Are you currently experiencing an attack?
Are you currently experiencing an attack?
For many companies, maintaining web security is both challenging and costly. One company has found a way to deploy security that’s not only robust and easy to use, it actually generates some revenue of its own.
Online megastore mySupermarket (www.mySupermarket.com) is a “new kind of supermarket” that allows shoppers to get the lowest possible prices on their groceries, health & beauty products, and other essential items. With an international presence and millions of registered users, mySupermarket is a high-profile target for criminal hackers, data thieves, and other Internet attackers.
“Every day we had at least 10-30 alerts for hacking and other attacks. There were constant attempts at infiltration,” said Livne Niv, mySupermarket’s Head of Operations and IT. “We could detect and, with a lot of work, block them. But this takes a lot of money for hardware and human resources, and a lot of effort to update our defenses against new forms of attack.”
Along with direct attacks, mySupermarket also had problems with data theft. “Our main line of business is information,” said Mr. Niv. For example, the company continuously updates its websites to reflect the latest prices on thousands of products from over a dozen major retailers.
This rich trove of data is a major competitive advantage for mySupermarket. As a result, it attracts persistent and sophisticated data thieves. Even some of the retailers that partner with mySupermarket were using bots to scrape the company’s sites, in order to track the prices and products being offered by their competitors.
Unfortunately, conventional security solutions were unable to protect mySupermarket’s data. Since modern scraper bots masquerade as legitimate users, conventional WAF/ IPS systems have difficulty detecting them.
To bolster mySupermarket’s defenses, the IT team began to investigate additional security solutions. They met with several companies, and chose one solution, but its implementation didn’t go well. Then they heard of Reblaze.
Reblaze is a next-generation platform that provides comprehensive, robust web security. It deploys a unique private cloud around the client’s web assets, protecting them from all forms of web attacks: system intrusion, data theft and scraping, DDoS (Distributed Denial of Service), and more.
The mySupermarket team decided to test Reblaze, and they were impressed with how easy it was to implement. Unlike on-site solutions, with Reblaze there’s nothing to install.
As Mr. Niv explained, “All we had to do to make it live was to change our DNS to point to Reblaze. And things have run smoothly ever since.”
Reblaze intercepts and defeats hostile web traffic before it even reaches the client’s data center. Meanwhile, legitimate visitors have normal access to the website (with accelerated performance, thanks to Reblaze’s CDN integration).
Thus, when the Reblaze platform was enabled for mySupermarket’s websites, there was a large, immediate drop in hostile traffic. Results became even better as the mySupermarket team became more proficient with Reblaze. In a short time, the average number of daily attacks went from 10-30 down to zero.
Further, the team discovered that much of mySupermarket’s traffic was actually from bots masquerading as humans. Up to 60 percent of ‘visitors’ who didn’t buy from mySupermarket were actually scrapers. The team learned how to block these.
As Mr. Niv explained, “There are so many features in the platform that there was a learning curve involved. But Reblaze is very helpful. There is always someone available to take your call 24x7,” he said.
One of the distinguishing features of Reblaze is that the platform is administered and maintained remotely by Reblaze’s team of security experts, providing “effortless” web security. Even as new web threats arise, countermeasures are deployed immediately and automatically across the network, with no action required from the client.
As Mr. Niv commented, “There’s definitely much more peace of mind now. You know you have someone standing at the gate, watching over you.”
In addition, he said, “We now have capabilities we didn’t have before. In the past, to distinguish between legitimate users and hackers, we had to dig through logs and try to understand user activity. Now with Reblaze we have this portal that’s easy to use, and all the info is right there in front of you. Today it’s straightforward; you can see which users get through and which ones get blocked. You can see where all your traffic originates from, and what it’s doing."
Mr. Niv also commented on Reblaze’s fine-grained traffic control, which allows the user to allow or deny access to visitors based on their behavior, city, country, network, and more—and it’s all done automatically.
“The system has this auto-ban feature. It can detect what looks like strange user behavior—something different from a normal user—and it pops out the IP address. If you agree, it blocks it for a specific time that you’ve defined in advance. That’s a wonderful feature,” he said.
In addition to defeating internet attacks, Reblaze has allowed mySupermarket to turn web security from an expense into a revenue stream.
Mr. Niv explained, “Reblaze’s advanced human recognition algorithms allow us to block all the bots that used to crawl our sites— even the most sophisticated ones that act like human visitors. We still allow good bots (like those from search engines), but now all the rest that used to scrape our sites can’t get our data anymore.
“Now, when we see somebody trying to crawl our site, after we block them we contact them and say: ‘We see that you’re interested in our data. We can provide it to you at an affordable price.’ Now we can control which organizations get our data, and we can control which data they get.
“Reblaze allows us to do more than just block attackers. Now we’re converting data scrapers into paying customers.”
When asked if he had any final comments, Mr. Niv replied, “Please stress the way that Reblaze’s people work to serve you. The Reblaze team doesn’t sit passively, waiting for us to move the wheels. They not only contact us with updates like new security rules and so on, they also initiate conversations and offer us new ideas. In fact, we’ve had several occasions where there was something going on in the site that we weren’t paying attention to, and Reblaze engineers contacted us about it.
“It’s obvious that our success is very important to them, and I really appreciate that.”