Cloud Security Solutions

You’re rapidly deploying and operating more applications in cloud, on-premise and hybrid environments. Malicious attacks continue to evolve from account takeover to API abuse and web app business logic attacks. Fastly can help with security solutions that keep your websites both secure and performant while empowering your organization to effectively detect threats before they impact your business.

Request a demo

Regardless of where your applications operate, Fastly can protect them at scale. We empower developers and security teams with solutions that provide visibility, control and actionable insights.


Award-winning protection and customer support 

Our innovation and effectiveness have been recognized by industry analysts: Gartner has recognized our next-gen WAF (formerly Signal Sciences) in the Gartner Magic Quadrant for Web Application and API Protection in each of the past three years. Our combination of superior customer support and technical capability resulted in also being named a Gartner Peer Insight Customers' Choice recipient three years in a row.

Flexible deployment and easy management 

Security should work with you, not against you. Fastly empowers your development, operations and security teams to deploy and effectively manage the protective capabilities that bolster your organization’s security posture.

Protection without impacting performance

Our DDoS, next-gen WAF and TLS offerings provide the protection and control you need, without sacrificing performance.

App security your developers will love

Security should be a core part of the application development lifecycle, not just bolted-on. Our security offerings provide software teams the visibility necessary to integrate security into the DevSecOps lifecycle.


Web application and API protection

Protect your web apps and APIs at scale, no matter how you deploy them. Our next-gen Web Application Firewall (WAF) and Runtime Application Self Protection (RASP) solution protects your organization’s entire application portfolio and provides the visibility that empowers DevOps teams to make their apps more resilient.

Learn more

DDoS mitigation

Fastly’s high-bandwidth, globally distributed network is built to absorb DDoS attacks. Our entire network acts as a DDoS scrubbing center, so you don’t sacrifice performance for protection.

Learn more

Bot protection

Our next-gen WAF offers complete protection against malicious bots that power account takeover (ATO), credential stuffing, and other advanced web attacks. Secure your apps and APIs from unwanted automated traffic with Fastly, or one of our bot solution partners.

Learn more

TLS encryption

Protect customer identities and the integrity of your website with TLS. Our TLS offerings deliver secure and trusted web experiences for your users. We terminate TLS connections closer to your end users and our network is built to handle heavy volumes of encrypted traffic without impacting performance.

Learn more

Key features

Flexible Deployment Options

Our web protection technology works anywhere in your technology stack, whether in cloud and containers or on-prem.

Advanced Rate Limiting

Our advanced rate limiting stops excessive web requests from negatively impacting application and API performance by identifying and blocking requests that could result in abusive actions with one-click controls.

DevSecOps integrations

With 100+ integrations with DevSecOps toolchains and datacenter platforms you gain cross-team visibility into security metrics, performance and trends—and your teams work faster with the tools they already love.

Scalable TLS Encryption

Get full control over your TLS certs via UI, API, or a white-glove service that can scale with the needs of your business.

OWASP Top 10 coverage

Our next-gen WAF provides coverage for the top 10 security vulnerabilities that impact web applications and other Layer 7 assets, as standardized by the Open Web Application Security Project (OWASP)

API Protection

With Fastly, customers can stop unauthorized API access and abuse that power Layer 7 attacks, without false positives, breaking applications, or frustrating users or business partners.

Account Takeover Protection

Fastly detects and stops account takeover (ATO) attempts at the web request, protecting customer authentication flows in applications and APIs while reducing fraud and impact on traffic resources.

Layer 3, 4 and 7 DDoS Protection

Fastly’s network layer (Layer 3 and 4) and application layer (Layer 7) DDoS protection safeguards your site integrity and user experience from the negative impacts of abusive traffic.

Bot Protection

Fastly's bot protection prevents bad bots from performing malicious actions against websites and APIs before they can negatively impact your bottom line and customer experience.

Container Security

Fastly provides a SaaS solution that deploys natively via any serverless application framework or "containers as a service" platform, or container orchestration tools like Kubernetes, inspecting East-West web requests and blocking malicious activity.

SOC2 Compliant

Our operational processes are SOC 2 compliant with the security, availability, processing integrity, confidentiality, and privacy standards as outlined by the American Institute of CPAs (AICPA), and determined by an independent auditor.

HIPAA Compliant

Our operational processes are HIPAA compliant to the technology in healthcare standards established by the U.S. HIPAA, as amended, and Health Information Technology for Economic and Clinical Health (HITECH) Act.

GDPR Compliant

Our privacy practices align to compliance with GDPR. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union.

PCI-DSS 6.6 Compliant

Our next-gen WAF can be used to fulfill PCI requirement 6.6 as a control for a Web Application Firewall. We have helped many customers complete a full PCI-DSS audit using our product to meet PCI-DSS 6.6.

Professional services

From initial deployment to 24/7 expert response, our Customer Security Operations Center (CSOC) and team of application security experts—technical account managers (TAM)—are here to help at every step. We offer:

Looking for more?


Next-Gen WAF product brief


Gartner Magic Quadrant for WAF report


DDoS Mitigation datasheet

Presentation video

What TLS 1.3 means for HTTPS

Get security you’ll actually use.

Request a demo