Sauce Labs Enhances Control Over Web Application Threats

The challenge

Sauce Labs needed a single technology to protect its web applications distributed across a hybrid cloud environment with different application stacks. Sauce Labs provides the world’s largest continuous testing cloud for web and mobile applications. The company helps businesses ensure that their mobile applications and websites work flawlessly on every device, operating system and browser, so that they can deliver an impeccable digital experience to their users.

Knowing how critical web application security is to the fabric of the company’s business, Senior Director of Product Security, John Kennedy, wanted to defend against potential attack vectors including click fraud and abuse of its free trial virtual machine offering.

The solution

Sauce Labs immediately gained intelligent blocking of web threats from Fastly’s Next-Gen WAF and used the visibility to identify unique application abuse, which they thwarted using customizable rules.

Clearer Insights with Signals
For applications running across different stacks and hybrid cloud environments, Fastly provided unified visibility with clearer insights. Sauce Labs has extensive logging in place for all its resources, but the team didn’t have the bandwidth to monitor logs for suspicious events. Fastly’s Next-Gen WAF applies descriptive signals to each request—such as “Malicious IP” and “TOR traffic”—enabling the team to see a picture of what is going on in real time. Better visibility into how Sauce Labs’ resources are being used and misused helps the team know where to focus.

Geo-blocking with Power Rules to Limit Click Fraud
Sauce Labs was seeing unique application abuse in which malicious users would attempt to request free trials to get access to virtual machines. Kennedy’s team was able to determine that the attackers were using disposable email domains coming from a certain range of IP addresses. Since the company doesn’t do business in certain countries where the attacks originated, they configured a customizable rule to restrict access to specific pages based on geo-blocking and were thus able to curb abuse of their virtual machine service.

An Easy Sell to Other Teams
Kennedy expected initial questions from the technology operations (TechOps) team regarding Fastly, including “What’s security going to put in there, and is it going to screw up performance?” After reviewing the Next-Gen WAF architecture with the NGINX module and web server agent, both TechOps and Engineering were on board. Their support was due to the technology’s simplicity compared to hardware appliance models that they had used in the past.