Signal Sciences Cloud WAF

      Last updated March 08, 2021

    The Signal Sciences Cloud WAF (Cloud WAF) is an application security monitoring system that monitors for suspicious and anomalous web traffic and protects against attacks directed at the applications and origin servers that you specify.

    Cloud WAF

    Cloud WAF analyzes inbound traffic to your applications and origin servers to detect and identify threats and attacks. When enough attacks are seen from an IP address, Cloud WAF determines whether to allow the request, block the request, tag the request with signals, flag the IP address, or rate limit the IP address. You can choose to enable or disable the blocking feature.

    Enabling Cloud WAF doesn’t require modifications to your applications or origin servers. In order to use Cloud WAF, you must upload a TLS certificate, add an origin server using the Signal Sciences Hosted Dashboard, and update your DNS records to point to the appropriate servers.

    Threat Intelligence

    As part of Cloud WAF, we may aggregate the attack data collected from Cloud WAF and combine it with data collected from security and other services offered as part of the Fastly platform, including for other subscribers. We use these data insights (Threat Intelligence) to analyze and detect potential future anomalies or attacks and to improve, secure, provide, and market Fastly services in a manner that does not associate the Threat Intelligence with or identify any subscriber. For example, you receive the benefits of this Threat Intelligence via the Network Learning Exchange (NLX) feature that adds a unique signal to information in the Hosted Dashboard and NLX alerts you to potential bad actors that have been identified elsewhere in the subscriber network.

    Signal Sciences Cloud DDoS

    Signal Sciences Cloud DDoS (Cloud DDoS) is an always-on service integrated in the Cloud WAF infrastructure that examines inbound traffic to detect and mitigate DDoS attacks before they reach the applications and origin servers that you specify. Cloud DDoS uses automated mitigation techniques to stop common network protocol-based floods including SYN floods and reflection attacks using UDP, DNS, NTP, and SSDP. Cloud DDoS requires no additional installation or maintenance.

    Signal Sciences Hosted Dashboard

    The Signal Sciences Hosted Dashboard (Hosted Dashboard) is a web interface that you can use to investigate anomalous web traffic and see what actions, if any, Cloud WAF performed in response to certain requests. You can also use the Hosted Dashboard to create Workspaces. A Workspace is a user-defined set of rules and settings for applications and origin servers. The Hosted Dashboard allows you to create multiple Workspaces to differentiate between one or more APIs, microservices, or web applications. For each Workspace, you can use the Hosted Dashboard to add rules for requests, configure site alert thresholds, and add integrations to other systems.

    API

    The Signal Sciences Application Programming Interface (API) allows you to integrate your applications and services with the Cloud WAF. It uses standard HTTP response codes and verbs to allow you to programmatically control all the same features that are available through the Hosted Dashboard. The Signal Sciences API provides a variety of endpoints that we document in our API reference documentation.

    Control over data sharing

    Cloud WAF gives you control over data shared with Fastly. The Hosted Services (defined below) component of Cloud WAF does not create copies of or store your data as it passes through. The security components of Cloud WAF do not require transmission or collection of any sensitive or personally identifiable information to function other than IP addresses that are identified as the initiator of anomalous or suspicious requests and related metadata. The hosted agents and modules are designed to automatically redact other sensitive or personally identifiable information in fields that are known to commonly contain sensitive or personally identifiable information before transmission to Fastly. Also, the hosted agents and modules allow you to manually configure them via the Hosted Dashboard to redact any sensitive information or other information not needed to be transmitted to Fastly, other than the limited data required for the functionality of the security components of Cloud WAF. Together, the full data stream going through Cloud WAF is not copied or retained by Fastly, and, if properly configured, the portion of that data stream that is evaluated by the security components of Cloud WAF and shared with Fastly will not include your sensitive information other than the IP addresses identified as the initiator of anomalous or suspicious requests.

    Documentation

    We provide documentation for the Cloud WAF in the Signal Sciences Help Center.

    Billing

    We bill you as specified in your applicable ordering document, according to the number of Workspaces, the average requests per second (RPS) processed by the Cloud WAF, and the overall traffic flowing through the Hosted Services (defined below) in terabytes (TBs). We measure months according to Coordinated Universal Time (UTC).

    Subscriber responsibilities

    As a Subscriber, you can identify and maintain up to five points of contact for support communications. All support requests must be initiated from and communicated through the designated points of contact.

    Support channels and response times

    Fastly provides customer support via the support channels listed below.

    Support tickets

    Cloud WAF includes access to a support portal that allows you to submit requests for support online, update existing support tickets, and track the status of support tickets. As part of submitting a request via the support portal, you may designate a proposed severity level for the issue being reported, but the ultimate classification of a request will be determined by Fastly based on various factors including input you provide.

    Email

    Fastly's technical support staff can be contacted via support@signalsciences.com during standard business hours. All support tickets generated by email will be designated with a P2 severity level.

    Response times

    The following table summarizes the response times based on the severity of the reported issue.

    Severity Level Description Response Time Updates
    P0 Urgent - Critical Impact: A Confirmed Error in a production environment makes the solution, its features, or its functionality completely unavailable to users. 60 minutes or less (24/7/365) Every 2 hours (24/7/365)
    P1 High - Serious Impact: A Confirmed Error in a production environment causes significant loss functionality for a primary feature of the solution that has notable impacts to customer business. 4 business hours Every 12 business hours
    P2 Normal - Minor Impact: A Confirmed Error in a production environment causes partial loss of functionality of a non-significant feature or a significant cosmetic issue with the web interface. Any errors in a non-production environment are identified. 1 business day Every 4 business days
    P3 Low - Minor Impact: Minor cosmetic issues with the web interface are identified. Also applicable to feature requests and general questions about functionality. 2 business days Not applicable

    Definitions

    SLA

    Fastly endeavors to maintain 99.9% availability of the Cloud WAF and the Hosted Dashboard.

    SLA for Hosted Services

    Subscribers experiencing unavailability of the hosted infrastructure component of Cloud WAF (Hosted Services) will be entitled to service credits according to the following table.

    Monthly Availability of Hosted Services Service Credit % of Pro-rated Monthly Cloud WAF Subscription Fees
    <99.9-99.0 5%
    <99.0%-98.5% 10%
    <98.5%-98.0% 15%
    <98.0% 20%

    "Availability" of the Hosted Services is calculated as follows: ([# of minutes in month]-[# of minutes per month the Hosted Services is Unavailable]) / [# of minutes in month].

    "Unavailable" with respect to the Hosted Services means the Hosted Services are not available to process traffic or communicate with Hosted Dashboard, excluding (a) unavailability caused by issues not under Fastly Control or (b) unavailability that does not last for a consecutive ten-minute period.

    "Fastly Control" means elements entirely under Fastly's control and not a consequence of (a) Subscriber or third party hardware or software failures, (b) Subscriber or end user connectivity issues, (c) Subscriber operator errors, (d) alteration, modification, unauthorized or misuse of Fastly products, or use not in accordance with the documentation, (e) corrupted Subscriber content, or (f) acts of god (any) or war, or earthquakes, or terrorist actions.

    SLA for Hosted Dashboard

    Subscribers experiencing unavailability of the Hosted Dashboard will be entitled to service credits according to the following table.

    Monthly Availability of Hosted Dashboard Service Credit % of Pro-rated Monthly Cloud WAF Subscription Fees
    <99.9-99.0 5%
    <99.0%-98.5% 10%
    <98.5%-98.0% 15%
    <98.0% 20%

    "Availability" of the Hosted Dashboard is calculated as follows: ([# of minutes in month]-[# of minutes per month the Hosted Dashboard is Unavailable]) / [# of minutes in month].

    "Unavailable" with respect to the Hosted Dashboard means the Hosted Dashboard is not available for your access and use through your internet connection, excluding (a) unavailability of the Hosted Dashboard caused by issues not under Fastly Control or (b) unavailability that does not last for a consecutive ten-minute period.

    Credit terms

    Limitations

    All WAF products that exist today, including the Cloud WAF, have several limitations:

    This article describes a product that may use third-party cloud infrastructure to process or store content or requests for content. For more information, see the section on cloud infrastructure, data center, and physical security.
    Back to Top