Response Security Service
Last updated 2023-02-07
Fastly offers Fastly Next-Gen WAF (powered by Signal Sciences) customers a Response Security Service (RSS) that provides your organization with enhanced access to our Customer Security Operations Center (CSOC) team and periodic consultation with a Designated Security Specialist for strategic security solutions reviews and planning. Together, Fastly’s CSOC team and your Designated Security Specialist support the design, implementation, and maintenance of your security solutions by assisting with initial configuration, requested maintenance, and attack support.
For more details about this product, including how to purchase it, contact your account manager or email email@example.com.
The following table summarizes what RSS provides:
|CSOC availability for general requests and inquiries||24/7/365.|
|CSOC availability for critical security incidents||24/7/365.|
|General inquiries response times||Within 24 hours.|
|Customer-identified critical security incident response times||Within 15 minutes of notice with active troubleshooting starting within 30 minutes of acknowledgement of incident severity.|
|Emergency phone number||Included.|
|Emergency email address||Included.|
|Dedicated chat channel||Included.|
|Online self-service help||Unlimited access.|
|Virtual, self-paced training||Included.|
|Quarterly reviews||Upon request, once per quarter, during US business hours.|
- "Business Hours" are 8AM-6PM during a Business Day in California or New York.
- "Business Days" are Monday through Friday, excluding any day that is a US national holiday.
- A "critical security incident" is an event that creates significant business impact or loss of availability for your production environments, or that threatens the integrity or confidentiality of your proprietary information.
- "Fastly Control" means elements entirely under Fastly's control and not a consequence of (a) your hardware or software failures, (b) you or your end user's connectivity issues, (c) your operator errors, (d) traffic amounts that exceed your Permitted Utilization as defined in the Terms and Conditions, (e) your corrupted content, (f) acts of god (any) or war, or earthquakes, or terrorist actions.
To ensure accurate response to requests and incident reports, you must ensure your account contact information remains up-to-date. CSOC can help you verify this information at any time.
Fastly offers RSS for the term of your contractual agreement. It includes the following features.
By purchasing RSS, you will be entitled to 24/7 access to Fastly's CSOC for assistance with incidents, configuration changes, and general inquiries. To receive this assistance, you may initiate contact via:
- Phone number. You will receive a dedicated, toll-free phone number to initiate contact with Fastly's CSOC and to report critical security incidents. Fastly personnel can also establish audio and video conferencing (free app or browser plug-in required) for real-time voice and video communications.
- Email address. You will receive an email address to initiate contact with Fastly's CSOC for general support questions as well as an emergency email address for reporting of critical security incidents.
- Chat channel. You will receive a dedicated security chat channel for real-time communications to discuss general security product support and questions during business hours or as needed by Fastly personnel. Though subject to change, Fastly's current chat provider is Slack (www.slack.com).
Each of these contact methods will be provided to you during your onboarding period.
In addition to unlimited access to online self-service documentation at docs.fastly.com and developer.fastly.com, you will have access to virtual, self-paced Fastly Next-Gen WAF application training scenarios.
At your request, Fastly will schedule 2-hour account check-ins during US business hours, up to one per quarter during the term of your subscription, with a Designated Security Specialist who will help you review configurations, consult with you on rule creation, review security product roadmaps with you, and discuss your overall security health. Because some review discussions require advance preparation, you must schedule them at least two weeks in advance by making a request via the provided RSS general support question email address. You won't be entitled to any refunds or credits for unused scheduled availability.
Fastly's response times and status updates vary based on request and incident severity.
You may initiate general requests and inquiries by creating a ticket via the general support email address provided to RSS customers or by submitting a ticket via the Signal Sciences console and we will acknowledge your general outreach within two hours of its receipt. We will begin addressing your ticket within 24 hours of acknowledging its receipt and will provide status updates to you once daily on each subsequent day until the incident is resolved or is believed to be outside of Fastly's control.
Support for critical security incidents can only be initiated via the emergency email address provided to RSS customers (not chat) or by selecting the Urgent priority when submitting a ticket via the Signal Sciences console. The ultimate classification of a request submitted by either of these methods will be determined by Fastly based on various factors including input you provide.
Fastly will acknowledge your critical security incident outreach within 15 minutes of its receipt. If classified as a critical security incident, we will begin actively troubleshooting these incidents within 30 minutes of acknowledging your ticket and will provide an initial status update within an hour of acknowledging your ticket, with subsequent updates at least every 4 hours thereafter unless an alternative update cadence has been agreed upon. Fastly will continue to work until the incident impact has been mitigated or is believed to be outside of Fastly's control.
If you have purchased RSS and, during a critical security incident, there is a material delay in response time and the cause of the delay is within Fastly's control, a one-time credit of $500 per incident will be credited to your account. Specifically:
- Requests for invoice credits must be made within 30 days of the critical security incident that triggered the service credit.
- All requests for invoice credits must be made to firstname.lastname@example.org.
- In no event shall invoice credits exceed the fee for RSS payable by you for the month in which the invoice credits accrued.
- A pending invoice credit does not release you from your obligation to pay Fastly's submitted invoices in full when due.
- Invoice credits will be applied to the invoice generated two months following the month in which the credits were incurred.
If in any three-month period where three (3) or more support response time objectives are not met and the failure to meet the objectives materially adversely impacted you, you will have 30 days to terminate the RSS subscription following the third response failure. You must notify Fastly of your intention to terminate the RSS subscription within 30 days of the triggering event.
RSS has the following limitations:
- Product applicability. This service only applies to the Fastly Next-Gen WAF product. No other products are included in this service.
- Service monitoring. This is a reactive service, not a pro-active one. You must initiate all requests for action. Fastly does not monitor your services for security events or suspected attacks.
- Origin administration and access. Fastly will not directly access or administer your origin systems at any time.
- Third-party product administration. Fastly will not administer third-party products or services.
- Identity Verification. For contacts via telephone, we encourage you to establish authentication methods to verify that individuals reporting issues via telephone are authorized to make inquiries or request changes to account configurations on your behalf. Authentication methods may include use of an account authorization passphrase, Slack challenge process, or email verification. If an individual reporting an issue via telephone is not able to have their identity verified, they may report issues but not receive any account information or initiate account changes and your account's administrators will be notified of requests or inquiries.
The Fastly Next-Gen WAF now collectively refers to the products that were previously known as the Signal Sciences Cloud WAF and Signal Sciences Next-Gen WAF. The functionality of those products has not changed as part of the new naming convention. Fastly Next-Gen WAF continues to be powered by Signal Sciences technology.