Most Loved Security Company Chooses Most Trusted Web Defense

The challenge

Duo customers trust its leading authentication platform to ensure their security. "The cost associated with losing that trust would be astronomical," said Kwame Musonda, head of Global Site Reliability Engineering at Duo. Duo’s security team needed a defense solution that would allow them to see and secure a high volume of traffic without negatively impacting user experience or introducing additional security risks.

The solution

Duo chose Fastly to meet that need. With Fastly's Next-Gen WAF, Duo gained immediate security visibility and blocking with an architecture that operations teams were confident would scale without impacting performance.

The Cisco standard of 99.99% availability, with significantly fewer false positives
"We process about 2 billion authentications a month," said Kwame Musonda. That number is even more impressive when compared to the 70 billion events processed monthly by Fastly's Next-Gen WAF, of which roughly 7 million are blocked. Duo’s team has experienced a significant reduction in false positives with the WAF in blocking mode, compared to AWS WAF, which means legitimate customers can continue to authenticate while the malicious actors are stopped short. "It's great that the Next-Gen WAF can block so much malicious traffic and still allow us to provide that high reliability to our customers through authentications," Kwame Musonda said.

Solve problems faster with detailed traffic awareness
Knowing a request’s context makes a big difference when making decisions that protect Duo's customers. The Next-Gen WAF provides a breakdown of the specific types and sources of malicious traffic that it is blocking, which gives Duo's research team critical insights on possible security risks.

When Duo was acquired by Cisco, the company used Fastly's Next-Gen WAF to ensure compliance with the US Treasury's OFAC (Office of Foreign Assets Control) sanctions list, which had to happen immediately upon acquisition. "It was a piece of cake to do that with the Next Gen WAF. Setting up policies to block specific countries and regions was a few minutes of work, compared to hours of work." said Kwame Musonda.

Deploy quickly then get back to business
Duo was cautious in selecting a product that wouldn’t take a lot of resources to deploy, and one that wouldn’t itself become an attack surface. “We were really impressed with how easy deployment went. Dropping Fastly’s Next-Gen WAF into our existing highly-available architecture with minimal effort was critical to the project’s success,” said Nick Soulliere, former VP of Production Engineering at Duo. Fastly's patented module and agent architecture is guaranteed to fail-open—a big plus for Duo, according to Soulliere: "It hasn’t failed, but if it were to, it would fail gracefully, and that’s huge.”

The Next-Gen WAF also frees Duo's teams to focus on security without frequent tuning and retuning. "The Next-Gen WAF is one of the best products we've had because it's really set it and forget it," said Musonda.

Key takeaway

Duo retains customer confidence by maintaining high reliability while easily, consistently blocking malicious traffic using the Fastly Next Gen WAF. Insights gained from the Next-Gen WAF's visibility allows Duo to make better, faster decisions about how to protect its customers. "Being on our 10-year anniversary with Fastly is amazing," said Musonda. We're still excited about the simplicity and security that our Next-Gen WAF provides."