Response Security Service
Last updated 2022-02-03
Fastly offers Fastly Next-Gen WAF (powered by Signal Sciences) customers a Response Security Service (RSS) that provides your organization with enhanced access to our Customer Security Operations Center (CSOC) team and periodic consultation with a Designated Security Specialist for strategic security solutions reviews and planning. Together, Fastly’s CSOC team and your Designated Security Specialist support the design, implementation, and maintenance of your security solutions by assisting with initial configuration, requested maintenance, and attack support.
The following table summarizes what RSS provides:
|CSOC availability for general requests and inquiries||24/7/365.|
|CSOC availability for critical security incidents||24/7/365.|
|General inquiries response times||Within 24 hours.|
|Critical security incident response times||Within 15 minutes of notice with active troubleshooting starting within 30 minutes of acknowledgement of incident severity.|
|Emergency phone number||Included.|
|Emergency email address||Included.|
|Dedicated chat channel||Included.|
|Online self-service help||Unlimited access.|
|Virtual, self-paced training||Included.|
|Quarterly reviews||Upon request, once per quarter, during US business hours.|
- "Business hours" are 8AM-6PM during a business day in California or New York.
- "Business days" are Monday through Friday, excluding any day that is a US national holiday.
- A "critical security incident" is an event that creates significant business impact or loss of availability for your production environments, or that threatens the integrity or confidentiality of your proprietary information.
- "Fastly control" means elements entirely under Fastly's control and within its products’ capabilities, and not a consequence of (a) your hardware or software failures or those of a third party, (b) you or your end user's connectivity issues, (c) operator errors by your employees, (d) alteration, modification, unauthorized or misuse of Fastly products, or use not in accordance with the documentation, (e) your corrupted content, and (f) acts of god (any) or war, or earthquakes, or terrorist actions.
To purchase and use RSS, you must also purchase a Premier Platform subscription for Fastly Next-Gen WAF.
To ensure accurate response to requests and incident reports, you must ensure your account contact information remains up-to-date. CSOC can help you verify this information at any time.
Response Security Service features
Fastly offers RSS for the term of your contractual agreement. It includes the following features.
Priority CSOC access
By purchasing RSS, you will be entitled to 24/7 access to Fastly's CSOC for assistance with incidents, configuration changes, and general inquiries. To receive this assistance, you may initiate contact via:
- Phone number. You will receive a dedicated, toll-free phone number to initiate contact with Fastly's CSOC and to report critical security incidents. Fastly personnel can also establish audio and video conferencing (free app or browser plug-in required) for real-time voice and video communications.
- Email address. You will receive an email address to initiate contact with Fastly's CSOC for general support questions as well as an emergency email address for reporting of critical security incidents.
- Chat channel. You will receive a dedicated security chat channel for real-time communications to discuss general security product support and questions during business hours or as needed by Fastly personnel. Though subject to change, Fastly's current chat provider is Slack (www.slack.com).
Each of these contact methods will be provided to you during your onboarding period.
Online help and virtual training
In addition to unlimited access to online self-service documentation at docs.fastly.com and developer.fastly.com, you will have access to virtual, self-paced Fastly Next-Gen WAF application training scenarios.
At your request, Fastly will schedule 2-hour account check-ins during US business hours, up to one per quarter during the term of your subscription, with a Designated Security Specialist who will help you review configurations, consult with you on rule creation, review security product roadmaps with you, and discuss your overall security health. Because some review discussions require advance preparation, you must schedule them at least two weeks in advance by making a request via the provided RSS general support question email address. You won't be entitled to any refunds or credits for unused scheduled availability.
RSS support requests and response times
Fastly's response times and status updates vary based on request and incident severity.
General requests and inquiries
You may initiate general requests and inquiries by creating a ticket via the general support email address provided to RSS customers or by submitting a ticket via the Signal Sciences console and we will acknowledge your general outreach within two hours of its receipt. We will begin addressing your ticket within 24 hours of acknowledging its receipt and will provide status updates to you once daily on each subsequent day until the incident is resolved or is believed to be outside of Fastly's control.
Critical security incidents
Support for critical security incidents can only be initiated via the emergency email address provided to RSS customers (not chat) or by selecting the Urgent priority when submitting a ticket via the Signal Sciences console. The ultimate classification of a request submitted by either of these methods will be determined by Fastly based on various factors including input you provide.
Fastly will acknowledge your critical security incident outreach within 15 minutes of its receipt. If classified as a critical security incident, we will begin actively troubleshooting these incidents within 30 minutes of acknowledging your ticket and will provide an initial status update within an hour of acknowledging your ticket, with subsequent updates at least every 4 hours thereafter unless an alternative update cadence has been agreed upon. Fastly will continue to work until the incident impact has been mitigated or is believed to be outside of Fastly's control.
RSS response SLA and credit terms
If you have purchased RSS and, during a critical security incident, there is a material delay in response time and the cause of the delay is within Fastly's control, a one-time credit of $500 per incident will be credited to your account. Specifically:
- Requests for invoice credits must be made within 30 days of the critical security incident that triggered the service credit.
- All requests for invoice credits must be made to email@example.com.
- In no event shall invoice credits exceed the fee for RSS payable by you for the month in which the invoice credits accrued.
- A pending invoice credit does not release you from your obligation to pay Fastly's submitted invoices in full when due.
- Invoice credits will be applied to the invoice generated two months following the month in which the credits were incurred.
If in any three-month period where three (3) or more support response time objectives are not met and the failure to meet the objectives materially adversely impacted you, you will have 30 days to terminate the RSS subscription following the third response failure. You must notify Fastly of your intention to terminate the RSS subscription within 30 days of the triggering event.
RSS has the following limitations:
- Product applicability. This service only applies to the Fastly Next-Gen WAF product. No other products are included in this service.
- Service monitoring. This is a reactive service, not a pro-active one. You must initiate all requests for action. Fastly does not monitor your services for security events or suspected attacks.
- Origin administration and access. Fastly will not directly access or administer your origin systems at any time.
- Third-party product administration. Fastly will not administer third-party products or services.
- Identity Verification. For contacts via telephone, we encourage you to establish authentication methods to verify that individuals reporting issues via telephone are authorized to make inquiries or request changes to account configurations on your behalf. Authentication methods may include use of an account authorization passphrase, Slack challenge process, or email verification. If an individual reporting an issue via telephone is not able to have their identity verified, they may report issues but not receive any account information or initiate account changes and your account's administrators will be notified of requests or inquiries.
No security product, such as a WAF or DDoS mitigation product, including those security services offered by Fastly, will detect or prevent all possible attacks or threats. You should maintain appropriate security controls on all web applications and origins, and the use of Fastly's security products do not relieve you of this obligation. You should test and validate the effectiveness of Fastly's security services to the extent possible prior to deploying them in production, and you should continuously monitor their performance and adjust the services as appropriate to address changes in your web applications, origin services, and configurations of the other aspects of your Fastly services.