Protecting eCommerce Sites Against Threats Old and New
Carlos Morales, SVP of Solutions
It’s no wonder that eCommerce is an attractive target for cybercrooks. The potential gains are simply too tempting. The evidence is in the numbers. While eCommerce sales grew more than 27%1 in 2020 to over $4 trillion, cybercrime climbed even faster – soaring 50%2.
At the same time cybercrime is rising, expanding infrastructures are introducing new vulnerabilities. Applications and data are migrating to the cloud, and IoT devices are proliferating at an accelerating rate. Linked PoS systems from brick-and-mortar operations add more susceptibilities. All are pushing the network edge outward, making it harder to define and defend.
Yet customers and business partners still expect safe, effortless transactions – and penalize companies that fail to provide them. One study showed that 59% of consumers avoid companies hit by a recent cyberattack3.
In response, eCommerce companies are improving protections for their expanding, complex networks with cloud-based managed security solutions. These powerful tools add an important layer of defense that can intercept and counter a range significant threats before they penetrate a company’s network, protecting digital assets wherever they are hosted.
Cloud-based security solutions provide sophisticated capabilities without creating more pressure on overworked cybersecurity teams or requiring additional in-house expertise. And they enable companies to achieve important security goals, countering threats that can pose significant dangers to data and operations.
1. Protecting web applications Web application attacks surged 239% in H1 20214. All told, 90% of attacks5 in 2021 involved web application hacking, But defending web apps effectively against this tidal wave of threats is particularly challenging, because these increasingly indispensable tools must be accessible to multiple users from multiple networks. This accessibility leaves them vulnerable to a multitude of attack techniques.
That’s why a cloud-based web application firewall (WAF) has become such an important line of defense in eCommerce. A WAF effectively counters application layer threats with flexible, always-on protection that covers web applications regardless of their location, whether data center or cloud. Key capabilities in effective managed solutions include:
Preconfigured protections against the most common threats, including the OWASP top 10, updated automatically as new threats emerge including zero-day threats
Flexible security options including both negative and positive security, with easily managed capabilities to customize protection such as rule recommendations based on actual traffic
Full visibility into application traffic across your environment, with adaptable reporting and logging features
2. Detecting and managing malicious bots Botnets today more extensive and capable than ever. The threats they present are more varied and malicious. And they’re everywhere. In 2021 bad bots drove 57% of attacks6 on eCommerce websites. The percentage of organizations that detected botnet activity surged more than 45%7 in the first half the year alone.
In this environment, effective bot detection and management is an indispensable component of network security. A cloud-based solution delivers the sophisticated capabilities that can detect and identify malicious bot traffic across your network; managed updates automatically add protection against evolving bot capabilities and signatures. The most effective solutions incorporate:
Multiple techniques to detect bots, including IP data, device fingerprinting, rate limits and transactions per second
Flexible options to customize and apply additional identification safeguards and to categorize and fingerprint bots for ongoing management
Multiple options to manage flagged bot traffic, including delaying or redirecting traffic or blocking it altogether
3. Mitigating all DDoS attacks Two years ago, security experts successfully mitigated the largest DDoS attack then recorded – a 2.3 Tbps attack that targeted an eCommerce site. These attacks are nothing new. But today they are more frequent, more sophisticated, and more varied. Attackers employ them to shut down your online business, extort significant ransom payments, or distract from other attacks.
DDoS attacks are also much bigger and more intense – more than enough to overwhelm in-house protections or even an ISP-based mitigation solution. A dedicated, cloud-based DDoS mitigation service is the most effective countermeasure you can employ to protect your business, your income and your reputation from attacks of any size, length or intensity. Capabilities to look for include:
Outstanding scrubbing capacity through a global mitigation platform able to absorb the largest attacks, with multiple tier 1 internet network providers for redundancy
Advanced orchestration platform that interconnects multiple mitigation appliances for near-instantaneous response, with AI-driven automation to help manage defense in depth
Flexibility in protection and service configurations, including always on and on demand options
4. Protecting your DNS Your DNS service is the critical first step in every fast, safe, and satisfying online experience your site provides. But it can also be a target or vector for a range of damaging attacks, and the pace of these threats shows no sign of slowing. 72% of companies suffered a DNS attack8 in the 12 months ending in Q4 2021. 61% were hit by multiple attacks.
Cloud-based authoritative, recursive, and redundant DNS services protect both access to your website and your network assets. Managed services ensure reliable, trouble-free navigation for customers and partners, and simplify the work of managing constantly changing DNS configurations. Your service should include:
Effective security features to protect both DNS availability (integrated DDoS protection for DNS resolvers) and network assets (robust, user-friendly DNSSEC)
Outstanding performance and reliability including a global infrastructure for the fastest possible query responses and an overprovisioned, fault-tolerant platform
Advanced traffic management features for load balancing, geographic routing, and failover service with easy-to-use administrative and configuration tools
Neustar Security Services delivers all thesecritical protections for eCommerce organizations with an integrated suite of cloud-based security solutions. All are monitored and supported by experienced IT security professionals in our 24/7 security operations center (SOC) and backed by outstanding customer support. Professional services are available to assist in installation and configuration and maximize their value to your business.
Learn more about strengthening your protections against significant threats with our powerful, comprehensive cloud-based solutions for eCommerce.