B2W automates security of its e-commerce applications with Azion’s programmable Edge Firewall
Some of the most successful e-commerce brands in Latin America make up B2W Digital. Together, the sites get more than 2 billion visits per year, and 17 million active customers use B2W to make purchases with convenience and security.
However, protecting consumer data and access is an increasingly complex challenge, as:
- fraud, exposure, and theft of credit card data has been on the rise since the beginning of the Covid-19 pandemic, with 53% of the world total for these events taking place in Brazil;
- cybercriminal groups targeting retail companies create complex zero-day attacks that can be launched at any time;
- DDoS incidents grew 151% in the first half of 2020 compared to the same period in 2019, threatening the availability of e-commerce worldwide; and
- bad bots that carry out credit and debit card fraud and credential stuffing.
For B2W, security is a very complex challenge due to the management of each of its e-commerce platforms, which generate millions of daily connections, and the multiple CDNs that the company uses.
B2W increased its defensive line with Azion’s edge-native resources. This not only expanded the possibilities of monitoring, mitigating attacks and collecting insights in real time, but also simplified B2W’s workflow.
Azion’s Edge Computing Platform is open, allowing integration with the systems used by B2W, including third-party solutions. This allows B2W to use Azion for automating the security of its applications through APIs with:
- automatic monitoring and detection of complex and zero-day attacks;
- advanced blocking rules executed at the edge; and
- real-time data collection of events that take place on e-commerce platforms, which are transformed into security insights.
For this, B2W uses Azion’s modular, extensible and programmable Edge Firewall, which, through the Network Layer Protection and Web Application Firewall modules, allows the creation of security rules via APIs.
These rules cover both the network and the application layers as well as building serverless code and applications running at the edge. Thus, each deployment is automatically validated in Edge Firewall, simplifying the CI/CD flow and strengthening B2W’s DevSecOps culture.
In addition to gaining real-time and automated protection, B2W has optimized observability practices with Azion Data Streaming, creating a real-time data flow integrated with SIEM and providing a panoramic view of company areas and essential insights for B2W security experts.
Results and Impacts
The use of Azion Edge Firewall has brought important gains for B2W, which has automated its security mechanism by implementation of intelligent blocking rules based on behavioral scoring and expanding this automation to other areas of the company.
For example, B2W explored the programmable characteristics of Azion’s Edge Platform accelerated software deployment validation and increased the autonomy of Security and Infrastructure teams, which can manage the environment without interfering with each other’s responsibilities.
With automated blocking through Azion Edge Firewall, B2W was able to reduce costs by implementing contention rules in Network Layer Protection that are applied before the request reaches Azion WAF, making the blocking cost per request up to 6x lower.
In order to control access to its e-commerce applications, B2W uses Network Lists—both from Azion and other sources—via API, which publish lists of IP addresses linked to malicious networks. With this, B2W can:
- collect data from all the requests for its SIEM platform;
- block, punish or simply monitor IP addresses;
- apply rules according to IP, geolocation, ASN and Tor networks; and
- use the IP reputation database to complement Network Lists.
These actions are intensified by the intelligence obtained from the collection of hundreds of TB of data from events that occur in e-commerce applications, allowing B2W experts to:
- enhance and evolve network and application layer protection over time;
- optimize observability practices; and
- improve compliance auditing.
With the separation of firewall rules from business rules—caching, cookies, and others—and with the creation of common security lists for the environment, the operation became more agile and concise, facilitating the implementation and maintenance of security policies.
About B2W Digital
B2W (or Americanas SA) adopts an unique approach in serving its customers, offering a physical platform with different store formats, in addition to having a digital platform, with various brands, seeking to be capable of delivering the best omnichannel consumer experience in Brazil, offering agility, receptiveness, trust, efficiency, diversity and competitiveness. In addition, the Company has an innovation engine to accelerate its platforms, build disruptive businesses and leverage different initiatives. Together, these fronts constitute the American Universe, which is unique, flexible and resilient.
-  Report | Online criminal activity in Brazil - 2nd quarter / 2020 | Axur
-  Cyber Threats & Trends Report: First Half 2020 | Neustar