Quero-Quero strengthens the security of its applications, APIs, and source infrastructure with Edge Firewall

Discover how Quero-Quero protects its APIs and applications with Azion

Retail

Client

Industry

Retail

Location

Brazil | Cachoeirinha, RS

Solutions

BuildSecureDeployObserve

Products

Edge Firewall

Challenges

  • improve the protection of the e-commerce platform, including APIs and source infrastructure;
  • automate blocking and monitoring of OWASP Top 10 risks that threaten Quero-Quero's virtual store; and
  • increase availability for its e-commerce platform.

Benefits

  • millions of complex cyber threats blocked automatically by WAF;
  • integration of firewall rules into its CI/CD workflow, simplifying secure software development; and
  • 100% availability of Quero-Quero’s e-commerce platform.

Challenge

Quero-Quero is a building supply retailer that offers construction materials, home appliances, and furniture among other items across its comprehensive catalog. Its e-commerce platform is growing every day, which requires not only performance and scalability, but also highly available, secure service.

Respect, commitment, integrity, and trust are some of Quero-Quero’s values, which are demonstrated through their focus on protecting user privacy on the web, as well as being always available to its customers. However, this challenge required replacing their legacy solution with edge-native security resources that can better detect and mitigate modern threats.

A common risk in today’s application threat landscape is sensitive data exposed through APIs. According to a Radware survey[1]:

  • 27% of organizations have less than one quarter of their apps exposed;
  • 35% have between one quarter and one half of their apps exposed; and
  • 38% have more than one half of their apps exposed.

In addition, many other risks threaten web applications, such as SQL injection, DDoS attacks, BGP hijacking, and more. These threats cannot be mitigated or blocked without cybersecurity solutions that provide real-time, automated, and event-driven security features.

Solution

Azion’s Platform offers a modern, sophisticated set of resources and features that are essential for businesses to strengthen their cybersecurity posture, including Edge Firewall and its Web Application Firewall (WAF), Network Layer Protection and DDoS Protection modules.

Protecting web applications and APIs from highly complex risks is a top challenge for Quero-Quero. This challenge is overcome through customized WAF rules, which allow the company’s security team to:

  • automate monitoring and blocking of web exploits, such as SQL injection, cross-site scripting, and directory traversal attacks;
  • build WAF rule sets to protect Quero-Quero’s APIs and web applications in a customized way; and
  • adjust configuration and sensitivity level of threat types in just one click.

In addition, Quero-Quero attains better visibility into network activity through a programmable security perimeter built with Network Layer Protection, allowing its cybersecurity experts to examine if an attack correlates with other events registered in WAF or Real-Time Manager.

Ensuring that Quero-Quero’s web and mobile e-commerce platform stays up 24/7 is also a key point. To enable this, Azion’s Edge Platform provides many resources, including content delivery from more than 40 Edge Locations in Brazil, multi-layered security, and Network Lists.

Additionally, Quero-Quero added Azion Origin Shield to enforce a security perimeter around its source infrastructure, which restricts access to Quero-Quero’s origin to specific IP addresses in Azion’s network, blocking all other requests.

Results and impacts

Simplifying monitoring, blocking, and mitigation activities through automation is a significant achievement that Quero-Quero reached using Azion Edge Firewall. With 10’s of millions of threats blocked automatically by Azion’s WAF, it saves effort, time, and money while providing a highly secure e-commerce platform.

API security is crucial to prevent data breaches and protect customers’ privacy. To enhance its API management and security, Quero-Quero uses Azion’s Secure Token to easily create tokens through serverless functions activated via Edge Firewall, establishing robust control of access to its services and resources.

At last, Quero-Quero has been able to guarantee 100% availability on its e-commerce platform, redesigning their web applications and while bolstering their security posture. In addition, Azion’s Enterprise Support is ready to help Quero-Quero with custom configurations, as well as provide support before, during, and after an attack.

About Quero-Quero

Quero-Quero is a retail company founded in 1967 composed of more than 300 stores spread across the states of Rio Grande do Sul, Santa Catarina and Paraná, and an e-commerce platform launched in 2019, marking the beginning of its digital transformation and exponential growth. Nowadays, you can find more than 20 product categories on the e-commerce platform, and Quero-Quero is the 5th biggest retail company in the building supply industry. In spite of this exponential growth, focusing its operations in smaller cities and favoring customer relationships is still the secret to Quero-Quero’s success.

References:

Get in touch with us

We’re here to help you get started and make the most of your Azion free account. Our Sales team can also help you with a variety of topics including new orders and special pricing for large volumes or long-term commitments. If you’d like the Azion Sales team to contact you to discuss your project, please fill out this form.

Azion respects your privacy and uses your personal information only to provide and communicate about products and services. You can opt out of receiving our communications at any time. To learn more, check our Privacy Policy