Decipher DDoS with Fastly DDoS Protection’s latest update
DDoS attacks have changed. As organizations moved to the cloud and started using content delivery networks, traditional network-based DDoS attacks became less effective because these systems have more bandwidth than attackers can overwhelm. In recent years, attackers have shifted focus to the application layer, where they can launch frequent attacks quickly, resulting in latency, downtime, and prolonged outages on applications and APIs that generate critical revenue for the organization.
Fastly security research found that from July 1, 2023, to October 12, 2023, 50% of DDoS attacks observed were under 52 seconds long. Mitigating such brief attacks can’t rely on human intervention. Alternatively, where static rate limits were once a key component of a solution, with many variables to consider and implications when implemented anything less than perfectly, they leave gaps attackers can circumvent.
To combat these challenges, organizations increasingly rely on automated, adaptive solutions like Fastly DDoS Protection to combat sophisticated attacks. However, these tools carry significant responsibility. Imagine a solution that “detects” a DDoS attack originating from the U.S. or a single ASN and blindly blocks all traffic from that source, taking legitimate users down with it. Unacceptable. While most solutions (hopefully all) avoid such blunt actions, how can you be sure – do you have to trust a risk score or comb through the logs to validate efficacy?
We think there's a better way and are excited to share our latest update to Fastly DDoS Protection.
Meet the Attack Insights update
We’ve discussed at length how quick and powerful Fastly DDoS Protection’s Attribute Unmasking engine is, and now you don’t need to take our word for it. The latest update brings events, event details, and rule details to all customers using Fastly DDoS Protection.
A spike on a traffic chart may represent a single DDoS attack or multiple attacks occurring simultaneously. To help you tell the difference, we’re introducing events (Image 1).
Image 1: Events table
An event represents a single suspected attack on your service, and you can expect to see multiple if you receive more than one unique attack at the same time. Clicking into any event offers insight into when the attack started, traffic patterns, whether it’s ongoing, and mitigation rules. Events make it easy to understand the attacks hitting your organization.
The rules Fastly DDoS Protection’s Attribute Unmasking technique creates are custom-crafted to mitigate attacks on your applications and APIs without impacting legitimate traffic, and now you can explore them. From the rule details, you can see a summary of the attributes that Fastly DDoS Protection is blocking and the traffic impacted (Image 2).
Image 1: Fastly DDoS Protection automatically generated rule example
You can quickly validate the efficacy of mitigation rules with this information. Take the example above – the rule was built in seconds to mitigate an attack on a major retail organization. We are confident in the efficacy of the mitigation because:
A single IP sent such a high volume of requests that Fastly DDoS Protection detected it as an attack
The user agent is a known enumeration tool used by cyber attackers
The path they were targeting doesn’t exist for this customer
The entirety of surplus attack traffic came from a single country that the organization doesn’t typically receive this volume of end users from
Where other competitive solutions are popularizing their ability to block in milliseconds using static rules that may be prone to errors over time (especially with the rise of AI usage by attackers), Fastly DDoS Protection rapidly, automatically custom-crafts every rule with this level of tailored accuracy and visibility so you can rest easy knowing you’re protected.
Automatically mitigate DDoS attacks with confidence
Trusting that your solution effectively mitigates application DDoS attacks without impacting legitimate traffic is one thing, but Fastly DDoS Protection’s Attack Insights update lets you verify it's the reality. You now have everything needed to see how effectively we’ll keep your applications and APIs protected from attacks so you can continue to generate online revenue without worry or fail. Start leveraging our adaptive technology today and get up to 500,000 requests for free, or contact our team to learn more.
