Protect your revenue and reputation at every point of your infrastructure
Webscale has developed the ecommerce segment’s most complete security technology stack, offered as part of our hosting plans and services, and designed to protect your users from the myriad of evolving threats.
Focus your Site Experience on Actual Shoppers
Website traffic can arrive any time from different geos, networks, and devices, some of which you may not even serve. With Web Controls, Rate Limiting, and Access Control, you can block threats, limit requests or allow only valid users to access your storefront, reducing security risk, providing a rich user experience to actual shoppers, and maximizing cart conversions.
Protection Against Account Takeovers
Username and password lists are regularly sold to hackers who use them to take over unsuspecting user accounts—an attack known as credential stuffing. Once access is gained to a single site, hackers can disrupt the entire digital life of that user. This destroys the hard-earned trust of your customers, and can have a significant, long-term impact on revenue. Together, Webscale’s real-time Traffic Viewer, which provides deep visibility into login pages, tracking both successful and failed logins, and Rate Limiting, make it easier to detect brute force attacks or repeated failed logins, shutting down, or limiting access, to login pages.
Magecart attacks are now very common in ecommerce. They insert malicious code into the ecommerce application in order to skim sensitive information such as credit card data and social security numbers. They can go undetected for long periods of time, so consistent monitoring is essential. Webscale’s CSP (content security policy) protection identifies, in real-time, any script violation from a pre-established policy, and reports (or prevents) the malicious script, so that administrators can take immediate action to protect the website.
Serve Real Customers, Not Bots
Bots can account for up to 50% of your storefront’s traffic, consuming capacity and impacting user experience. You can easily identify legitimate bots (Google, Bing) using pre-configured Address Sets, and serve them from Webscale Dynamic Site Cache without using up infrastructure capacity. In addition, Webscale Bot Manager allows you to block access to unwanted bots through a dynamically maintained database of known bad bots, refreshed every five minutes.
Price and Content Scraping
Price and content scraping techniques are unfair, often illegal, methods by which competitors or hackers use botnets to obtain real-time information about your products and prices. Products can also be bought and sold at lower price points to gain competitive advantage. Through Webscale Bot Manager’s machine learning, Anomaly Detection helps detect and differentiate these sophisticated bots from actual human users, protecting your business from outside threats.
Smarter Security for Smarter Hackers
Hackers will frequently use bots that pose as humans, and avoid obvious attack vectors such as a flood of traffic. Instead, they may insert malicious code on the backend and execute this code through seemingly normal web traffic requests. Unlike other security vendors (firewalls, CDNs) that only have access to traffic, Webscale’s deep application visibility, Intrusion Detection and inbuilt Elastic Web Application Firewall (WAF) can detect spurious infrastructure changes, quarantine the infected servers, self-heal the backend, and block any requester trying to execute the malicious code—all before a single request can adversely affect your website.
The Edge is Not Enough
If a hacker is able to circumvent the firewall layer, and attack the application infrastructure directly, all the security you have at the edge is redundant. With App Shield, your application will only respond to traffic that is being served directly from the Webscale platform, which is always enabled with the latest enterprise-grade security protocols.
Webscale also provides CloudEDGE Security, which gives merchants on any self-hosted platform, such as Magento Commerce Cloud, Shopify or SAP Commerce Cloud, access to many of the same best-in-class security features that Webscale provides to its hosted customers.
Upgrade on your Schedule
All ecommerce platforms eventually go “end-of-life” as vendors shift their engineering and support focus to the latest versions. But for many merchants, the timing of that change may not align to the needs of their business. With Virtual Patching, Webscale actively protects applications against new vulnerabilities using our custom Web Controls, and develops security patches to keep the older application version secure until you are ready to upgrade or re-platform.
Restrict Admin Access to Real Admins
Ecommerce admin pages are common targets of attacks because gaining access here provides an open door to your entire site. Rational password policies are a must-have but strong security goes well beyond that. Only allowing IP addresses belonging to admins is a good start, but with more employees working remotely and IPs changing often, these may no longer be adequate, or worse, could result in valid users being locked out. Webscale Secure Access is an enterprise-grade security solution with multi-factor authentication that ensures only real admins can get to the admin page, even before credentials are entered.
Strengthen Customer Trust and Loyalty
Your customers need to know that you treat their credit card and personal data as seriously as you protect your own content from scrapers. Beyond your own PCI compliance, Webscale’s PCI-DSS PCI compliance ensures credit card information stays protected, networks and infrastructure are secure, Malware Scanners are in place for real-time monitoring and alerting, and security and information policies are standardized.
“We manage more than 80 online stores for our customers and had DDoS attacks coming every other hour – it became a very painful process during the holidays to keep the sites up. All the issues we had with our prior provider have been fixed with Webscale. As a team, we now brag internally about our performance!”
The only SaaS-based, application-aware, programmable web application firewall focused on the needs of the ecommerce segment.
Cloud Security Suite
Comprehensive security including intrusion detection, bot management and real-time CSP protection.
Everything we know about security, deployed at the edge, and optimized for any hosted or self-hosted ecommerce platform.