Netshoes automatically blocked more than 4 millions threats in six months using Azion WAF
Netshoes is one of the leading sports lifestyle sites in Latin America. There are approximately 54 million unique visitors per month. Offering the best shopping experience to so many people encompasses several types of challenges, many of which are related to security.
Retail is the industry most affected by security incidents. Most vulnerabilities are present in the internal network (54%), in e-commerce (22%) and in the cloud (20%), with 74% of attacks targeting credit card data.
A successful attack has a 53% chance of causing damage above R$2.5 million due to unavailability of service and fraud, such as credential stuffing and phishing. Today’s complex threats require Netshoes to use smart and sophisticated protection features.
With several products based on Edge Computing, the Azion Platform helps Netshoes to build a secure shopping environment for everyone looking for sporting goods from the most respected brands in the world.
In order to improve both security and application performance, Netshoes used Azion’s products and services, with an emphasis on Web Application Firewall (WAF) and other Edge security features, which are essential for expanding threat control and monitoring in real-time.
The flexibility of WAF allows Netshoes’ security squads to apply more complex defense strategies. An example of this is the creation of multiple instances of WAF to implement targeted policies on specific threats and vulnerabilities.
With this, Netshoes is able to take advantage of the expertise of its team to build firewall rules at different levels and customize these rules to:
- identify and prevent bad bots: currently, 24% of web traffic is composed of bad bots and 79% of companies do not know how to distinguish them. However, Netshoes not only recognizes bots, but also implements advanced rules to curb their actions;
- protect mobile APIs: 45 million customers access Netshoes via smartphones, and WAF plays an important role in ensuring customers’ data security, regardless of their type of device; and
- preventing attacks on e-commerce: Netshoes uses WAF to reinforce the protection of e-commerce, the second most exploited element in e-retail attacks, against OWASP Top 10 threats and zero-day attacks.
In addition to the targeted Azion WAF rule sets managed by Netshoes’ squads, Data Streaming and Network Lists provide additional control and observability.
Capable of integrating with the main SIEM (security information and event management) platforms on the market, Data Streaming provides complete records of application data and content in real time, essential for Netshoes to improve its defensive line.
Network Lists, in turn, facilitate the management of IP (Internet Protocol) addresses that access the store. Via platform or APIs, Netshoes has the autonomy to create customized IP address lists and has access to Azion’s automatically updated lists, such as Origin Shield and Tor network.
Results and Impacts
In the first half of 2020, Netshoes, through WAF, automatically blocked more than 4 million threats without impacting the service or the purchase journey of the millions of customers who access the site daily.
Among the attacks that were automatically suppressed during this period, the majority consisted of SQL Injections, a threat that is at the top of OWASP’s biggest security risks to web applications, and Cross-Site Scripting (XSS), which is also among the biggest cybersecurity risks today.
To analyze and develop intelligent, data-based defense mechanisms, Netshoes collected about 385 TB of event logs in the application using Azion Data Streaming integrated with its SIEM platforms.
Using Azion’s more than 60 Edge Locations across Brazil and Edge Application product suite, Netshoes offloaded 84% of request processing (200 billion or 18 thousand requests per second) to Azion, improving:
- uptime performance;
- efficiency in blocking malicious requests;
- speed of mitigation of DDoS attacks; and
- application performance with ultra-low latency.
The gains from processing on the Edge are due to the multi-layered security of the Azion network, which is monitored 24/7 and ensures the resilience that Netshoes needs to provide secure shopping journeys.
Netshoes is the largest sports lifestyle e-commerce in Latin America and one of the 100 most prestigious brands in Brazil. In addition to its strong identity in the market, Netshoes was appointed as the fourth-largest Brazilian e-commerce and second in the pure player category by the SBVC 2020 Ranking. Founded in 2000, the Netshoes Group is responsible for managing 15 other e-commerce sites, such as Zattini and Shoestock, in addition to the official NBA stores and major football clubs such as Cruzeiro, São Paulo, Internacional, Corinthians and Vasco da Gama. In terms of technology, Netshoes’ digital DNA is not a mere detail. Netshoes is the online-born retailer that invests most intensively in digital transformation and the protagonist of several case studies involving digital business strategies.
-   2020 Global Security Report | Trustwave
-  2020 Global Networking Trends Report | Cisco
-  Bad Bot Traffic Is On The Rise | Radware
-  Ranking 300 Maiores Empresas do Varejo Brasileiro 2020 | SBVC
-  Estudo aponta Netshoes como varejo eletrônico que melhor alia o digital à estratégia do negócio | Época Negócios