Are you currently experiencing an attack?
Are you currently experiencing an attack?
As one of the largest and most successful online retailers in Asia Pacific, Reebonz (www.Reebonz.com) has been described as “the dominant player in its space in the region” and “the next billion dollar e-commerce group out of Singapore.”
This has attracted lots of attention—not only from online shoppers eager for Reebonz’s luxury fashion and lifestyle products, but also from hackers and cybercriminals with far different motives.
As a result, the company’s websites are regularly subjected to the full spectrum of Internet attacks—everything from stealthy breaching attempts to massive, automated DDoS (Distributed Denial of Service) assaults.
The security challenge is even greater due to the company’s unusual approach to e-commerce. Reebonz frequently hosts online flash sale events, which offer large discounts on highly sought-after designer products—but only for a short time. These events create massive windfalls of incoming traffic, all of which must be scrubbed instantly and effectively, without affecting the sites’ performance.
Financially, the stakes are high. As Roger Tan, the Systems Manager of Reebonz, said: “If we experienced a successful attack and the system went down, we would suffer massive financial losses.”
As Reebonz has experienced rapid growth (the company now has over 40 websites), company executives have had to solve tougher security problems.
At first, web security was provided by a system developed internally. This worked for a while, but as the company grew more prominent, web attacks escalated. Eventually, Reebonz was hit by a DDoS attack that IT staff could not overcome.
At that point, Mr. Tan sought an external solution. “We mitigated that attack by enabling [a large cloud security provider] for some of our sites. That got us through.”
But Reebonz staff soon realized that the new solution was inadequate. “It had its own limitations, and some of the things we wanted were not available."
Worst of all, the new solution introduced problems of its own. As is true for almost all cloud-security platforms, Reebonz had to share its cloud resources with the provider’s other customers. And as Mr. Tan’s team discovered, this left them vulnerable to attacks that weren’t even aimed at Reebonz. He explained:
One of [the large cloud provider’s] other customers suffered a massive attack. We got taken down as well, and we had to turn off the system to come back up again. That left us naked and vulnerable.
Dissatisfied, the Reebonz team sought a different provider.
Mr. Tan described the process: “Our primary business is e-commerce. So DDoS protection and an accurate WAF (Web Application Firewall) are absolutely essential.” The team also wanted the benefits of cloud security, while avoiding the co-location vulnerabilities that had victimized them before.
After evaluating several solutions, the team chose Reblaze: “What set Reblaze apart was several things: granular control, real-time analysis, the ability to deploy very close to my servers and data centers around the world, and that it does its job very well at an affordable budget.”
Granular control is very important to Reebonz. Since deploying Reblaze, the team can now define different security policies on whatever scale is needed: from groups of sites, down to individual sites, subnets, IPs, or even for individual URLs.
Additionally, Mr. Tan wanted the ability to precisely analyze incoming traffic. “With Reblaze I can not only get a high level view, I can also get to the very granular level of each legitimate and non-legitimate request coming into my websites.”
The Reebonz team found the deployment process to be straightforward. As a cloud platform, Reblaze requires only a simple DNS change to enable its protection—there’s no software or hardware to install. Reebonz decided on a series of rollouts, progressively moving their sites over.
Mr. Tan commented on the support his team received: “Our previous provider required us to do everything ourselves. It was all self-help. Sometimes a support ticket would take hours or days before we got a reply.
“Reblaze is very different. In the beginning, we needed some hand-holding, to kick-start the initial configuration. Even afterwards, we’ve sometimes had support requests. Each time, Reblaze has been great. They respond almost immediately.”
After switching to Reblaze, Reebonz not only receives the benefits of robust cloud security, it also is no longer vulnerable to attacks aimed at other users of its security platform. Reblaze deploys a unique private cloud around each data center: a full dedicated stack (including DNS servers, load balancers, logs, database, etc.) for that data center’s exclusive use. Thus, each data center is immune to whatever attacks might be occurring elsewhere on the Internet.
Mr. Tan commented: “Now I have my own private clouds. I feel protected, because I don’t need to share a cloud with others and be subject to attacks on them.”
Additionally, since Reblaze is a PCI-DSS Certified Level 1 Service Provider, its clouds meet the stringent PCI standards. “We do PCI scanning every quarter. Reblaze has helped us achieve compliance easily.”
Mr. Tan noted that the private clouds provide a further advantage to Reebonz that his team has never actually needed. “Because Reblaze deploys a dedicated cloud for each data center, if one data center suffered a massive attack, it wouldn’t affect the others. But I have no experience with that, because I’ve never seen any attacks getting through Reblaze to any of my data centers.”
Reebonz has also benefitted financially from its Reblaze deployment. As Mr. Tan explained, “Because Reblaze is deployed together with a CDN [content delivery network], the traffic coming back to our origin servers decreased by two thirds. This has helped to reduce our hosting costs.
So far, we are saving about $5,000 per month.Mr. Tan emphasized that Reebonz has accomplished all this very affordably. “Whenever I spoke to security providers, it seemed that effective security was always very expensive. But then with Reblaze, we found that a great security solution doesn’t need to come at a high cost.
“Some people from [a large cloud provider] recently came to my office, trying to sell us a new security solution. But I told them we’re using Reblaze. I showed them what it does for us, and the price I’m paying for it.
“They were very, very impressed. Then they packed up and left.”