Vercel security roundup: Faster defenses and better visibility for your apps

Every second, Vercel blocks attacks before they reach your applications—keeping businesses online and developers focused on shipping, not security incidents.

Vercel’s security capabilities combine real-time DDoS mitigation, a powerful Web Application Firewall (WAF), and seamless SIEM integrations to provide always-on protection without added complexity.

Here’s what happened in the last quarter.

Vercel's WAF blocks 87 billion attacks

In the last quarter of 2024, Vercel’s WAF automatically mitigated 87 billion attacks from 19 million unique IPs—blocking malicious traffic before it ever reached customer applications. Our platform security combines multiple layers of protection:

• Vercel’s firewall offers network-wide Layer 3 and Layer 4 protection, automatically mitigating DDoS threats and TCP-based attacks before they can reach applications. This is enabled for every customer on any plan tier

• Vercel’s WAF provides comprehensive Layer 7 security, identifying and mitigating threats like SQL injection, cross-site scripting (XSS), and bot-driven attacks, all without degrading performance

WAF impact at a glance:

• 22 billion requests stopped in the US from 3.6 million unique IPs, highlighting the region's high volume of automated and targeted attacks

• 16 billion requests mitigated in Germany, reflecting growing security challenges in the European market

• 13 billion requests blocked in Singapore, showcasing the increasing need for protection in high-traffic global hubs

These numbers show increasing modern cyber threats and the need for proactive defenses. Vercel’s WAF prevents attacks before causing application downtime, protecting user experiences and reducing infrastructure strain. Automated threat detection and real-time mitigation ensure security without compromising performance.

Strengthening your defenses: more control, faster mitigation

Over the past quarter, we’ve focused on strengthening our security defenses while giving developers more customizations, increasing visibility and granular control.

Enhanced threat mitigation

Vercel Firewall is now faster and more effective at stopping threats. By processing malicious traffic in real time and improving mitigation features, we’re neutralizing high-volume and low-and-slow attacks earlier, reducing costs, and preventing threats from reaching your application.

• DDoS Protection is now 40x faster thanks to real-time stream processing that blocks malicious traffic and mitigates DDoS attacks earlier

• Improved WAF Responses by returning a 403 Forbidden response for persistent threats, making enforcement clearer to end-users

Improved visibility and alerting

Understanding where and when security events are occurring is crucial to stopping them quickly. In the past three months, we’ve expanded monitoring and alerting capabilities to make it easier for teams to make informed decisions.

• Vercel Firewall DDoS mitigation notifications let you receive alerts when the Vercel Firewall detects and automatically mitigates a DDoS attack on your Vercel project. These notifications help teams monitor traffic patterns, review attack logs, and take further action, if needed

• The Project Overview page now provides a preview of your app’s Firewall status and other information from the past 24 hours

• More granular Firewall data is now available in your Monitoring or Observability Plus tab, allowing you to filter blocked requests by actions, and see more details like IP Country and User Agent

Compliance and access security

Vercel has added more ways to improve your security visibility and help customers meet compliance standards.

• Enterprise customers can configure a real-time audit log stream to their existing Security Information and Event Management (SIEM) tools, such as Datadog or Splunk

• To support our customers in meeting the requirements of the Payment Card Industry Data Security Standard (PCI DSS), Vercel has successfully completed our Self-Assessment Questionnaire Attestation of Compliance (SAQ-D AOC) for Service Providers under PCI DSS v4.0

Building a more secure web together with the Vercel Community

Our Community team recently hosted a Community Session demonstrating Vercel Firewall's capabilities and explaining how Vercel provides platform-wide protection against common web attacks—including DDoS attacks and malicious bots.

Have questions about the session? Join discussion on the Vercel Community Forum.

Looking ahead

As we look across the ever-evolving security landscape, our Chief Information Security Officer Ty Sbano see three challenges the web will face in the coming year:

• DDoS attacks are intensifying: Vercel is seeing larger and more sophisticated attempts to cause app outages, increase costs, and disrupt business

• Bots are becoming more sophisticated: With the rise of AI and agentic agents, global internet traffic has shifted and it’s making it harder to identify real users and automated bots

• Layer 8 is emerging as the Human Layer: The traditional networking OSI model ends at the Application (Layer 7), but security tools still require human intelligence to understand and tune business logic

To meet these emerging threats, we will continue to develop product features and internal programs that safeguard our customers and protect the end-user experience.

Additionally, we will be creating opportunities for customers directly connect with Vercel in the security space:

• Connect with us in April at RSAC 2025, where you can stop by our booth to learn and demo security products with the team.

• If you are a customer with a security story, you can apply to speak at Vercel Ship, our flagship conference in NYC this June

• We’re hiring a Security Researcher and expanding our Edge engineering team with a Software Engineer and Engineering Manager.