Defending Doordash in AWS with Fastly

Experiencing rapid growth with accompanying high traffic volumes, Doordash’s security team attempted to solve issues they were having with false positives. They tried a homebrew combination of Splunk and AWS WAF to block attacks while allowing legitimate traffic through.

When their staff realized that AWS WAF would require significant rules maintenance as customer traffic scaled, they decided to switch.The Fastly Next-Gen WAF (NGWAF) deployed in minutes, and offered superior visibility, detection and blocking capabilities with no false positives. DoorDash now fortifies their security posture with customizable rules to block bots and business logic attacks using signals that include the traffic source, and APIs to integrate with custom tooling.

The challenge

Deploying Amazon Web Services Web Application Firewall (AWS WAF) to monitor and protect applications on AWS might seem like a simple option. In reality, its dependence on regular expression (regex) rules and proprietary applications make it difficult for organizations who need accurate blocking and flexibility to scale.

Lacks Modern Attack Detection Methods
AWS WAF Managed Rules rely on regex-based rules for attack detection. This simple matching technique is insufficient for today’s sophisticated attackers, as it can produce false positives for simple queries and traffic requests. It also doesn’t include advanced thresholding capabilities, which is a key mitigation technique for volumetric attacks.

High Maintenance Cost
AWS WAF rules don’t exist within the WAF on their own: you can only define rules by configuring a web ACL or a managed rule group. Writing and maintaining rules increases your TCO, as there are different rates and requirements for configuring rules within web ACLs or rule groups. Billing becomes unpredictable and complex, especially with unexpected traffic surges.This becomes increasingly burdensome to manage as applications and services scale.

Ecosystem and Third-Party Dependencies
Organizations that need tooling and environment flexibility can feel restricted within the AWS ecosystem, which highlights their own versions of popular DevOps tools alongside industry-standard software. Additionally, AWS WAF comes with a base set of rules, and any additional rules must be purchased within AWS or by third-party sets (Managed Rules Groups).

No Unified Management Across Multi-Cloud and Hybrid Cloud
If not all your properties run on AWS, you won’t have a unified view of the security of your non-AWS applications and services. AWS is a suitable candidate for application teams looking for native controls (a single cloud use case), but it lacks visibility to network security teams and enterprises with hybrid and multi-cloud environments.

The solution

Deploying applications in cloud environments provides organizations with greater business agility, data availability, and cost savings. Yet security remains a primary concern: 73% of organizations with cloud-native applications say they lack actionable, fine-grain, real-time insights into threats and ongoing attacks.

With Fastly Next-Gen WAF, cloud and DevOps teams can easily secure their applications, APIs, and microservices running in AWS. Our easy-to-install software supports any application without noticeably impacting performance. It protects against any attack, and integrates with any DevOps toolchain products for cross-team visibility.