Share your experience using The Fastly Next-Gen WAF (powered by Signal Sciences)

We use it to protect all our public-hosted sites. It's a replacement for Akamai. We migrated from Akamai to Fastly.

It gives us fully enhanced dashboards, making it easy to identify and allow or deny traffic based on the signals it provides. 

Fastly (Signal Sciences) integrates and tags the intermittent traffic based on patterns. It generates signals and provides them in a dashboard where we can view them and decide whether to allow or deny traffic. It's a more advanced and easy-to-navigate dashboard.

It has very similar features to Akamai but is more maintainable and has a different way of doing things. 

Feature-wise, it has everything Akamai has: CDN and caching. The advantage over Akamai is that it's in Varnish Configuration Language (VCL), so programmers understand how to create rules, hardening, and all that. Caching and everything else can be written as code.

Fastly don't support caching for China users. That's the only feature lacking compared to Akamai.

I have been using it for six months. Fastly is the CDN, and Signal Sciences provides the API protection. It's a WAF, a web application firewall, but Fastly acquired Signal Sciences, and now it's working as a single product: CDN plus WAF.

So far, the customer service and support have been good. They are quick, they are on top of things and we get responses in a day or two. Unless there's an incident, we don't expect them to be responding in less than a day. So far, it's good. I haven't seen any downtime in the last six months or a year, which is good.

We used Akamai before. We switched because of cost optimization. It's 50% less than Akamai. So, it is cost effective. 

Fastly can be provisioned through Infrastructure as Code (IaC). Akamai has that feature, but with Fastly, we can write the code and manage it in our Git repository. We don't need to go to the dashboards; you can deploy changes through your own repository. That's an advantage.

The initial setup was super easy. The migration was super easy. The only part we were missing was China cache. Other than that, it has everything Akamai was providing: image optimization, CDN, WAF, and all the other security aspects. The China cache was the one thing we were missing in Fastly, so we had to do it differently.

Deployment was a few weeks for the migration. If you're starting a brand new site, it's straightforward; maybe in a week or two, you can be up and running. But if it's a migration from a different CDN, it would probably take four to six weeks.

We wanted to know the caching rules and how teams were doing things differently, so we had each member from the team gather inputs. Then we migrated and started writing the VCL code.

It's very little maintenance. But with every draft, you need to periodically check the dashboard for anomalies and take action. Once a month or once a quarter, you need to do that exercise.

Moreover, there are a couple of integrations with other observability tools like Datadog and Slack. It's easy to enable access with SSL, Okta, and Flash teams.

We work with Fastly. We have quarterly reviews with them.

CDN is our primary thing, and it improved page speed and load times compared to Akamai. 

Fastly is super fast because they take a slightly different approach to caching. We see a lot of improvement in client experience and page speeds.

The pricing is 50% less than Akamai. 

It's a good product. We can manage SSL certificates within the CDN, and they're auto-renewed and auto-purchased outside the CDN, which is a cool feature. 

So, I would rate this product a nine out of ten. I recommend this product. If anyone is looking for a next-gen WAF and next-gen CDN, it's the best product I've come across.

It utilizes AI to enhance features, especially while tagging anomalies and traffic anomalies, but I'm not 100% sure. I've heard they're using some AI to identify bot traffic and malicious traffic.

The product's most valuable feature is its ability to set up the rules easily. The agent-based approach allows for efficient policy control per agent, simplifying managing rules for various websites or apps hosted on platforms like AWS or Azure.

The areas that could be improved in Signal Sciences include the effectiveness of rules, as many didn't function optimally and required custom rule-writing to address bypasses for WAF. Additionally, the agent-based approach presents challenges with managing agents across versions and dependencies on specific application platforms like Apache or NGINX, leading to compatibility issues and complexity in integration. This agent-based system proved particularly difficult to manage.

We have been using Signal Sciences for two years.

The product has high stability.

We have around 500 to 600 systems running on Signal Sciences.

We contacted the technical support team during migration from one of the agent approaches to the reverse proxy method. We had to call them multiple times. The services could be better. However, we received assistance from an executive who knew how to set it up.

The initial setup for Signal Sciences is challenging. It requires technical expertise. Various factors, such as the operating system, web server, and their respective versions, need meticulous consideration. It leads to multiple potential points of failure, resulting in numerous errors during setup. It is not easy, similar to solutions like Amazon WAF, which offer a streamlined deployment process with just a few clicks.

The product has an affordable cost.

We did evaluate Cloudflare and Barracuda. We went with Signal Sciences as it is most cost-optimal. This led to the decision to proceed with the product particularly due to its compatibility with Kubernetes and the utilization of a reverse proxy agent in deployment. Its cost-effectiveness at that time, especially considering Fastly acquired it, made it a relatively more affordable option than others.

I advise others to make a purchase decision depending on the budget. If they have a budget, they should go with Cloudflare. I have used Signal Sciences, Azure, and AWS. They need to work more efficiently to protect web applications.

I rate Signal Sciences a six out of ten. It has good granularity features, but maintenance and agent approaches could be more convenient.