Share your experience using The Fastly Next-Gen WAF (powered by Signal Sciences)

The CDN is for caching and The Fastly Next-Gen WAF (powered by Signal Sciences) is for protecting the servers from malicious traffic. They both perform different jobs and serve different purposes, so they complement each other. We actually tried both deployment methods, but the cloud option is easier. For the on-premises option, you need to have all sensors installed in your cluster, which was not suitable for our use case.

We wanted to control everything through the cloud and then hit our servers before classifying whether the traffic is malicious or not. We wanted to have that logic offloaded to the cloud so we wouldn't have to manage it.

We tried both options but decided to go with the cloud deployment.

It is managed through Infrastructure as Code, so all configurations can be managed in the code itself, which is beneficial.

Because it uses rules, it is easy to set up, and we have many different sites where the configurations are straightforward. Though the UI is not very interactive, which is a downside, we can manage many things. The UI is not very intuitive and could be better. However, we manage all the configurations through code, which is easy to maintain.

It has extensive anomaly detection capabilities, so the traffic is classified into several categories where thresholds can be defined and customized based on false positives and false negatives. This is advantageous because you do not need to tweak it very often. Once you set it up, an audit once a quarter would suffice.

Because The Fastly Next-Gen WAF (powered by Signal Sciences) is API-driven, we have integrations with the CI/CD pipeline through GitHub Actions, making it easy to integrate.

We do use it, but the UI can be improved as we mostly work through the CI/CD.

It provides support, but sometimes it is hard to navigate unless you are very familiar with it.

It has the same support team handling all aspects of the service.

It provides support, but sometimes it is hard to navigate unless you are very familiar with it.

Neutral

We were using Akamai.

When you opt for the in-cloud deployment, there are multiple ways to deploy it on your servers in the containerization environment. You can implement it as a sidecar or as a proxy. It becomes a complex setup when you manage it in your environment. It is easier to be cloud-based, where all the deciding factors would be in the cloud, and then if everything passes, the request is passed through to the internal server.

The pricing is very competitive compared to other providers. The pricing is definitely a factor in our decision-making process.

The pricing and modern features are the positive aspects of The Fastly Next-Gen WAF (powered by Signal Sciences). Not having a point of presence in China is the downside. We tried different approaches to address this limitation.

The Fastly Next-Gen WAF (powered by Signal Sciences) was originally a different company's product, but Fastly acquired it and integrated it into their product portfolio. It provides all the necessary functionality. On a scale of 1-10, this solution rates a 7.

We use it to protect all our public-hosted sites. It's a replacement for Akamai. We migrated from Akamai to Fastly.

It gives us fully enhanced dashboards, making it easy to identify and allow or deny traffic based on the signals it provides. 

Fastly (Signal Sciences) integrates and tags the intermittent traffic based on patterns. It generates signals and provides them in a dashboard where we can view them and decide whether to allow or deny traffic. It's a more advanced and easy-to-navigate dashboard.

It has very similar features to Akamai but is more maintainable and has a different way of doing things. 

Feature-wise, it has everything Akamai has: CDN and caching. The advantage over Akamai is that it's in Varnish Configuration Language (VCL), so programmers understand how to create rules, hardening, and all that. Caching and everything else can be written as code.

Fastly don't support caching for China users. That's the only feature lacking compared to Akamai.

I have been using it for six months. Fastly is the CDN, and Signal Sciences provides the API protection. It's a WAF, a web application firewall, but Fastly acquired Signal Sciences, and now it's working as a single product: CDN plus WAF.

So far, the customer service and support have been good. They are quick, they are on top of things and we get responses in a day or two. Unless there's an incident, we don't expect them to be responding in less than a day. So far, it's good. I haven't seen any downtime in the last six months or a year, which is good.

We used Akamai before. We switched because of cost optimization. It's 50% less than Akamai. So, it is cost effective. 

Fastly can be provisioned through Infrastructure as Code (IaC). Akamai has that feature, but with Fastly, we can write the code and manage it in our Git repository. We don't need to go to the dashboards; you can deploy changes through your own repository. That's an advantage.

The initial setup was super easy. The migration was super easy. The only part we were missing was China cache. Other than that, it has everything Akamai was providing: image optimization, CDN, WAF, and all the other security aspects. The China cache was the one thing we were missing in Fastly, so we had to do it differently.

Deployment was a few weeks for the migration. If you're starting a brand new site, it's straightforward; maybe in a week or two, you can be up and running. But if it's a migration from a different CDN, it would probably take four to six weeks.

We wanted to know the caching rules and how teams were doing things differently, so we had each member from the team gather inputs. Then we migrated and started writing the VCL code.

It's very little maintenance. But with every draft, you need to periodically check the dashboard for anomalies and take action. Once a month or once a quarter, you need to do that exercise.

Moreover, there are a couple of integrations with other observability tools like Datadog and Slack. It's easy to enable access with SSL, Okta, and Flash teams.

We work with Fastly. We have quarterly reviews with them.

CDN is our primary thing, and it improved page speed and load times compared to Akamai. 

Fastly is super fast because they take a slightly different approach to caching. We see a lot of improvement in client experience and page speeds.

The pricing is 50% less than Akamai. 

It's a good product. We can manage SSL certificates within the CDN, and they're auto-renewed and auto-purchased outside the CDN, which is a cool feature. 

So, I would rate this product a nine out of ten. I recommend this product. If anyone is looking for a next-gen WAF and next-gen CDN, it's the best product I've come across.

It utilizes AI to enhance features, especially while tagging anomalies and traffic anomalies, but I'm not 100% sure. I've heard they're using some AI to identify bot traffic and malicious traffic.