Back to blog

Follow and Subscribe

Creating industry-leading managed security commitments

Liam Mayron

Staff Product Manager , Fastly

Cody Arnold

Senior Manager, CSOC, Fastly

Managed security services allow organizations to outsource their needs to specialized providers focused on maximizing their security posture via proactive protection and mitigation. By leveraging managed security service providers, your security team can bolster their security while freeing up the internal team’s focus for other priorities. These services are typically backed by service level agreements (SLAs) to guarantee the speed of protection customers receive. 

SLAs are important when evaluating vendors because what they cover (and under what stipulations) will play a major role in their utility to the organization. The industry has defaulted to using SLAs that are reactive in nature (and require teams to request action). However, if a managed security service is truly proactive, it’s time for SLAs that match.

Announcing Fastly’s time-to-notify SLA

Proactive managed security SLAs outline how quickly a provider takes initiative against critical incidents before customer notification.

Fastly is proud to announce our industry-leading time-to-notify SLA for our Managed Security Service customers. We guarantee that our team will notify customers that we have begun mitigation within 30 minutes of detecting a critical incident.

Critical security incidents are those that impact a customer’s origin. Other providers may have SLAs covering portions of critical incidents, like DDoS attacks, but Fastly’s Managed Security Service is committing to notification for any critical web application security incident. Extending the SLA to any critical incident enables it to include scraping, enumeration, account takeover, and many other attack types. Framing the time-to-notify SLA from this perspective creates a more inclusive experience that allows teams to truly offload their application security without worrying that certain attacks won’t be mitigated in a timely manner.

The importance of a proactive SLA

Every provider markets their managed security service as proactive, but is that something organizations can rely upon without an explicit commitment? Customers around the world are sold on the proactive monitoring and mitigation providers offer, but without an SLA in place, it’s difficult to hold them accountable when they fall short. When bad days arise (and we all have them), a proactive SLA limits how bad things can get. A time-to-notify SLA ensures that marketing messages of proactive protection are realized 24/7/365 when the service is purchased.  

Combining reactive and proactive SLAs

Providers should begin adopting proactive SLAs, but the value of reactive ones shouldn’t be diminished. The most common reactive SLA is the time-to-respond (TTR) SLA. It dictates that the provider’s team will respond within a given time after a customer raises a critical severity incident. The SLA has been the standard for many years and is the most commonly offered. Fastly’s Managed Security Service has followed suit since its inception, and we’re proud to offer an industry-leading 15-minute response time SLA for critical security incidents. For all of 2023, our actual critical incident response time was a median of just 2 minutes1 - 15 times faster than industry benchmarks (image 1).

Image 1: Time-to-Respond and Time-to-Notify SLA value and descriptions.

By combining reactive and proactive SLAs, organizations receive dependable commitments that enhance the speed and quality of their service. By blazing this new path for Fastly’s Managed Security Service customers, we hope other providers will follow suit to create a better experience for everyone.

Supercharge your AppSec with Fastly’s Managed Security Service

By offering industry-leading time-to-notify and time-to-respond SLAs, Fastly’s guarantees around your security offer teams unmatched peace of mind and the capability to shift resources to other priorities. The Fastly Managed Security Service is a full-service offering for our Next-Gen WAF, DDOS, Edge Rate Limiting, and Bot Management customers who require comprehensive monitoring and protection of their environments. It leverages the powerful capabilities of Fastly’s Edge Cloud Platform, enabling organizations to focus more on their strategic initiatives and high-impact projects while entrusting security performance and maintenance to Fastly. Contact us to learn more.