Webscale Cloud Security Suite
The ecommerce industry’s first 360-degree security solution for defending against attacks from the frontend, to the back
Webscale Cloud Security Suite is a 360-degree security solution that provides the ecommerce industry’s most robust protection against attacks from the frontend through web traffic, malicious code inserted into the backend, or browsers executing scripts stealing sensitive information. Websites protected by Cloud Security Suite have always-on, end to end security with application-aware, customized rules to protect against sophisticated attacks.
Why Ecommerce Businesses Need
Webscale Cloud Security Suite
The threat landscape for ecommerce businesses is growing more complex by the day, and bad actors are becoming increasingly sophisticated, executing a variety of attacks – DDoS (Distributed Denial of Service) or cross site scripting attacks, to credit card skimmers, malware, and content scrapers. Attacks of this nature can result in a loss of customer data, causing irreparable damage to a customer’s trust and a brand’s
Attacks can be executed from the front end through web traffic, via malicious code inserted into the backend, or by browsers executing scripts to steal sensitive personal information.
Beyond basic DDoS mitigation, bot management and OWASP Top 10 protection, today’s high traffic ecommerce sites need a comprehensive security solution that goes beyond a traditional WAF to address application shielding, intrusion detection, and real-time CSP protection.
Detect and Mitigate Bad Bots in Real-time
Webscale Cloud Security Suite delivers real-time bot monitoring, detection and management capabilities. It proactively identifies suspicious browsing and attack patterns, and mitigates malicious bots through IP reputation and machine learning techniques. Together with Web Controls, Webscale Bot Manager delivers unprecedented visibility and security.
Protect the Application from Unwanted Traffic
Cyber-criminals will often attempt to circumvent the security layer provided by the firewall and direct their attacks at the application tier and database. Webscale Cloud Security Suite delivers an App Shield which locks down access to application infrastructure from any traffic not passing through the Webscale data plane.
Detect Anomalies in Real-time
Zero-day attacks exploit known vulnerabilities, typically by inserting malicious files in the backend, before a patch can be applied. Webscale Intrusion Detection constantly monitors and detects any unexpected code and asset changes to application infrastructure, alerts in real-time, and automatically quarantines “infected” servers and/or keeps out malicious agents from infecting the site.
Activate DDoS Protection with a Single Click
Webscale Cloud Security Suite identifies and blocks millions of attacks daily from all over the world, automatically learning from each new threat. When under a suspected DDoS attack, Webscale’s DDoS Shield Mode offers single-click protection by instantly forcing the application to only allow humans in, keeping bad bots out, so the application can function normally, while Webscale mitigates the attack.
Ensure PCI-DSS Compliance
Webscale is a Level 1 PCI-DSS Service Provider, ensuring your web applications are adhering to the latest PCI security standards. With Webscale, you can quickly and easily protect your customers’ sensitive data from external threats, without making any changes to your web application.
Cover for OWASP Top 10 Threats
Webscale Cloud Security Suite automatically protects critical web applications from the most common vulnerabilities, such as SQL Injections, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and other OWASP Top 10 threats.
Unmatched Visibility and Control
Webscale’s Web Controls consist of a DIY policy engine that allows a user, of any skill set, to quickly take action to ensure enterprise-grade security, high availability, and fast performance of their web applications. Webscale enables site administrators to use pre-defined, pre-tested security rulesets based on their ecommerce application, or to create their own equivalent of firewall rules, with no limits on how many can be enabled at any point in time.
Enhance Trust between Browser and Application
Webscale Cloud Security Suite extends security beyond traffic and application infrastructure, to the browser, where malicious third-party scripts can be executed. Content Security Policy (CSP) is an HTTP security standard introduced to prevent XSS (cross-site scripting) attacks. Our real-time CSP protection enhances trust between the browser and application server, validating “trusted” domains, and preventing blocked domains from executing scripts on the browser.
“Just wanted to drop a note to let you know how impressed I am with your support team. In particular, your help with our expired certificate last night. Couple that with some issues with getting our domains properly approved and we ended up at an 11th hour resolution, which your team did a great job handling.”
Features and Functionality
Bots can account for up to 50% of your storefront’s traffic, consuming capacity and impacting user experience. You can easily identify legitimate bots (Google, Bing) using pre-configured Address Sets, and serve them from Webscale Dynamic Site Cache without using up infrastructure capacity. In addition, Webscale Cloud Security Suite’s bot management function allows you to block access to unwanted bots through a dynamically maintained database of known bad bots, refreshed every five minutes.
If a hacker is able to circumvent the firewall layer, and attack the application infrastructure directly, all the security you have at the edge is redundant. With App Shield, your application will only respond to traffic that is being served directly from the Webscale platform, which is always enabled with the latest enterprise-grade security protocols.
Hackers will frequently use bots that pose as humans, and avoid obvious attack vectors such as a flood of traffic. Instead, they may insert malicious code on the backend and execute this code through seemingly normal web traffic requests. Unlike other security vendors (firewalls, CDNs) that only have access to traffic, Webscale’s deep application visibility, Intrusion Detection and inbuilt Elastic Web Application Firewall (WAF) can detect spurious infrastructure changes, quarantine the infected servers, self-heal the backend, and block any requester trying to execute the malicious code—all before a single request can adversely affect your website.
Magecart attacks are now very common in ecommerce. They insert malicious code into the ecommerce application in order to skim sensitive information such as credit card data and social security numbers. They can go undetected for long periods of time so consistent monitoring is essential. Webscale’s CSP (content security policy) protection identifies, in real-time, any script violation from a pre-established policy, and reports (or prevents) the malicious script so that administrators can take immediate action to protect the website.