Our Elite and Enterprise customers currently using the Fastly CDN can now strengthen the protection of their web applications against a variety of different cyberattacks with our next-gen Fastly web application firewall (Next-Gen WAF) feature. But what exactly is Next-Gen WAF?
What is Next-Gen WAF and how does it work?
Next-Gen WAF is provided by Fastly, Platform.sh tech partner for our Advanced CDN features, and is deployed in the edge layer. It can therefore be used by customers who are already using the Fastly CDN. It was acquired by Fastly to be a replacement for the Fastly legacy WAF with a major benefit of the new Next-Gen WAF being that it leverages the Signal Sciences intelligent engine which analyzes incoming requests and blocks them automatically in the event of an attack.
Just like any regular Web Application Firewall, this smart system detects and blocks the usual OWASP top 10 threats added to your potential personal blocking rules. But what makes it high performing for your application security is the continuous learning algorithm via the Network Learning Exchange (NLX) which Signal Sciences has built to offer features such as:
- Account takeover (ATO) protection
- API protection
- Bot protection
- DDoS protection
- Edge rate limiting
And the benefits don’t stop there–with this new automated approach, permits avoid the manual maintenance of lists of rules and no longer need to worry about receiving false positives, they’re a thing of the past. And with 95% of users happily using fully automated mode, we’re definitely moving in the right direction. The Next-Gen WAF also works seamlessly, no matter the programming language, stack, application, or cloud provider you’re working with.
And finally, the best news is that on top of its strong security, the action of a Web Application Firewall being deployed at the edge–where the requests come in first–prevents the infrastructure from having to answer to non-legitimate requests. Limiting the load on the servers and the applications which enhances user experience and lowers energy consumption.
If you want to find out more about how Next-Gen WAF works, you can take a look on the Fastly documentation page or the Fastly Academy.
What’s Platform.sh NG WAF feature?
Our current Fastly legacy WAF is being deprecated by Fastly and won’t be supported or replaced by the Next-Gen WAF. All of our existing customers have been invited to migrate to the Next-Gen WAF with three options to choose from: Basic, Basic Configurable, and Advanced. Here’s everything you need to know:
Capability | Basic | Basic Configurable | Advanced |
Default attack signals | Y | Y | Y |
Default anomaly signals | Y | Y | Y |
Virtual Patching | N | Y, block only - by Platform.sh | Y - by customer |
Default dashboards | N | Y - by Platform.sh, manual, during QBRs | Y |
Custom response codes | N | N | Y - by customer |
Custom signals | N | N | Y- by customer |
Standard API & ATO signals | N | N | Y- by customer |
Edge Rate limiting | Y | Y | Y |
WAF mode | Block mode only | Block, not blocking, off modes - by Platform.sh | Block, not blocking, off modes - by customer |
How do I get the Next-Gen WAF?
Are you ready to make the most of the next-gen benefits of the Next-Gen WAF? Do you want to test it out for a few weeks to measure the immediate benefits? Or maybe you have a question on some of the new features mentioned above? We got you.
Get in touch with our team today and we can help you with all of the information you need to get started.