The Historical Context of Protection with Fastly's Managed Web Application Firewall (WAF)

An In-Depth Look at Zesty.io's WAF Engagement with Fastly

Since 2018, Zesty.io's security framework has been significantly shaped by a managed WAF(Web Application Firewall) that was provided by our CDN(Content Delivery Network) partner, Fastly. The Fastly WAF has served Zesty.io extremely well over these years. Fastly will continue to serve Zesty as our Cloud CDN partner but we are bringing our WAF management in house.

As Zesty continues to grow, the volume and sophistication of attacks against our platform has increased. We began identifying a few core aspects of our network security we wanted to improve to mitigate this increase. Notably; greater controls over the traffic which enters our platform, the ability to test rules before they are applied to production traffic, and solutions which fit neatly into our SOC 2 change management policies.

An Analysis of Needed Benefits from a new WAF

Greater Control and Response Times: The Zesty team needs to respond immediately from a platform alert, to RCA, to a rule update. Creating an optimized alert response loop. 

Effective Filtering of Unwanted Traffic: Beyond WAF rules Zesty needs to introduce rules around service throttling and rate based bans. Adding protection against pure volumetric based attacks, which do not match OWASP WAF rules.

Cross Platform Protections: The new WAF needs to live directly in front of the Zesty platform giving the engineering organizations control over protections across all Zesty services.

Transitioning an New Web Application Firewall

Choosing GCP (Google Cloud Platform) Cloud Armor Firewall 

In a deliberate and considered move toward improved security, led by VP Engineering Stuart Runyan,  Zesty.io has decided to discontinue its dependency on Fastly's WAF product and has chosen to adopt the GCP(Google Cloud Platform) Cloud Armor alongside a GCP Application Load Balancer. This strategic shift is designed to retain existing benefits of the Fastly CDN, as well as enhance and extend the security features available to Zesty.

An Examination of the Technical Benefits

A Cohesive Framework for Rules Across Services: With GCP Cloud Armor, preexisting WAF rules have been seamlessly integrated across all of Zesty's services such as; APIs, authentication protocols, and WebEngine. Allowing for a more unified and consistent security posture across all of Zesty’s services and not just at the consumer website CDN level.

Customized Protection through Specificity: The firewall's design allows for rules to be meticulously crafted and applied to individual services, along with the capacity to insert custom programming rules. This granular approach ensures more targeted and effective protection.

Change management: Using Terraform to manage the Cloud Armor security policy our configurations are now code. Allowing the use of version control software, git and github, to keep historical records and notes on rules introduced.

The Implementation of New Rules and Protections

An Overview of Enhanced Security Measures

Zesty has now incorporated sophisticated protective strategies such as throttling, rate based bans, OWASP ModSecurity rule sets and custom rules unique to signatures observed in Zesty platform traffic . These tactics create a robust barrier against various attack vectors, including, but not limited to; volumetric, injection, cross-site scripting, dictionary, and fuzzing strategies.

The Impact on Customers and Their Businesses

A Multi-Faceted Defense Structure: The new rules provide a comprehensive shield that defends against a myriad of attack types.

Alignment with Industry Standards: By following OWASP guidelines the new WAF configuration ensures that Zesty's security practices align with universally recognized best practices.

A Closer Look at Testing and WAF Rule Updating

An Insight into Preview and Analytical Capabilities

GCP Cloud Armor now provides Zesty with preview capabilities that allow rules to be exhaustively examined and tested without the risk of disrupting live, production traffic. This process involves the collection and analysis of extensive log data that a particular rule might affect. Evaluating rules for both health and accuracy before activating.

A Review of the Key Benefits

Enhanced Confidence in Network Changes: Through rigorous testing and careful analysis Zesty ensures that every change to the network is grounded in data and evidence. Enhancing the overall security profile prior to production changes. 

Adaptability to Emerging Threats: The new framework offers the flexibility to constantly adapt to new security challenges and threat vectors. Ensuring that the defense mechanisms never become stagnant or outdated.

An Exploration of Faster Response and Emergency Measures

The Innovation of Version Controlled WAF

The introduction of a WAF run by version-controlled code has opened up new avenues for rapid responses and immediate emergency blocks. The additional benefit of rollback capabilities ensures safety measures in case of unforeseen rules disrupting production traffic.

An Assessment of the Advantages

Swift and Decisive Action: This new approach enables more agile responses to emerging threats, coupled with the ability to reverse changes when needed, providing an extra layer of protection. 

Robust and Resilient Security Architecture: The ability to adapt quickly to new threats ensures that services continue to run smoothly and securely. Meeting the ever-evolving demands of the digital age.

New Alert Systems: An In-Depth Perspective

A Comprehensive Approach to Proactive Monitoring

The newly enhanced internal alert systems are designed to actively and consistently monitor any inconsistencies and potential attacks. This monitoring empowers the Zesty team to predict and preempt potential threats. Providing a balance between rigorous protection and the smooth flow of legitimate traffic.

A Study of the Underlying Benefits

Early Detection and Rapid Response: Real-time monitoring allows for the immediate identification and response to potential threats, significantly reducing the risk of successful attacks.

A Balance Between Security and Accessibility: The careful calibration of security measures ensures that customers experience strong protection without unnecessary barriers or disruptions to legitimate access.

Summary: A Transformative Approach to Customer Protection

The transition by Zesty.io to the Google Cloud Platform Cloud Armor represents a monumental shift in the landscape of customer security and platform stability. With an enhanced set of rules, thorough testing procedures, rapid response mechanisms, and vigilant monitoring systems, Zesty.io has embarked on a new era of digital protection. This meticulous and thoughtful approach has resulted in a robust, flexible, and responsive security infrastructure, offering peace of mind to businesses and marketing teams alike. In summary, Zesty.io's new security initiative reflects a profound commitment to innovation, excellence, and unswerving dedication to customer safety and satisfaction in a world of ever-changing cyber threats.

TL;DR

Zesty.io has shifted from Fastly's managed web application firewall, used since 2018, to a more advanced and responsive Google Cloud Platform (GCP) firewall. The move brings several improvements including unified rules across all services, enhanced security measures such as throttling and adherence to OWASP standards, and the ability to preview and rigorously test new rules without affecting live traffic. Additionally, the new firewall enables faster responses, emergency blocks, and introduces proactive alert systems to monitor potential threats. The comprehensive transition to the GCP firewall signifies a significant upgrade in Zesty.io's commitment to customer security, stability, and satisfaction.