The internet is a hostile place. There are numerous scripts running constantly, that do nothing but look for vulnerable digital platforms using old(er) software releases. This activity is independent from the hackers that are doing their best to take advantage of vulnerabilities. Platforms operating without older software vulnerabilities are also prone to this. How do you defend yourself against this type of attacks? And how do you prevent your platform from suffering performance degradation if you have your security affairs in order?
In this blog, iO Software Architect Bavo Janss’ takes a deep dive into Web Application Firewalls (WAFs) like Cloudflare. He explains how this software adds an effective, extra layer of security and protects 'healthy' platforms against performance degradation and hacks.
Threats on the internet are constant. The arms race between website administrators and hackers is unrelenting. Although some things have changed in recent years:
For example, broadband internet has become commonplace. Hackers operate from anywhere in the world. As a result, national governments are often powerless to act against the hackers.
On the management side, we can celebrate the fact that the measures are becoming increasingly effective. Standard measures are often sufficient to keep hackers out. In other words: hackers are generally less successful.
This means that it’s only the malicious parties that are changing their strategies. Attacks are better planned, coordinated, and happen quickly. Today, platforms are simultaneously attacked to increase the hackers’ chances of success.
The number of 'bad' bots in total internet traffic is also growing.
Standard packages (e.g., DPPs, CMSs and commerce platforms) are growing in popularity as a target among hackers. Synchronised attacks, where large numbers of platforms are targeted at the same time, cause considerable performance degradation, even if there is no immediate vulnerability in that specific platform. In this situation, the hacker does not achieve their goal but even in the event of unsuccessful hacks, for normal users, the platform is no longer functional, very slow or even completely unreachable for a short time. This is bad for sales and terrible for your online reputation.
Large CMS platforms such as Sitecore, Umbraco, Drupal and WordPress and commerce platforms such as Magento and Shopware are standard packages that are widely used worldwide. This is interesting for hackers and malicious attackers. There are at least two reasons for this:
1. Once a hacker has knowledge of a possible leak in a standard package, he can easily attack hundreds of thousands of platforms using a single script. Even though security patches are often released quickly for known leaks, there is always a short period in which hackers can try to exploit a leak. After all, upgrading a platform takes time and isn’t always immediate.
2. Additional modules or plugins are another vulnerability in standard packages. You can install them quite easily and are usually relatively inexpensive and useful for their intended purpose. But these modules often only have a relatively small user group, much smaller than the core platform’s so leaks in specific modules are often not discovered as quickly or quickly enough. Naturally there are hackers who only focus on modules and plugins, looking for vulnerabilities. If they are successful, they then coordinate attacks on a lot of platforms at the same time.
In both cases, the 'healthy', secure platforms are also negatively impacted by this because all platforms are attacked, whether a vulnerable module or plugin is installed or not.
A Web Application Firewall (WAF) is a proven and effective way to resist all these types of threats. A WAF scans the content of incoming and outgoing traffic and can recognise and block common forms of abuse. By using 'rules', specific traffic behaviours through the web server are recognised and filtered.
The maintenance of these rule sets has become a new arms race. It’s almost a full-time job for website and webshop administrators. And for hackers, the challenge is to be quick enough to get their attacks around the WAF because they are detected quickly by WAFs around the world.
Gone are the days when a website was enough for a proper, digital presence. Our experts happily assist in bringing about a digital ecosystem - optimized and on-brand - fit to serve your business goals.
New players in this arms race are the Cloud Managed WAFs. Cloudflare is one of the largest cloud-based SaaS solutions. It takes care of the difficult issues of compliance, regulation, and the continuous updating of 'rules’. Cloud Managed WAFs have three main advantages:
Better platform performance: all traffic blocked by the Cloud Managed WAF is kept away from the provider's infrastructure and thus does not contribute to load and performance degradation.
Cost-efficient: the implementation and adjustment of new 'rules' is carried out centrally and with prevention in mind. This saves maintenance and development costs for companies.
Effectiveness: The Cloud Managed WAF analyses thousands of platforms at the same time, outside of the business’s own infrastructure. As soon as a threat emerges on other platforms, preventive 'rules' are added that are also used for your platform. Hacking attempts are therefore mapped much earlier and faster.
The benefits are not only tangible when measuring performance, cost, and effectiveness, but they also impact team focus. Implementing a Managed Cloud WAF means that business owners and developers can focus on their main priority: (further) developing their business and running a successful platform.
Cloudflare is one of the larger players in the field of Cloud Managed WAFs. Its size means that they have the resources to facilitate a particularly effective layer of security, but they are also reasonably priced. Starting at $20 per month, Cloudflare offers an unrivaled package of benefits. However, it's always worth checking whether Cloudflare is the best option for your organisation. Cloudflare cannot guarantee that your data will remain in the EU, while this can be desirable from a legal point of view. In this case, it might be better to consider AWS or Azure's WAF. These solutions are more expensive, so should only be considered if the geographical data location of your data is absolutely necessary.
It's always a good idea to consider a WAF, such as Cloudflare, to give your own platform an extra layer of security. With a growing number of automated attacks on widely used platforms, it is essential to arm yourself and protect your business and your customers effectively against them.
Bavo Janss is a true software veteran – starting out delivering office automation to clients working with mainframe terminals, 25 years ago. Later he witnessed the rise of the internet, modern websites, e-commerce, and social media. It only made him appreciate the biggest gift of modern tech: knowledge access – without that dial-up modem noise.