Quero-Quero strengthens the security of its applications, APIs, and origin infrastructure with Azion Firewall

Explore how Quero-Quero protects its e-commerce platform with Azion Firewall, strengthening API security and ensuring high availability.

Challenge

Quero-Quero is a building supply retailer that offers construction materials, home appliances, and furniture among many other items across its comprehensive catalog. Its e-commerce platform continues to grow every day, requiring not only performance and scalability but also a highly available and secure service.

Respect, commitment, integrity, and trust are core values at Quero-Quero, demonstrated through its focus on protecting user privacy on the web and maintaining constant availability for customers. However, this challenge required replacing its legacy solution with advanced security capabilities capable of detecting and mitigating modern threats.

A common risk in today’s application threat landscape is sensitive data exposure through APIs. According to a Radware survey[1]:

  • 27% of organizations have less than one quarter of their apps exposed;
  • 35% have between one quarter and one half of their apps exposed; and
  • 38% have more than one half of their apps exposed.

In addition, many other risks threaten web applications, including SQL injection, DDoS attacks, BGP hijacking, and more. These threats cannot be mitigated or blocked without cybersecurity solutions capable of providing automated, real-time, and event-driven security features.

Solution

The Azion Platform offers a modern and sophisticated set of capabilities essential for businesses seeking to strengthen their cybersecurity posture, including Azion Firewall and its modules Web Application Firewall (WAF), Network Shield, and DDoS Protection.

Protecting web applications and APIs from complex risks is a major challenge for Quero-Quero. This challenge is addressed through customized WAF rules that allow the company’s security team to:

  • Automate monitoring and blocking of web exploits such as SQL injection, cross-site scripting, and directory traversal attacks;
  • Build customized WAF rule sets to protect Quero-Quero’s APIs and web applications;
  • Adjust threat configuration and sensitivity levels with ease.

In addition, Quero-Quero gains better visibility into network activity through a programmable security perimeter built with Network Shield, allowing its cybersecurity experts to analyze whether an attack correlates with other events recorded in the WAF or Real-Time Manager.

Ensuring that Quero-Quero’s web and mobile e-commerce platform remains available 24/7 is another key requirement. To support this, the Azion Platform provides several capabilities, including content delivery through Azion’s distributed network, multi-layer security, and Network Lists.

Additionally, Quero-Quero implemented Azion Origin Shield to establish a security perimeter around its origin infrastructure, restricting origin access to authorized IP addresses within Azion’s network and blocking all other requests.

Results and impacts

Simplifying monitoring, blocking, and mitigation activities through automation is a major achievement Quero-Quero reached using Azion Firewall. With tens of millions of threats automatically blocked by WAF, the company saves effort, time, and operational costs while maintaining a highly secure e-commerce platform.

API security is crucial to prevent data breaches and protect customer privacy. To improve API management and protection, Quero-Quero uses Azion Secure Token to easily create tokens through Functions, establishing robust access control for its services and resources.

Ultimately, Quero-Quero has been able to guarantee 100% availability of its e-commerce platform by redesigning its web applications while strengthening its security posture. In addition, our Enterprise Support provides assistance with custom configurations and support before, during, and after potential attacks.

About Quero-Quero

Quero-Quero is a retail company founded in 1967, composed of more than 300 stores across the states of Rio Grande do Sul, Santa Catarina, and Paraná. Its e-commerce platform was launched in 2019, marking the beginning of its digital transformation and accelerating its growth.

Today, the company offers more than 20 product categories through its online platform and is recognized as the 5th largest retailer in Brazil’s building supply industry. Despite its rapid growth, focusing on smaller cities and maintaining close relationships with customers remains a key element of Quero-Quero’s success.

References: