Fastly > Case Studies > Sauce Labs Enhances Web Application Security with Fastly’s Next-Gen WAF

Sauce Labs Enhances Web Application Security with Fastly’s Next-Gen WAF

Technology Category

Cybersecurity & Privacy - Application Security
Infrastructure as a Service (IaaS) - Hybrid Cloud

Applicable Industries

National Security & Defense
Telecommunications

Applicable Functions

Quality Assurance

Use Cases

Supply Chain Visibility
Tamper Detection

Services

Cloud Planning, Design & Implementation Services
Testing & Certification

About The Customer

Sauce Labs is the world's largest continuous testing cloud for web and mobile applications. The company provides a platform for businesses to ensure that their mobile applications and websites work flawlessly on every device, operating system, and browser. This service allows businesses to deliver an impeccable digital experience to their users. Sauce Labs operates in a hybrid cloud environment with different application stacks. The company's business model includes offering free trials of its virtual machine service, which had been subject to abuse. The company's commitment to security is evident in its search for a comprehensive solution to protect its web applications from various threats.

The Challenge

Sauce Labs, the world's largest continuous testing cloud for web and mobile applications, faced a significant challenge in protecting its web applications distributed across a hybrid cloud environment with different application stacks. The company's mission is to ensure that mobile applications and websites work flawlessly on every device, operating system, and browser, delivering an impeccable digital experience to users. However, the company was vulnerable to potential attack vectors, including click fraud and abuse of its free trial virtual machine offering. The Senior Director of Product Security, John Kennedy, was in search of a single technology that could defend against these threats and ensure the security of the company's web applications.

The Solution

Sauce Labs adopted Fastly’s Next-Gen WAF, which provided intelligent blocking of web threats and visibility to identify unique application abuse. This solution allowed Sauce Labs to thwart these abuses using customizable rules. Fastly’s Next-Gen WAF provided unified visibility with clearer insights for applications running across different stacks and hybrid cloud environments. Despite having extensive logging in place for all its resources, Sauce Labs didn’t have the bandwidth to monitor logs for suspicious events. Fastly’s Next-Gen WAF applies descriptive signals to each request, enabling the team to see a real-time picture of what is going on. Furthermore, Sauce Labs was able to curb abuse of their virtual machine service by configuring a customizable rule to restrict access to specific pages based on geo-blocking.

Operational Impact

The implementation of Fastly’s Next-Gen WAF resulted in significant operational benefits for Sauce Labs. The solution provided unified visibility across different stacks and hybrid cloud environments, enabling the team to monitor suspicious events in real time. This improved visibility into how Sauce Labs’ resources are being used and misused, helping the team know where to focus their efforts. Additionally, the ability to configure customizable rules based on geo-blocking allowed Sauce Labs to curb abuse of their virtual machine service. The simplicity of Fastly’s Next-Gen WAF technology compared to hardware appliance models that they had used in the past was appreciated by both the TechOps and Engineering teams, making it an easy sell to other teams within the company.