How can WafCharm with AWS WAF
benefits Ecommerce websites?
Eagles & Angels (E&A) was begun by Tom, a retired Army Special Operations combat veteran, who was moved by a conversation with his daughter as together they sorted the family attic and came across Tom’s old camouflage uniform. His memories began to pour out of the friends he made and lost in war. Hearing these long-ago accounts of his military service prompted his daughter to say, “You should do something with these, something good. They deserve it,” meaning both the uniforms and sharing his friends’ stories, and the idea for E & A was born. Each purchase helps support the families of the “cloth of heroes”. Hats off to Tom and his daughter for giving us all a way to carry on and hear the stories of active-duty military, veterans and fallen soldiers.
eaglesandangelsltd.com is an ecommerce website that sells limited and collectible items. A portion of the proceeds goes to the families and the military heroes.
AWS WAF with WafCharm is the most cost-effective solution.
CHALLENGES
- We are using WordPress and if we use an application layer security, it slows down the website.
- Due to the nature of the category and known WordPress vulnerabilities, hackers try out their attacks on Ecommerce websites like E&A.
- We are hosted by AWS using K8 (Kubernetes) though our system is scalable. To accommodate node creation on high traffic days, our system must properly segment malicious traffic against real traffic to prevent malicious traffic from interfering with transactional workflows.
- It has become a challenge to protect the store from culprits that want to hinder SKU releases.
- The security packages offered by AWS are very pricey.
Solution by WafCharm
RESULTS
- As WafCharm manages AWS WAF operation on our behalf, we were able to have peace of mind and not worry about our WAF operation.
- We are able to have more visibility on the security landscape as well as the quality of traffic.
- We have also submitted our solution to our business insurance that met the requirements for compliance.
What were the challenges faced in terms of security?
As E&A is a transactional website and is very competitive amongst various collectors all over the world, there are a slew of issues on security and performance optimization.
For example, since our website is using WordPress, our website is also constantly being reckoned for vulnerabilities due to the popularity of WordPress.
Also our system with WooCommerce can get very slow and would even crash in some cases due to the heavy traffic particularly on limited SKU releases.
Why did you choose WafCharm to overcome the challenges faced?
After going through various solutions, packages, and services, we tried almost all the solutions we could sign up for. And WafCharm came out to be the most fitting and cost-effective solution.
WafCharm provides signatures and rules which protect our system from the vulnerabilities of WordPress. The rules are also automatically updated in order to respond to the new vulnerabilities.
WafCharm also tracks IP addresses of malicious or fake traffic so that we can easily block unwanted IP addresses as well as perform due diligence on non-proxy IP addresses which leads us to competitor agencies and known culprits.
The implementation of WafCharm is not difficult: the solution did not require any changes and modifications on our Google Analytics implementation, while the security layer does not affect or compromise our performance.
Lastly, WafCharm also provides a full set of signatures and rules that we can easily see and present to our customers.
What are the benefits from implementing WafCharm?
WafCharm strengthens the security of our system and protects us from attacks, especially those attacks targeting the vulnerabilities of WordPress.
We have also submitted our solution to our business insurance that met the requirements for compliance.