Protect your platform from hackers with a Web Application Firewall like Cloudflare
28 March 2022
The internet is a hostile place. There are numerous scripts running constantly, that do nothing but look for vulnerable digital platforms using old(er) software releases. This activity is independent from the hackers that are doing their best to take advantage of vulnerabilities. Platforms operating without older software vulnerabilities are also prone to this. How do you defend yourself against this type of attacks? And how do you prevent your platform from suffering performance degradation if you have your security affairs in order?
In this blog, iO Software Architect Bavo Janss’ takes a deep dive into Web Application Firewalls (WAFs) like Cloudflare. He explains how this software adds an effective, extra layer of security and protects 'healthy' platforms against performance degradation and hacks.
Threats on the internet are constant. The arms race between website administrators and hackers is unrelenting. Although some things have changed in recent years:
For example, broadband internet has become commonplace. Hackers operate from anywhere in the world. As a result, national governments are often powerless to act against the hackers.
On the management side, we can celebrate the fact that the measures are becoming increasingly effective. Standard measures are often sufficient to keep hackers out. In other words: hackers are generally less successful.
This means that it’s only the malicious parties that are changing their strategies. Attacks are better planned, coordinated, and happen quickly. Today, platforms are simultaneously attacked to increase the hackers’ chances of success.
The number of 'bad' bots in total internet traffic is also growing.
Standard packages (e.g., DPPs, CMSs and commerce platforms) are growing in popularity as a target among hackers. Synchronised attacks, where large numbers of platforms are targeted at the same time, cause considerable performance degradation, even if there is no immediate vulnerability in that specific platform. In this situation, the hacker does not achieve their goal but even in the event of unsuccessful hacks, for normal users, the platform is no longer functional, very slow or even completely unreachable for a short time. This is bad for sales and terrible for your online reputation.
How does this happen?
Large CMS platforms such as Sitecore, Umbraco, Drupal and WordPress and commerce platforms such as Magento and Shopware are standard packages that are widely used worldwide. This is interesting for hackers and malicious attackers. There are at least two reasons for this:
1. Once a hacker has knowledge of a possible leak in a standard package, he can easily attack hundreds of thousands of platforms using a single script. Even though security patches are often released quickly for known leaks, there is always a short period in which hackers can try to exploit a leak. After all, upgrading a platform takes time and isn’t always immediate.
2. Additional modules or plugins are another vulnerability in standard packages. You can install them quite easily and are usually relatively inexpensive and useful for their intended purpose. But these modules often only have a relatively small user group, much smaller than the core platform’s so leaks in specific modules are often not discovered as quickly or quickly enough. Naturally there are hackers who only focus on modules and plugins, looking for vulnerabilities. If they are successful, they then coordinate attacks on a lot of platforms at the same time.
In both cases, the 'healthy', secure platforms are also negatively impacted by this because all platforms are attacked, whether a vulnerable module or plugin is installed or not.
Intercepting threats with a Web Application Firewall
A Web Application Firewall (WAF) is a proven and effective way to resist all these types of threats. A WAF scans the content of incoming and outgoing traffic and can recognise and block common forms of abuse. By using 'rules', specific traffic behaviours through the web server are recognised and filtered.
The maintenance of these rule sets has become a new arms race. It’s almost a full-time job for website and webshop administrators. And for hackers, the challenge is to be quick enough to get their attacks around the WAF because they are detected quickly by WAFs around the world.
How about a bigger digital presence?
Gone are the days when a website was enough for a proper, digital presence. Our experts happily assist in bringing about a digital ecosystem - optimized and on-brand - fit to serve your business goals.
Cloud Managed WAFs like Cloudflare
New players in this arms race are the Cloud Managed WAFs. Cloudflare is one of the largest cloud-based SaaS solutions. It takes care of the difficult issues of compliance, regulation, and the continuous updating of 'rules’. Cloud Managed WAFs have three main advantages:
Better platform performance: all traffic blocked by the Cloud Managed WAF is kept away from the provider's infrastructure and thus does not contribute to load and performance degradation.
Cost-efficient: the implementation and adjustment of new 'rules' is carried out centrally and with prevention in mind. This saves maintenance and development costs for companies.
Effectiveness: The Cloud Managed WAF analyses thousands of platforms at the same time, outside of the business’s own infrastructure. As soon as a threat emerges on other platforms, preventive 'rules' are added that are also used for your platform. Hacking attempts are therefore mapped much earlier and faster.
The benefits are not only tangible when measuring performance, cost, and effectiveness, but they also impact team focus. Implementing a Managed Cloud WAF means that business owners and developers can focus on their main priority: (further) developing their business and running a successful platform.
Cloudflare is one of the larger players in the field of Cloud Managed WAFs. Its size means that they have the resources to facilitate a particularly effective layer of security, but they are also reasonably priced. Starting at $20 per month, Cloudflare offers an unrivaled package of benefits. However, it's always worth checking whether Cloudflare is the best option for your organisation. Cloudflare cannot guarantee that your data will remain in the EU, while this can be desirable from a legal point of view. In this case, it might be better to consider AWS or Azure's WAF. These solutions are more expensive, so should only be considered if the geographical data location of your data is absolutely necessary.
It's always a good idea to consider a WAF, such as Cloudflare, to give your own platform an extra layer of security. With a growing number of automated attacks on widely used platforms, it is essential to arm yourself and protect your business and your customers effectively against them.
Bavo JanssSoftware Architect - iO
Bavo Janss is a true software veteran – starting out delivering office automation to clients working with mainframe terminals, 25 years ago. Later he witnessed the rise of the internet, modern websites, e-commerce, and social media. It only made him appreciate the biggest gift of modern tech: knowledge access – without that dial-up modem noise.
- A new integration layer, payment pages and a developer portal with a seamless UX and DX.Look at this client story
How do you make payment options and transactions easily visible online?A new international online portal for merchants to manage payment solutions.Look at this client story
How do you strengthen the competences and qualifications of financial experts?Find out how we partnered with BZB-Fedafin to offer training courses. We set up an informative learning platform with Sofia. Read more!Look at this client story
Customer Data Platforms (CDP)A Customer Data Platform collects your customers’ data and is mainly at home in the more ‘mature’ marketing departments of the organisation. A CDP combines customer data from different platforms and hands it back to you in a 360° package. This whitepaper illustrates how a CDP gets assembled, where its added value lies CDP can be for your organisation and which conditions best serve a CDP.Read more
Financial Institutions and the complexity of Public Cloud Done-RightFinancial Institutions (FIs) like banks, payment service providers and insurers, operating in a highly regulated market, inhabit an atmosphere of constant tension between 'legacy' and 'state-of-the-art' ideas when it comes to user experiences, software, and application deployment & infrastructure.Read more
Drupal for multi-site brand platformsMulti-site brand platforms are the way to go when managing a lot of content in an orderly manner. For such a platform, you obviously need a CMS. And that's exactly where Drupal comes in. Here’s why Drupal is an excellent choice for multi-site brand platforms too!Read more
7 reasons you should choose Shopware 6 for e-commerceShopware 6 is a powerful and user-friendly e-commerce platform, where you can easily manage both your content and your commercial data. In this blog post, our Shopware expert Rune shares 7 reasons why he is so excited about the latest version of Shopware.Read more
Integrate your online shop with Amazon and eBay thanks to ShopwareHave you heard of Shopware Markets yet? This plug-in synchronises the Amazon and eBay marketplace with your Shopware webshop. It integrates both product data and order processes, completely automating these two important aspects. You can manage and process everything within your Shopware system.Read more