SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Fastly shares threat intelligence report based on NLX
Tue, 8th Aug 2023

Fastly has announced the publication of its first threat intelligence report, the "Network Effect Threat Report". Featuring data and insights gathered from the company's proprietary Network Learning Exchange (NLX), the Network Effect Threat Report showcases the accuracy of Fastly's threat intelligence capabilities and the effectiveness of Fastly's unified security platform.

The security landscape is ever-evolving, with bad actors continually creating new attack vectors, the company states. To combat these threats, Fastlys Next-Gen WAF (NGWAF) uses SmartParse, a proprietary technology that can understand the content and context of attacks.

SmartParse is able to quickly and accurately determine if a request will result in a malicious action. Snippets of confirmed malicious traffic are sent to Fastlys NLX, which then distributes information about offending IP addresses to every Fastly NGWAF customer.

This capability enables customers to preemptively block confirmed malicious IPs before a request even reaches their network. The shared threat data fosters a network effect, where the collective intelligence of all customers contributes to stronger security for each organisation, Fastly states.                                                                                                                                                                                                                                            Marshall Erwin, Fastly's newly-appointed Chief Information Security Officer, says, "By continuously analysing the threat landscape and applying that knowledge to the technology, processes, and mitigations that Fastly offers to its customers, we're offering valuable insights into the threat landscape and what to do about it. We're leveraging multiple angles to provide actionable intelligence, including our own vulnerability research, strong intelligence partnerships with private/public partners, and data analysis of the activities seen against our customers." 

The Network Effect Threat Report is the first in a planned ongoing series of threat intelligence reports from Fastly. The report captures information and insights based on the unique data from Q2 2023 from across Fastlys NGWAF customer base and tagged by NLX.

The findings of this report showcase the strength of the NGWAF's SmartParse decision engine and NLXs ability to provide preemptive protection across our customer base. The IP threat intelligence in NLX, which powers the NGWAF and the new threat report, are sourced from over 90,000 application and API endpoints and 4.1 trillion requests inspected per month. Global traffic encompassed diverse industries, including High Technology, Financial Services, Commerce, Education, and Media & Entertainment.

Top highlights from the report include: 

  • Multi-customer attacks: 69% of IPs tagged by NLX targeted multiple customers, and 64% targeted multiple industries.
  • Targeted industries: The high tech industry was targeted the most, accounting for 46% of attack traffic tagged by NLX.
  • Trending techniques: While SQL injection is a popular attack choice (27%), attackers are favouring traversal techniques, which make up nearly one-third (32%) of attacks analysed.                                                                                                                     

Simran Khalsa, Staff Security Researcher at Fastly, says, "This report directly reflects the benefits of NLXs network effect for our customers, which ensures they gain immediate awareness of potentially threatening IPs. These attacks are not as targeted or siloed as people might think. The breadth of our customer base and their traffic means we can offer a higher-quality threat feed that allows teams to respond with greater confidence, especially since its happening in near real-time."

The threat intelligence research and product capabilities featured in this report are a few features of Fastly's unified security platform. Fastly's unified platform is designed to secure organisations through protection at the application layer along with a secure-by-design network layer and serverless edge compute environment.

From DDoS and bot management to real-time platform-wide observability and Managed Security Services, Fastly's platform aims to make it easy for security professionals to protect their organisations without slowing them down, and for developers to safely innovate without barriers.