Security
Cloud Security Solutions
You’re rapidly deploying and operating more applications in cloud, on-premise and hybrid environments. Malicious attacks continue to evolve from account takeover to API abuse and web app business logic attacks. Fastly can help with security solutions that keep your websites both secure and performant while empowering your organization to effectively detect threats before they impact your business.
Request a demoRegardless of where your applications operate, Fastly can protect them at scale. We empower developers and security teams with solutions that provide visibility, control and actionable insights.
Benefits
Award-winning protection and customer support
Our innovation and effectiveness have been recognized by industry analysts: Gartner has recognized our next-gen WAF (formerly Signal Sciences) in the Gartner Magic Quadrant for Web Application and API Protection in each of the past three years. Our combination of superior customer support and technical capability resulted in also being named a Gartner Peer Insight Customers' Choice recipient three years in a row.
Flexible deployment and easy management
Security should work with you, not against you. Fastly empowers your development, operations and security teams to deploy and effectively manage the protective capabilities that bolster your organization’s security posture.
Protection without impacting performance
Our DDoS, next-gen WAF and TLS offerings provide the protection and control you need, without sacrificing performance.
App security your developers will love
Security should be a core part of the application development lifecycle, not just bolted-on. Our security offerings provide software teams the visibility necessary to integrate security into the DevSecOps lifecycle.
Products
Web application and API protection
Protect your web apps and APIs at scale, no matter how you deploy them. Our next-gen Web Application Firewall (WAF) and Runtime Application Self Protection (RASP) solution protects your organization’s entire application portfolio and provides the visibility that empowers DevOps teams to make their apps more resilient.
Learn moreDDoS mitigation
Fastly’s high-bandwidth, globally distributed network is built to absorb DDoS attacks. Our entire network acts as a DDoS scrubbing center, so you don’t sacrifice performance for protection.
Learn moreBot protection
Our next-gen WAF offers complete protection against malicious bots that power account takeover (ATO), credential stuffing, and other advanced web attacks. Secure your apps and APIs from unwanted automated traffic with Fastly, or one of our bot solution partners.
Learn moreTLS encryption
Protect customer identities and the integrity of your website with TLS. Our TLS offerings deliver secure and trusted web experiences for your users. We terminate TLS connections closer to your end users and our network is built to handle heavy volumes of encrypted traffic without impacting performance.
Learn moreKey features
Configurability
Our web protection technology works anywhere in your technology stack, whether in cloud and containers or on-prem.
Our advanced rate limiting stops excessive web requests from negatively impacting application and API performance by identifying and blocking requests that could result in abusive actions with one-click controls.
With 100+ integrations with DevSecOps toolchains and datacenter platforms you gain cross-team visibility into security metrics, performance and trends—and your teams work faster with the tools they already love.
Protection
Get full control over your TLS certs via UI, API, or a white-glove service that can scale with the needs of your business.
Our next-gen WAF provides coverage for the top 10 security vulnerabilities that impact web applications and other Layer 7 assets, as standardized by the Open Web Application Security Project (OWASP)
With Fastly, customers can stop unauthorized API access and abuse that power Layer 7 attacks, without false positives, breaking applications, or frustrating users or business partners.
Fastly detects and stops account takeover (ATO) attempts at the web request, protecting customer authentication flows in applications and APIs while reducing fraud and impact on traffic resources.
Fastly’s network layer (Layer 3 and 4) and application layer (Layer 7) DDoS protection safeguards your site integrity and user experience from the negative impacts of abusive traffic.
Fastly's bot protection prevents bad bots from performing malicious actions against websites and APIs before they can negatively impact your bottom line and customer experience.
Fastly provides a SaaS solution that deploys natively via any serverless application framework or "containers as a service" platform, or container orchestration tools like Kubernetes, inspecting East-West web requests and blocking malicious activity.
Compliance
Our operational processes are SOC 2 compliant with the security, availability, processing integrity, confidentiality, and privacy standards as outlined by the American Institute of CPAs (AICPA), and determined by an independent auditor.
Our operational processes are HIPAA compliant to the technology in healthcare standards established by the U.S. HIPAA, as amended, and Health Information Technology for Economic and Clinical Health (HITECH) Act.
Our privacy practices align to compliance with GDPR. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union.
Our next-gen WAF can be used to fulfill PCI requirement 6.6 as a control for a Web Application Firewall. We have helped many customers complete a full PCI-DSS audit using our product to meet PCI-DSS 6.6.
Professional services
From initial deployment to 24/7 expert response, our Customer Security Operations Center (CSOC) and team of application security experts—technical account managers (TAM)—are here to help at every step. We offer:
Implementation and deployment services
Essentials services
Training courses

Looking for more?
Datasheet
Next-Gen WAF product brief
Report
Gartner Magic Quadrant for WAF report
Datasheet
DDoS Mitigation datasheet
Presentation video