Response Security Service

Fastly offers Fastly Next-Gen WAF (powered by Signal Sciences) customers a Response Security Service (RSS) that provides your organization with enhanced access to our Customer Security Operations Center (CSOC) team and periodic consultation with a Designated Security Specialist for strategic security solutions reviews and planning. Together, Fastly’s CSOC team and your Designated Security Specialist support the design, implementation, and maintenance of your security solutions by assisting with initial configuration, requested maintenance, and attack support.

For more details about this product, including how to purchase it, contact your account manager or email

The following table summarizes what RSS provides:

Support offeringDetails
CSOC availability for general requests and inquiries24/7/365.
CSOC availability for critical security incidents24/7/365.
General inquiries response timesWithin 24 hours.
Customer-identified critical security incident response timesWithin 15 minutes of notice with active troubleshooting starting within 30 minutes of acknowledgement of incident severity.
Emergency phone numberIncluded.
Emergency email addressIncluded.
Dedicated chat channelIncluded.
Online self-service helpUnlimited access.
Virtual, self-paced trainingIncluded.
Quarterly reviewsUpon request, once per quarter, during US business hours.


  • "Business Hours" are 8AM-6PM during a Business Day in California or New York.
  • "Business Days" are Monday through Friday, excluding any day that is a US national holiday.
  • A "critical security incident" is an event that creates significant business impact or loss of availability for your production environments, or that threatens the integrity or confidentiality of your proprietary information.
  • "Fastly Control" means elements entirely under Fastly's control and not a consequence of (a) your hardware or software failures, (b) you or your end user's connectivity issues, (c) your operator errors, (d) traffic amounts that exceed your Permitted Utilization as defined in the Terms and Conditions, (e) your corrupted content, (f) acts of god (any) or war, or earthquakes, or terrorist actions.


To ensure accurate response to requests and incident reports, you must ensure your account contact information remains up-to-date. CSOC can help you verify this information at any time.

Response Security Service features

Fastly offers RSS for the term of your contractual agreement. It includes the following features.

Priority CSOC access

By purchasing RSS, you will be entitled to 24/7 access to Fastly's CSOC for assistance with incidents, configuration changes, and general inquiries. To receive this assistance, you may initiate contact via:

  • Phone number. You will receive a dedicated, toll-free phone number to initiate contact with Fastly's CSOC and to report critical security incidents. Fastly personnel can also establish audio and video conferencing (free app or browser plug-in required) for real-time voice and video communications.
  • Email address. You will receive an email address to initiate contact with Fastly's CSOC for general support questions as well as an emergency email address for reporting of critical security incidents.
  • Chat channel. You will receive a dedicated security chat channel for real-time communications to discuss general security product support and questions during business hours or as needed by Fastly personnel. Though subject to change, Fastly's current chat provider is Slack (

Each of these contact methods will be provided to you during your onboarding period.

Online help and virtual training

In addition to unlimited access to online self-service documentation at you will have access to virtual, self-paced Fastly Next-Gen WAF application training scenarios.

Quarterly reviews

At your request, Fastly will schedule 2-hour account check-ins during US business hours, up to one per quarter during the term of your subscription, with a Designated Security Specialist who will help you review configurations, consult with you on rule creation, review security product roadmaps with you, and discuss your overall security health. Because some review discussions require advance preparation, you must schedule them at least two weeks in advance by making a request via the provided RSS general support question email address. You won't be entitled to any refunds or credits for unused scheduled availability.

RSS support requests and response times

Fastly's response times and status updates vary based on request and incident severity.

General requests and inquiries

You may initiate general requests and inquiries by creating a ticket via the general support email address provided to RSS customers or by submitting a ticket via the Next-Gen WAF console and we will acknowledge your general outreach within two hours of its receipt. We will begin addressing your ticket within 24 hours of acknowledging its receipt and will provide status updates to you once daily on each subsequent day until the incident is resolved or is believed to be outside of Fastly's control.

Critical security incidents

Support for critical security incidents can only be initiated via the emergency email address provided to RSS customers (not chat) or by selecting the Urgent priority when submitting a ticket via the Next-Gen WAF console. The ultimate classification of a request submitted by either of these methods will be determined by Fastly based on various factors including input you provide.

Fastly will acknowledge your critical security incident outreach within 15 minutes of its receipt. If classified as a critical security incident, we will begin actively troubleshooting these incidents within 30 minutes of acknowledging your ticket and will provide an initial status update within an hour of acknowledging your ticket, with subsequent updates at least every 4 hours thereafter unless an alternative update cadence has been agreed upon. Fastly will continue to work until the incident impact has been mitigated or is believed to be outside of Fastly's control.

RSS response SLA and credit terms

If you have purchased RSS and, during a critical security incident, there is a material delay in response time and the cause of the delay is within Fastly's control, a one-time credit of $500 per incident will be credited to your account. Specifically:

  • Requests for invoice credits must be made within 30 days of the critical security incident that triggered the service credit.
  • All requests for invoice credits must be made to
  • In no event shall invoice credits exceed the fee for RSS payable by you for the month in which the invoice credits accrued.
  • A pending invoice credit does not release you from your obligation to pay Fastly's submitted invoices in full when due.
  • Invoice credits will be applied to the invoice generated two months following the month in which the credits were incurred.

If in any three-month period where three (3) or more support response time objectives are not met and the failure to meet the objectives materially adversely impacted you, you will have 30 days to terminate the RSS subscription following the third response failure. You must notify Fastly of your intention to terminate the RSS subscription within 30 days of the triggering event.


RSS has the following limitations:

  • Product applicability. This service only applies to the Fastly Next-Gen WAF product. No other products are included in this service.
  • Service monitoring. This is a reactive service, not a pro-active one. You must initiate all requests for action. Fastly does not monitor your services for security events or suspected attacks.
  • Origin administration and access. Fastly will not directly access or administer your origin systems at any time.
  • Third-party product administration. Fastly will not administer third-party products or services.
  • Identity Verification. For contacts via telephone, we encourage you to establish authentication methods to verify that individuals reporting issues via telephone are authorized to make inquiries or request changes to account configurations on your behalf. Authentication methods may include use of an account authorization passphrase, Slack challenge process, or email verification. If an individual reporting an issue via telephone is not able to have their identity verified, they may report issues but not receive any account information or initiate account changes and your account's administrators will be notified of requests or inquiries.
No security product, such as a WAF or DDoS mitigation product, including those security services offered by Fastly, will detect or prevent all possible attacks or threats. As a subscriber, you should maintain appropriate security controls on all web applications and origins. The use of Fastly's security products do not relieve you of this obligation. As a subscriber, you should test and validate the effectiveness of Fastly's security services to the extent possible prior to deploying these services in production, continuously monitor their performance, and adjust these services as appropriate to address changes in your web applications, origin services, and configurations of the other aspects of your Fastly services.

The Fastly Next-Gen WAF now collectively refers to the products that were previously known as the Signal Sciences Cloud WAF and Signal Sciences Next-Gen WAF. The functionality of those products has not changed as part of the new naming convention. Fastly Next-Gen WAF continues to be powered by Signal Sciences technology.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.