Why Your B2B Web Channel Needs a WAF
When it comes to B2B ecommerce, security is critical—especially for Corevist clients, many of whom are large enterprises processing hundreds of millions of dollars in revenue through our application. As a cloud-based solution, Corevist Commerce has unique security requirements, which we manage for our clients. Our WAF (web application firewall), provided by Imperva’s Incapsula, plays a critical role in mitigating threats against our clients’ B2B web portals.
While all new implementations of Corevist Commerce are automatically placed behind our WAF, two of our clients were subject to service interrupting events prior to migrating over to our WAF.
Here are their stories, plus a takeaway for best practices in B2B ecommerce security.
Client 1: 32,000 direct attacks blocked by WAF
Once upon a time, on a Sunday, Client 1 experienced a brute force attack which caused their site to go down. Our monitoring system detected the attack and alerted us. Once the attack was identified, the first step was to mitigate the attack to the point that the site was usable (which we did by making firewall and server modifications). Once the site was operational, we worked with the client to move the site behind our WAF.
In the 24 hours immediately following the migration, over 32,000 additional direct attacks were detected and blocked by the WAF with no interruption in service availability or performance.
Client 2: 1,300 unique attacks/week blocked by WAF
Client 2 had a WAF in place, managed by a third party. The client’s site includes a publicly-viewable catalog, and a high volume of bot traffic from numerous sources (not all of them malicious) caused the site to go down.
For this client, we found that having another vendor in the critical path was convoluting the process. In this case, we detected the issue and notified Client 2, who notified their WAF provider. The WAF provider notified client 2 of a fix in place, Client 2 notified us, and we investigated whether that had resolved the issue with Client 2.
That cycle can go on and on. It’s a big part of why we follow a “One Throat to Choke” model. With one vendor (us) responsible for everything in the critical path, we don’t have to coordinate with multiple third parties on support issues. We just fix them.
In this case, with Client 2’s permission, we moved their site behind our own WAF, and we solved the problem. Since going behind our WAF, Client 2’s site has averaged 1,300 unique attack types per week, with a varying number of individual attempts for each type—all of them mitigated by our WAF.
Who’s protecting your B2B web channel?
If you’re evaluating B2B ecommerce solutions, consider your new web channel as a whole. Not just the software, but everything that’s required to keep it up and running. Who’s responsible for the security and ongoing support of your web channel? If you’re considering bringing together multiple third parties to manage the complexity of B2B ecommerce, make sure you have security covered.
This is why Corevist Commerce offers a “One Throat to Choke” model. Not only do we implement, integrate, and support our solution, but we also monitor it and handle security (not to mention consult with you on how to grow your web channel). As the threat landscape continues to evolve in intelligence and complexity, it’s worth considering the value which a solution like Corevist brings, with security included and managed by our team.
Moving forward: FREE case study
Want to see Corevist Commerce in real life? Download this case study on LORD Corporation. You’ll learn how this leading industrial manufacturer got off SAP Internet Sales Application and replatformed onto Corevist Commerce—all while keeping SAP at the core of their web channel, with total security assured.