Are you currently experiencing an attack?
Are you currently experiencing an attack?
As the largest job board in Israel, AllJobs (www.AllJobs.co.il) faces similar challenges to other high-profile websites: frequent large-scale hacker attacks, constant attempts at data theft, and high requirements for data security. Despite all this, AllJobs’ CTO Bonnie Grossman says, “I sleep well at night.”
It wasn’t always this way. As a prominent site with over one million unique visitors per month, AllJobs has long been a high-profile target for attackers and data thieves. AllJobs’ developers were constantly trying to update the site’s defenses against ever evolving internet threats.
Additional issues arose each quarter during AllJobs’ mandated PCI DSS scans. These scans ensure compliance with requirements set by the Payment Card Industry Security Standards Council.
As is typical for a high-profile site, AllJobs needed to commit substantial developer resources towards maintaining compliance.
Then, in April 2013, a large wave of attacks hit many Israeli websites, including AllJobs. This was the first occurrence of what is now known as “OpIsrael”: a periodic, internationally coordinated cyber-assault designed to “erase Israel from the Internet.”
The first OpIsrael attack drove Mr. Grossman to find an effective security solution. Although many products were available, most were unattractive: “With all those solutions I would need someone on my team to maintain them, make new security rules, check that the new rules aren’t doing any harm, and so on.”
After researching his options, he decided to try Reblaze.
Reblaze is a next-generation platform that provides comprehensive, robust web security. It deploys a unique private cloud around the client’s web assets, protecting them from all forms of Internet attacks: system intrusion, data theft and scraping, DDoS (Distributed Denial of Service), and more.
Mr. Grossman found it especially appealing that he could test Reblaze with little effort and no risk. As he recalled:
There was nothing to lose, and everything to gain. The Reblaze team did all the work for me.“And I liked that you can put the platform into a learning mode where it doesn’t actually affect your traffic—it just watches and learns how your legitimate users behave. So I could test Reblaze with no risk at all.”
Once the platform was deployed, the AllJobs team used its learning mode to monitor their traffic. Mr. Grossman explained, “After one month of learning the rules and seeing how my visitors use the site, we had a meeting and we saw all the rules we were going to activate. Then we went live.
“The implementation process went very quickly. And best of all, it required no work from me.”
Once Reblaze went into active mode, attacks against the AllJobs website ceased immediately. Even large-scale assaults are now filtered out automatically.
The AllJobs team was surprised at how effective it was. Mr. Grossman said, “I thought I would have to talk to the people at Reblaze, especially at first, asking them to change the rules because we’re still getting attacked, or we’re getting false alarms and my users can’t surf my site, or some other problem. But there was nothing like that. Reblaze just works.”
The Reblaze UI includes a console that shows at a glance everything that is occurring within the site. It displays comprehensive real-time statistics such as the number of legitimate users, the number of attackers that are being blocked, the reasons for blocking, the geographical sources of hostile traffic, and much more.
Mr. Grossman closely monitored the platform’s performance. “At first I was always checking the Reblaze console, looking to see what was happening. I also checked my own traffic logs and my own system that shows if there are any attacks that get through, and there was nothing. Reblaze blocked all the attacks, while letting my users get through as normal.
“After the first two or three months, I stopped checking as often. I’ve learned that Reblaze does its job, and there’s no need for constant monitoring.”
For AllJobs, regular PCI DSS compliance scans used to be challenging. Now they’re nonevents. Mr. Grossman explained, “This is something I really, really like about Reblaze".
We’re making the PCI DSS scan every quarter. Before Reblaze, maintaining compliance was challenging. Since we deployed Reblaze, every scan has been clear.
The AllJobs team was pleased at the level of automation that Reblaze provides. For example, it not only blocks hostile traffic, it can autoban the offending IP address for a specified time, with no user action required.
The platform also updates itself automatically as needed. Even as new Internet threats arise, the Reblaze team issues upgrades across the network to protect their clients. Again, no user action is required.
When Mr. Grossman was asked if Reblaze created any work for his IT staff, he replied that there was none. “If Reblaze took me more time than nothing, I’d turn it over to my senior developer and let him deal with it. But there’s nothing to deal with.
The reason I chose Reblaze and still use it, is because I do no work at all. That’s very important to me. It just works.