Are you currently experiencing an attack?

Are you currently experiencing an attack?

SaaS Provider Achieves Compliant, Customized Cloud Web Security on AWS

Labguru (labguru.com) is the flagship product from BioData. It is a secure web based ELN [Electronic Lab Notebook] platform for designing, performing, and managing projects in the life sciences.

Labguru’s customers include a wide variety of biochemical research laboratories, both in academia and industry. As such, it has a number of unusual requirements for web security. “Initially we had a basic service from CloudFlare, plus we had implemented a lot of security within our platform’s code. But as we began to acquire some large customers from industry, we discovered that we needed a better solution to secure the endpoints that we make publicly accessible. There was a growing amount of bot scans, crawlers, and other suspicious traffic that we wanted to eliminate,” said Johai Kadosh, BioData’s DevOps and Production Manager. BioData evaluated a number of security solutions, including AWS WAF. Although it has a number of good features, it isn’t meant to be a comprehensive solution, and BioData needed much more.

The company also evaluated Imperva Incapsula and Reblaze. “We eliminated Incapsula early, because their prices were way over our budget. Then we looked closely at Reblaze.” BioData knew that its security solution had to fulfill a list of strict requirements. Some requirements could be evaluated before purchase, including compliance, customer privacy, and customization. Others could be anticipated before purchase, but needed to be verified after the deployment occurred. Those requirements included high reliability, minimal latency, and minimal cost.

Compliance and Customer Privacy
Mr. Kadosh explained, “We need to comply with GDPR, FDA CFR 21, and other standards. Compliance requires us to have all the data under our account, and all the traffic needs to be handled within our own compute resources.“ BioData executives appreciated that Reblaze is a compliant solution, and that it runs within a dedicated Virtual Private Cloud for each customer.

Unlike many other cloud security solutions (which decrypt and often store customer data on their own infrastructure), Reblaze performs all its traffic processing exclusively on the customer’s resources.

WAF Customization
Mr. Kadosh explained, “Our web platform is very complex; I can’t just place a WAF filter in front of it. I needed a high level of customization, and Reblaze is very customizable.”
Initial Impressions After Rollout
After its due diligence was completed, BioData selected Reblaze as its web security solution. Because Reblaze is fully integrated with AWS WAF, the deployment and launch of Reblaze were straightforward. Mr. Kadosh said, “The first thing I noticed with Reblaze is that it works. Whatever you configure it to block, will be blocked. Then we began to dive into customization, and realized that although Reblaze supports extremely complex configurations, we needed some assistance. I reached out to the support team, and they were a tremendous help. The issues that we had were solved very quickly.”
Minimal Latency

Mr. Kadosh was surprised by the minimal overhead required for Reblaze. He said, “I would expect the WAF to add much more latency to the application than it actually does.

For all the processing Reblaze does, and all thevalue we are getting from it, I’m seeing less than three milliseconds added.

“The Best Support”
Mr. Kadosh also appreciates the support that he has received. “It’s the best we’ve had so far [from a vendor]. The issues that we’ve had were responded to right away. Everything was done over SMS or WhatsApp within an hour.” Reblaze is a fully managed platform, updated automatically to protect against the latest web threats. “Every so often we receive a new AMI [AWS machine image] and it’s deployed to the WAF. It’s easy, and I like knowing that the IP blacklists and other security rulesets are always being updated.”
Minimal Cost

When asked about his favorite parts of Reblaze, Mr. Kadosh said, “Its compute requirements are awesome. I’m putting all my traffic through Reblaze, from multiple environments.

The machines I’m using are the lowest that Amazon provides. Reblaze’s cost efficiency is one of its greatest features.
Reliability
As do most organizations, BioData needs its infrastructure to be reliable. Mr. Kadosh said, “I was concerned about placing the WAF endpoints before all my production environments. It creates a potential bottleneck, and if the WAF endpoints go down, this will kill all my production environments. I needed a very reliable solution.” Reblaze’s SLA includes 99.999% uptime, and it runs on the same compute resources that the customer’s platform does. Mr. Kadosh said Reblaze has proven to be reliable. “Reblaze works.”
Unanticipated Benefits
In use, Reblaze has proven even more helpful than expected. Mr. Kadosh said, “Our platform is always under development; we’re continuously improving and adding features, and adding more clusters and endpoints. We really appreciate Reblaze’s flexibility. We’re able to change rules along the way, and they propagate without any issues, and they simply work.” But even more appreciated is Reblaze’s real-time reporting and full traffic logging. Mr. Kadosh explained, “We evaluate the logs frequently. The dashboard shows a lot of information. We really appreciate that the logs and graphs are available to you live—it allows a very good understanding of the traffic.” When asked to summarize his experience using Reblaze, Mr. Kadosh said, “We really appreciate its ability to be customized, which allows it to fit various needs. It requires a very small amount of compute power. And Reblaze’s support is great. “Probably the most useful feature is the traffic reporting. The logs and the graphs in the dashboard show the requests that are blocked, and why and where they’re being blocked.
The information that the dashboards and the logs provide is priceless.
INDUSTRY
SaaS
CHALLENGES
  • Scrubbing incoming traffic in the cloud while adhering to strict compliance requirements for customer data privacy

  • Customizing web and API traffic processing according to very complex requirements, varying on a per-customer and a per-endpoint basis

  • Blocking hostile traffic with minimal latency

  • Achieving all the above with minimal added expense

SOLUTION
Reblaze runs in a Virtual Private Cloud under BioData’s AWS account. With the assistance of Reblaze support, rulesets were constructed and customized to meet Labguru’s requirements.
RESULTS
  • Hostile traffic is blocked, and compliance is maintained; all processing occurs within BioData’s AWS resources

  • Compute resource requirements are minimal. Added latency is less than three milliseconds

For more Case Studies and Success Stories

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.