Overview

Vercel Security is an integrated suite of security solutions designed to protect modern web applications deployed on the Vercel Frontend Cloud. It offers a multi-layered defense strategy, including a global Web Application Firewall (WAF), automatic DDoS mitigation, and comprehensive observability tools. With features like Secure Compute for private backend connections and role-based access controls, Vercel Security ensures that applications remain resilient, compliant, and secure against evolving threats.

Features and Capabilities

• Global Web Application Firewall (WAF): Provides L3/L4 DDoS protection at every edge location, ensuring low-latency defense against attacks.
• Automatic DDoS Mitigation: Embedded bot management and protection against traffic abuse are available for all plans.
• Custom Rule Management: Allows instant creation and enforcement of rules tailored to specific business needs.
• Attack Challenge Mode: Protects sites under attack by presenting verification challenges to visitors, mitigating malicious traffic.
• Observability Tools: Maintains visibility into key metrics and production deployments, enabling real-time monitoring of threats and requests.
• Managed Rulesets: Enterprise users can activate managed rulesets to protect against top priority risks, including the OWASP Top 10.
• Framework-Aware Rules: Defines rules based on framework routes, simplifying security configurations.
• Firewall API: Enables programmatic management of WAF rules and integration with third-party tools for dynamic security.
• Rate Limiting: Controls the frequency of requests to web applications and APIs, preventing abuse.
• Instant Rollback: Allows quick reversion to previous firewall rule versions to maintain continuous protection.
• Instant Propagation: Utilizes the same propagation pipeline as Vercel's cache infrastructure, ensuring global firewall changes within 300ms.
• Persistent Actions: Blocks matching requests from suspicious clients for set durations, deterring repeat malicious behavior.
• Secure Compute: Creates a secure, isolated bridge from Vercel to on-premise backends or Kubernetes services, offering private and dedicated access to build and runtime environments.
• VPN and VPC Peering: Provides secure runtime environments without additional backend complexity.
• High Availability Design: Features automatic failover and multi-layered redundancy, ensuring applications remain online during unexpected events.
• Workspace Security: Includes role-based access control, deployment protection, audit logs, and directory synchronization for enterprise-grade security management.
• Compliance Certifications: Meets standards such as ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and DPF, ensuring adherence to global security regulations.