Quero-Quero strengthens the security of its applications, APIs, and source infrastructure with Edge Firewall
Quero-Quero is a building supply retailer that offers construction materials, home appliances, and furniture among other items across its comprehensive catalog. Its e-commerce platform is growing every day, which requires not only performance and scalability, but also highly available, secure service.
Respect, commitment, integrity, and trust are some of Quero-Quero’s values, which are demonstrated through their focus on protecting user privacy on the web, as well as being always available to its customers. However, this challenge required replacing their legacy solution with edge-native security resources that can better detect and mitigate modern threats.
A common risk in today’s application threat landscape is sensitive data exposed through APIs. According to a Radware survey:
- 27% of organizations have less than one quarter of their apps exposed;
- 35% have between one quarter and one half of their apps exposed; and
- 38% have more than one half of their apps exposed.
In addition, many other risks threaten web applications, such as SQL injection, DDoS attacks, BGP hijacking, and more. These threats cannot be mitigated or blocked without cybersecurity solutions that provide real-time, automated, and event-driven security features.
Azion’s Platform offers a modern, sophisticated set of resources and features that are essential for businesses to strengthen their cybersecurity posture, including Edge Firewall and its Web Application Firewall (WAF), Network Layer and DDoS Protection modules.
Protecting web applications and APIs from highly complex risks is a top challenge for Quero-Quero. This challenge is overcome through customized WAF rules, which allow the company’s security team to:
- automate monitoring and blocking of web exploits, such as SQL injection, cross-site scripting, and directory traversal attacks;
- build WAF rule sets to protect Quero-Quero’s APIs and web applications in a customized way; and
- adjust configuration and sensitivity level of threat types in just one click.
In addition, Quero-Quero attains better visibility into network activity through a programmable security perimeter built with Network Layer Protection, allowing its cybersecurity experts to examine if an attack correlates with other events registered in WAF or Real-Time Manager.
Ensuring that Quero-Quero’s web and mobile e-commerce platform stays up 24/7 is also a key point. To enable this, Azion’s Edge Platform provides many resources, including content delivery from more than 40 Edge Locations in Brazil, multi-layered security, and Network Lists.
Additionally, Quero-Quero added Azion Origin Shield to enforce a security perimeter around its source infrastructure, which restricts access to Quero-Quero’s origin to specific IP addresses in Azion’s network, blocking all other requests.
Results and impacts
Simplifying monitoring, blocking, and mitigation activities through automation is a significant achievement that Quero-Quero reached using Azion Edge Firewall. With 10’s of millions of threats blocked automatically by Azion’s WAF, it saves effort, time, and money while providing a highly secure e-commerce platform.
API security is crucial to prevent data breaches and protect customers’ privacy. To enhance its API management and security, Quero-Quero uses Azion’s Secure Token to easily create tokens through serverless functions activated via Edge Firewall, establishing robust control of access to its services and resources.
At last, Quero-Quero has been able to guarantee 100% availability on its e-commerce platform, redesigning their web applications and while bolstering their security posture. In addition, Azion’s Enterprise Support is ready to help Quero-Quero with custom configurations, as well as provide support before, during, and after an attack.
Quero-Quero is a retail company founded in 1967 composed of more than 300 stores spread across the states of Rio Grande do Sul, Santa Catarina and Paraná, and an e-commerce platform launched in 2019, marking the beginning of its digital transformation and exponential growth. Nowadays, you can find more than 20 product categories on the e-commerce platform, and Quero-Quero is the 5th biggest retail company in the building supply industry. In spite of this exponential growth, focusing its operations in smaller cities and favoring customer relationships is still the secret to Quero-Quero’s success.
- \[1\] 2020-2021 State of Web Application & API Protection | Radware