Protect your platform from hackers with a Web Application Firewall like Cloudflare
28 March 2022
The internet is a hostile place. There are numerous scripts running constantly, that do nothing but look for vulnerable digital platforms using old(er) software releases. This activity is independent from the hackers that are doing their best to take advantage of vulnerabilities. Platforms operating without older software vulnerabilities are also prone to this. How do you defend yourself against this type of attacks? And how do you prevent your platform from suffering performance degradation if you have your security affairs in order?
In this blog, iO Software Architect Bavo Janss’ takes a deep dive into Web Application Firewalls (WAFs) like Cloudflare. He explains how this software adds an effective, extra layer of security and protects 'healthy' platforms against performance degradation and hacks.
Threats on the internet are constant. The arms race between website administrators and hackers is unrelenting. Although some things have changed in recent years:
For example, broadband internet has become commonplace. Hackers operate from anywhere in the world. As a result, national governments are often powerless to act against the hackers.
On the management side, we can celebrate the fact that the measures are becoming increasingly effective. Standard measures are often sufficient to keep hackers out. In other words: hackers are generally less successful.
This means that it’s only the malicious parties that are changing their strategies. Attacks are better planned, coordinated, and happen quickly. Today, platforms are simultaneously attacked to increase the hackers’ chances of success.
The number of 'bad' bots in total internet traffic is also growing.
Standard packages (e.g., DPPs, CMSs and commerce platforms) are growing in popularity as a target among hackers. Synchronised attacks, where large numbers of platforms are targeted at the same time, cause considerable performance degradation, even if there is no immediate vulnerability in that specific platform. In this situation, the hacker does not achieve their goal but even in the event of unsuccessful hacks, for normal users, the platform is no longer functional, very slow or even completely unreachable for a short time. This is bad for sales and terrible for your online reputation.
How does this happen?
Large CMS platforms such as Sitecore, Umbraco, Drupal and WordPress and commerce platforms such as Magento and Shopware are standard packages that are widely used worldwide. This is interesting for hackers and malicious attackers. There are at least two reasons for this:
1. Once a hacker has knowledge of a possible leak in a standard package, he can easily attack hundreds of thousands of platforms using a single script. Even though security patches are often released quickly for known leaks, there is always a short period in which hackers can try to exploit a leak. After all, upgrading a platform takes time and isn’t always immediate.
2. Additional modules or plugins are another vulnerability in standard packages. You can install them quite easily and are usually relatively inexpensive and useful for their intended purpose. But these modules often only have a relatively small user group, much smaller than the core platform’s so leaks in specific modules are often not discovered as quickly or quickly enough. Naturally there are hackers who only focus on modules and plugins, looking for vulnerabilities. If they are successful, they then coordinate attacks on a lot of platforms at the same time.
In both cases, the 'healthy', secure platforms are also negatively impacted by this because all platforms are attacked, whether a vulnerable module or plugin is installed or not.
Intercepting threats with a Web Application Firewall
A Web Application Firewall (WAF) is a proven and effective way to resist all these types of threats. A WAF scans the content of incoming and outgoing traffic and can recognise and block common forms of abuse. By using 'rules', specific traffic behaviours through the web server are recognised and filtered.
The maintenance of these rule sets has become a new arms race. It’s almost a full-time job for website and webshop administrators. And for hackers, the challenge is to be quick enough to get their attacks around the WAF because they are detected quickly by WAFs around the world.
How about a bigger digital presence?
Gone are the days when a website was enough for a proper, digital presence. Our experts happily assist in bringing about a digital ecosystem - optimized and on-brand - fit to serve your business goals.
Cloud Managed WAFs like Cloudflare
New players in this arms race are the Cloud Managed WAFs. Cloudflare is one of the largest cloud-based SaaS solutions. It takes care of the difficult issues of compliance, regulation, and the continuous updating of 'rules’. Cloud Managed WAFs have three main advantages:
Better platform performance: all traffic blocked by the Cloud Managed WAF is kept away from the provider's infrastructure and thus does not contribute to load and performance degradation.
Cost-efficient: the implementation and adjustment of new 'rules' is carried out centrally and with prevention in mind. This saves maintenance and development costs for companies.
Effectiveness: The Cloud Managed WAF analyses thousands of platforms at the same time, outside of the business’s own infrastructure. As soon as a threat emerges on other platforms, preventive 'rules' are added that are also used for your platform. Hacking attempts are therefore mapped much earlier and faster.
The benefits are not only tangible when measuring performance, cost, and effectiveness, but they also impact team focus. Implementing a Managed Cloud WAF means that business owners and developers can focus on their main priority: (further) developing their business and running a successful platform.
Cloudflare is one of the larger players in the field of Cloud Managed WAFs. Its size means that they have the resources to facilitate a particularly effective layer of security, but they are also reasonably priced. Starting at $20 per month, Cloudflare offers an unrivaled package of benefits. However, it's always worth checking whether Cloudflare is the best option for your organisation. Cloudflare cannot guarantee that your data will remain in the EU, while this can be desirable from a legal point of view. In this case, it might be better to consider AWS or Azure's WAF. These solutions are more expensive, so should only be considered if the geographical data location of your data is absolutely necessary.
It's always a good idea to consider a WAF, such as Cloudflare, to give your own platform an extra layer of security. With a growing number of automated attacks on widely used platforms, it is essential to arm yourself and protect your business and your customers effectively against them.
Bavo JanssSoftware Architect - iO
Bavo Janss is a true software veteran – starting out delivering office automation to clients working with mainframe terminals, 25 years ago. Later he witnessed the rise of the internet, modern websites, e-commerce, and social media. It only made him appreciate the biggest gift of modern tech: knowledge access – without that dial-up modem noise.
- The evolution in the e-commerce world moves at an incredible speed. That’s why the e-commerce issue becomes more and more complex, with new technologies, products and strategies to deploy. And companies have no choice but to try to keep up with this rapid evolution.
Nurture your internal talents with your own digital academyHow do you, as an organisation, deal with talent in a world that is rapidly, digitally transforming? Digital transformation goes beyond the implementation of new tools, processes, and structures, it is – above all – a human story. Your employees, together, form the talent that makes your organisation strong. Knowledge is the source of everything you do when it comes to strengthening and expanding your 'human' capital. Tailor-made and well presented, through a digital academy.
Financial Institutions and the complexity of Public Cloud Done-RightFinancial Institutions (FIs) like banks, payment service providers and insurers, operating in a highly regulated market, inhabit an atmosphere of constant tension between 'legacy' and 'state-of-the-art' ideas when it comes to user experiences, software, and application deployment & infrastructure.
7 reasons you should choose Shopware 6 for e-commerceShopware 6 is a powerful and user-friendly e-commerce platform, where you can easily manage both your content and your commercial data. In this blog post, our Shopware expert Rune shares 7 reasons why he is so excited about the latest version of Shopware.
Challenging business logic problems? 6 reasons why Azure is the right cloud platformFlexible scalability, the right toolbox for business logic, the availability of specialists, data-driven work and appealing pricing. These are some of the reasons why companies are increasingly turning to public cloud integration platforms to build their business and integration layer – better known as iPaaS (Integration Platform as a Service). Like Microsoft’s Azure Integration Services (AIS), for instance. Technology Director Friso Geerlings zooms in on the power and practicality of Azure, especially for business integration and processes.
Staying one step ahead of cyber attacks - Building secure applications: the Secure Software Development Lifecycle (SSDLC)Hackers are energetic innovators, constantly developing and changing their methods and expanding their cyber attack capabilities. They relentlessly target business critical applications on web and mobile devices, looking for weaknesses. They want to access data, to launch ransomware attacks, to misuse infrastructure for their own purposes or simply to disrupt the target’s continuity of service through (D)Dos attacks. But what does this mean to us at iO as application creators?
Boost your SEO with structured dataHow Google presents search results has changed a lot in recent years, with an increase in the use of snippets and rich results. The addition of structured data to your content helps Google to understand your website better. That improves your score and gives you more chance of achieving a place at the top of the search results. In this blog iO experts explain how you can make structured data work for your organisation.
Single Sign-On: how to select the suitable solution [checklist]As part of their digital transformation, companies are increasingly choosing to build digital service environments – from commerce platforms to service and application portals, APIs and apps – from separate components. In addition to added flexibility and time-to-market, it also has consequences for user and role management. Technology Director of iO in Eindhoven, Friso Geerlings, explains what to take into account when selecting a suitable Single Sign-On (SSO) solution.