, with visibility and control for all; by making trust and privacy everyone’s job; by shrinking the attack surface; and by building a better internet for all. I’m proud to say we’ve made progress on all of these fronts over the past year. 

We increased visibility with the launch of ATO and API dashboards for our next-gen WAF — which, this year, was named a Customers’ Choice for Web Application Firewalls for the third time in a row. We integrated our web application and API protection solution with Okta’s identity and access management platform to expand the ability of organizations to better protect consumer identities without compromising the user experience. 

We made progress toward encouraging trust and privacy to become everyone’s job by making it easier to use our tools with security product updates that allow companies to expand their security teams with our expertise, and to consolidate their web app and API security solutions with right-sized packages to fit their needs

We also continue to focus on shrinking the attack surface with Compute@Edge, which is used to build, test, and deploy code in our serverless compute environment, by focusing on secure sandboxing. We’re taking this further by beginning to build our own secure products using Compute@Edge. We improved Compute@Edge’s observability capabilities and introduced secure local testing, and we introduced JavaScript support for Compute@Edge — without sacrificing security.

And, of course, we continue to invest in the future of the internet with an increased commitment to the Bytecode Alliance and WebAssembly, as well as participation in the groups that make and test internet protocols. For example, three of our team members are core members of the group that built (and edited the core set of documents for) the now RFC 9000 QUIC protocol.

We are also making progress on how we integrate Signal Sciences and Fastly together. We are one company with one contract, and we recently published details of one of the first examples of how using our network and our next-gen WAF you can receive more intelligent information in order to make more informed security decisions.

What comes next? 

In terms of realizing the vision that drove our acquisition of Signal Sciences, we’re making rapid progress integrating the Signal Sciences agent with our edge cloud platform, furthering our mission of empowering you to protect your apps and APIs in any environment — including at the edge. 

At a high level, we have now enabled initial agent set-up and provisioning, attack detection and blocking, and false positive mitigation. We’re working to ensure the edge deployment is fully production ready and provides full feature parity with the other next-gen WAF deployment methods, such as cloud-hosted containers, web server instances, and at various ingress points like API gateways. 

The agent integration at the edge provides you with another protection deployment method to shield origin systems by blocking attacks, while improving security decisioning. In short, combining the precision of Signal Sciences’ detection with the scale of our edge network will empower you to stop attacks sooner by enforcing security policies at the edge.

Why will this matter?

With security policy enforcement at the edge, application attacks (such as ATO, or SQLi) are stopped further away from the application, keeping attacks away from origins and back-end infrastructure. By leveraging powerful signal technology to write and push out rules in real-time, you can track suspicious requests and block attacks sooner. 

Edge cloud deployment will also allow you to utilize the massive scale of our edge network (130 Tbps) to stop DDoS attacks — both volumetric attacks and Layer 7 web attacks. With new research showing that a majority of companies either already use or expect to run their applications on APIs in the next two years, this type of layered defense architecture can promote increased protection for vulnerable applications.

Other benefits include decisioning at the origin and enforcement at the edge, another popular emerging architecture. With this deployment option, the edge will be able to perform actions like rate limiting or blocking based on response codes sent by our next-gen WAF (formerly Signal Sciences).

This programmatic flexibility will allow you to change where enforcement happens for different types of applications and services. And true to our mission to provide developers tools that work the way they want them too, once the integrated deployment is available, you’ll be able to choose the protection option that works best for you.

Going forward

The next evolution of the product landscape must be inherently secure, wildly performant, and easy for businesses to adopt as their own, regardless of architecture. With our own product updates, we're not only working to make more performant, flexible tooling for developers — we're engineering a more secure, resilient web as a whole.