X

DigiCert, a provider of scalable TLS/SSL and PKI solutions, was facing challenges in securing their AWS environment. They were already using Imperva’s SaaS Web Application Firewall (WAF) to protect their on-premises applications, but their existing DDoS mitigation solution on AWS was not satisfactory. The solution was excessively scrubbing traffic and blocking legitimate traffic. As DigiCert's business is subjected to daily attacks, they needed a robust security solution that could manage risk, monitor all traffic, rapidly identify threats, and only allow valid traffic to access their applications. They wanted a solution from a single provider that could deliver both WAF protection and DDoS mitigation across their entire hybrid environment. The solution also needed to lower false positives, assure rapid response to minimize potential business interruption, and automate as much of the security process as possible due to time and resource constraints.

The customer, a leading global IT services provider, was seeking to enhance its security credentials to win a lucrative contract with a major North American financial institution. The challenge was to restrict access to sensitive data and improve the protection of customer information. The customer also needed to comply with consultant security policies in training, development, and testing environments, and establish greater controls for alternative development opportunities like offshore initiatives. Furthermore, the financial institution required a solution that could achieve secure, realistic data reproduction and integrated masking across multiple database types and applications.

DigiCert, a leading provider of scalable identity and encryption solutions, was already using Imperva’s SaaS Web Application Firewall (WAF) to protect their on-premises applications when they began migrating some of their workloads to Amazon Web Services (AWS). However, they were not satisfied with their existing DDoS mitigation solution on AWS, as it excessively scrubbed traffic and often blocked legitimate traffic. As DigiCert's usage of AWS grew, they realized the need for a new security solution that could manage risk, monitor all traffic, rapidly identify threats, and only allow valid traffic to access their applications. They wanted a solution from a single provider that could deliver both WAF protection and DDoS mitigation across their entire hybrid environment. The solution also needed to lower false positives, assure rapid response to minimize potential business interruption, and automate as much of the security process as possible due to time and resource constraints.

A leading bank in the Asia-Pacific region was faced with the challenge of meeting the Internet Banking Technology Risk Management (IBTRM) requirements. These requirements necessitated the bank to closely supervise and log database activities performed by privileged users. The bank operates over 1500 mission-critical databases, distributed across seven different nations, making it crucial to deploy a solution that can scale to monitor and audit all databases, in all locations. Centralized management was key for enforcement, efficient management, and on-going maintenance. The bank was also concerned about the impact a monitoring solution would have on database performance, hence needed to ensure a low impact solution that would not compromise the availability of its financial systems. IBTRM also required the bank to limit privileged access based on “need-to-know.” Reviewing and managing access privileges across 1500 databases mandated the bank to implement an automated solution for aggregating and analyzing access privileges. For enforcing configuration policies and patch levels the bank needed a quick, automated way to scan databases, find misconfigurations and identify missing patches. Lastly, the bank needed to ensure proper incident management and response.

Frontier Airlines, a low-cost air carrier, was facing a significant challenge with its online booking engine. The company noticed a higher than expected look-to-book ratio, indicating that many website visitors were viewing flights but not making purchases. Upon further investigation, it was discovered that 50 to 60% of the traffic was not legitimate but was generated by bot operators scraping pricing data and artificially inflating the look-to-book ratio. This influx of bots not only skewed Frontier’s ratio but also resulted in potentially large overage fees as the company partners with a third-party reservation system that requires it to meet a certain look-to-book ratio. Additionally, the bot visits skewed site analytics, hindering the company’s ability to optimize the customer journey and maximize both revenue and customer experience. Frontier’s previous attempts to combat bots, such as manual IP blocking, proved to be time-consuming and ineffective as bot sophistication had dramatically increased.

Datalex, a leading provider of a unified Digital Commerce Platform, was facing a significant challenge with bad actors scraping their customers' sites. This activity was diminishing SEO, luring away upsell and cross-sell opportunities, and increasing Global Distribution System (GDS) API pull costs. The travel industry, in which Datalex operates, is particularly vulnerable to such activities due to the valuable data available on their sites. Persistent scrapers were stealing content from travel sites, posting it on their own sites, and monitoring fare prices to undercut with lower fare offerings. One of Datalex's airline customers was being bombarded with deep-digging attacks, driving up backend payment costs. Even smaller customer sites were hit by bots multiple times a day, slowing them down or even taking them offline. Datalex had been using an anti-bot solution from F5 Networks, but it was proving ineffective in distinguishing good bots from bad ones and was burdensome to manage.

A leading North American life insurance company was grappling with the challenge of managing serious risks and ensuring compliance with regulatory standards. The company was struggling with the manual process of compliance proof and reporting, which was not only time-consuming but also prone to errors. The lack of automation in their processes was leading to inefficiencies and increased operational costs. The company was also unable to achieve 100% coverage of regulated data, which posed a significant risk to their operations. The challenge was to find a solution that could automate these processes, reduce expenses, and ensure comprehensive coverage of regulated data.

The healthcare organization, one of the largest nonprofit healthcare systems in the country, was faced with the challenge of protecting vast amounts of patient data. With over 400,000 people in the health system, the organization had to manage a sprawling environment that spanned structured data, unstructured data, and data stored in the cloud. The organization had to balance the clinicians’ needs for on-demand access to patient data against the risk of a data breach. In 2016, the organization embarked on a multiyear project to enhance the protection of patient data across the organization. However, a data security incident early in the project forced the organization to reevaluate its priorities.

TicketNetwork, a rapidly growing online ticket exchange platform, faced significant security challenges due to the nature of its business. The company, which facilitates transactions for third-party ticket sellers and buyers, is a prime target for hackers due to the high volume of credit card transactions it processes. As a Level 1 Service Provider, maintaining PCI compliance was a major corporate initiative for TicketNetwork. Despite not having experienced any data breaches, the company was keen to ensure that its security measures were robust and effective. Additionally, the company needed a solution that could handle massive traffic, block malicious IP addresses, and be deployed quickly for immediate compliance and security.

The customer, a major US Financial Services Provider, part of a Global Fortune 500 Company, was facing several challenges in securing its trading environment. The company needed clear visibility into its database traffic to monitor activity and identify risks. It was crucial to secure customer data and transactions within the online trading environment. The company also needed to ensure the high performance and availability of the database and services that actively support online trading processes. The company was also looking to automate compliance and reporting capabilities for regulatory standards such as GLBA, HIPAA, HiTECH, FISMA, SCC, SOX, ISO 27001 and the NIST Cybersecurity Framework. Protecting sensitive customer and trading information from insider abuse was another challenge. The company also needed to control access to cloud apps and confidential client information, including rich policy enforcement and IP address whitelisting. Lastly, the company needed to prevent DDoS / DNS attacks from compromising the client website.

A leading job site was facing several challenges due to unwanted bot activity on their platform. The site was being crawled by malicious bots, which were distorting web metrics and compromising the integrity of the site's traffic. This was particularly problematic as the site operates as an advertising platform for employers, making accurate traffic metrics crucial. The site's existing solutions, including a homegrown solution and utilities from their CDN, were only able to reactively block bots, not proactively prevent them. This meant that the team was unable to identify and block bots before they became a problem. Additionally, the unwanted bot traffic was consuming resources, driving up infrastructure costs, and negatively impacting the site's performance. The engineering team was also concerned about potential data theft by bots, and wanted to ensure they had complete control over their data.

e-Travel, a leading e-commerce travel specialist, was facing a significant challenge with web scraping bots. These bots, deployed by competitors and new entrants in the travel industry, were stealing e-Travel's data, including pricing information, and selling it to other competitors or auctioning it. This data theft was not only compromising the integrity of e-Travel's data but also straining its team and technical resources. The bots were scraping the sites so frequently that it was affecting the company's service quality. The company had to deploy additional resources to meet the bot demand, which was proving to be expensive. Additionally, the bots were skewing the company's look-to-book ratios and inflating advertising and GDS pull costs. The company's homegrown solution, 'Bot Hammer', was unable to keep up with the bots, and the bot problem persisted. In 2017, the company also faced a few denial of service attacks, adding to its operational challenges.

WMPH Vacations, a travel company specializing in cruise and resort vacations, was facing significant challenges with its network of 30 websites. The company's websites were under constant attack from hackers, competitors, unauthorized aggregators, and other malicious actors. The security threats included near-constant SQL injection attempts, aggressive price scraping, unauthorized vulnerability scanning, and spam. The form spam was particularly problematic as it polluted the company's backend systems, requiring managers to manually sift through forms to remove spam. Despite implementing CAPTCHAs and creating filters, these techniques proved ineffective and required constant maintenance. Additionally, web scraping was negatively impacting site performance, slowing response times, and affecting customer service and transactions with partners. The company was using AWS ELB to manually block IPs, but this was a never-ending task due to bot operators changing and masking IPs.

The European-based company, one of the largest prepared-food delivery chains on the continent, was facing a significant challenge in 2014. Cyberattacks on the company’s website were increasing in frequency and severity, leading to customer complaints and potentially damaging the company's reputation and market position. The company needed a solution to block the harmful traffic that was negatively impacting the customer ordering experience, while ensuring that legitimate eCommerce traffic continued to reach the website. The challenge was not only to protect the company's digital assets but also to maintain a seamless and efficient customer experience. The situation was further exacerbated during the pandemic, with an increase in food delivery orders and a simultaneous surge in cyberattacks.

LeoVegas, a rapidly growing mobile gaming company, was committed to creating the ultimate mobile gaming experience for its players. This commitment involved ongoing efforts to improve the security, availability, and performance of its website, which directly impacted the company's bottom line. A key business requirement was reducing the risk of a DDoS attack against the website, a prevalent issue in the gaming industry often initiated by disgruntled players. Although LeoVegas had not yet been targeted, the company believed it was only a matter of time given its growth and industry position. To protect against service disruption, LeoVegas sought an always-on DDoS mitigation solution that would not add latency to overall website performance. As the company expanded into more countries and markets, regulatory compliance became a top concern. Each country required more audits and had different compliance issues that needed to be addressed. LeoVegas required a security solution that could support automated compliance reports and meet PCI-level standards. Additionally, the company sought a solution that could provide better visibility into its website traffic for marketing purposes.

A global computer technology company was facing significant challenges in meeting the criteria for various regulations including the Sarbanes–Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI-DSS), and Statement on Auditing Standards No. 70 (SAS 70). The company was using IBM Guardium to secure their databases, but the high cost of ownership and operational inefficiencies were proving to be a major hurdle. The company was unable to expand their IBM Guardium deployment beyond the 500 databases it covered due to the overwhelming amount of labor required. This left some critical databases unmonitored, introducing compliance and security risks. The high labor cost was mainly due to Guardium’s architecture deficiencies, which required a large number of virtual appliances to cover the company’s 500 databases. The volume of virtual appliances made the deployment complicated and costly to operate. Furthermore, Guardium’s integration with the company’s Remedy change ticketing and workflow system was cumbersome, and presented many challenges.

SOKA-BAU, a German company providing benefits, compensation, and pension insurance services for 70,000 construction companies, faced a significant challenge in their digital transformation journey. They aimed to provide self-service web applications to their customers and covered employees, which meant exposing their applications to the Internet. However, before they could enable online self-service, they needed to ensure that the sensitive compensation and financial information in their backend databases was completely secure from unauthorized access. The security solution also had to stand up to the scale and availability rigors required from an application with over 650,000 end users. Adding to the challenge was the heterogeneous environment, including database and application server products from several leading vendors, running both custom and packaged applications.

Accor North America, a Dallas-based hotel company operating more than 1,200 hotels, was facing a significant challenge with its online reservations system. Despite having multiple layers of defense, including Secure Sockets Layer (SSL) encryption, the company was concerned about the potential for SSL to be exploited by malicious hackers. SSL, while excellent for protecting consumer information, could also provide a cover for hackers trying to infiltrate the system. More than half of Accor's reservations were made through the web, making the security of this system crucial. The company had an intrusion-prevention system and a perimeter firewall in place, along with standard server hardening techniques. However, the potential vulnerability of the SSL tunnel was a significant concern.

Betfred, the 4th largest bookmaker in the UK, was facing a significant proportion of bad bot traffic on its domains, with the volume of bad bots reaching as high as 87% of all web traffic. This was causing a strain on the IT team and wasting bandwidth and infrastructure resources. The company was also dealing with a high frequency of account takeover attacks, with up to 30 brute force credential stuffing attacks on login pages in a month. The backend systems were constantly busy, and the CPU utilization of their IPS/IDS was around 40% dealing with normal traffic. The company also faced issues with inconsistent mitigation strategies, stretched thin team resources, aggressive unauthorized scraping of betting odds, and vulnerability scans looking for weaknesses. The bot problem was one that Betfred tried to tackle internally, using other tools like their DDoS, WAF and IPS/IDS. But soon realized those tools were not built to deal with sophisticated bot operators who could easily circumvent traditional security solutions.

One of the world’s top 100 Universities, with a presence on four continents, was facing challenges with its network security controls and visibility to protect its assets. The University's expanding database and the changing landscape of external threats had pushed its network security controls to the limit of acceptable risk mitigation. The University was keen on attaining the ISO27001 certification for a small subset of clinical registries, which further emphasized the need to enhance network security. The University needed to protect web applications in multiple cloud environments and support WAF on the Microsoft Azure Platform, while maintaining an on-premises footprint for legacy applications. The solution had to be cloud and on-premise, multi-cloud provider, SaaS, with timely delivery and speed of execution, and cause minimal disruption to the business and end users during deployment.

The North American insurance company, with a history of 150 years, was facing a significant shift in its security strategy. As the company grew, so did the pressures of regulations and customer expectations, leading to a shift from compliance to security use cases. The company's customers were increasingly considering their own potential risks when determining what insurance services to use. This, combined with the added complexity of regulations such as GDPR, CCPA, and NYFDS, and the very visible data breaches in the news, made it critical for the company to stay ahead of it. The company was using IBM Guardium™ Database Activity Monitoring (DAM) for data compliance and governance. However, the new security emphasis created a significant focus on proactively managing the detection and prevention of unauthorized activities around sensitive data. This led to a re-evaluation of the IBM Guardium™ tool for its data security potential. The company needed a solution that could cover additional databases that Guardium™ did not support, eliminate the manual labor that traditionally comes with security incident response, and provide easy access to long-term audit information for reporting and forensic investigation.

One of Europe’s largest independent online beauty retailers was facing a serious issue with web scraping. The retailer suspected that its competitors were using advanced bots to scrape pricing and inventory data from its website, allowing them to match prices and products quickly. The retailer noticed that a lot of its traffic was not from real users but from competitors spying on them. The reaction time to changes made on their website was too quick to be human, indicating the use of bots. The retailer's solutions developer found a lot of bot traffic on the site, some of which could be traced back to the static IP of their competitors’ offices. Initially, the retailer tried to block the bad bots manually, but this turned into an endless game of whack-a-mole as the bots started spoofing the headers and it became difficult to determine whether an address was genuine or not. The task became more and more time-consuming, and soon they were spending a day and a half every week checking for bots.

StubHub, a leading ticket marketplace, was facing a series of challenges due to the activities of malicious bots. These bots were scraping pricing and inventory data from StubHub's website, selling this proprietary information to competitors, and reposting it on other platforms. This not only led to StubHub's pricing being undercut but also resulted in the theft and misuse of customer accounts. The problem was further exacerbated by the availability of stolen login information and password reuse, which facilitated account takeovers leading to buyer and seller fraud. Additionally, StubHub's site was under constant attack from Advanced Persistent Bots (APBs) that could imitate human-like interactions and blend in with human traffic. These bots were causing a significant increase in site traffic, leading to skewed analytics and artificially low conversion rates.

Smallpdf, a Swiss company providing online PDF tools, faced a significant challenge in protecting its over a billion user accounts from sophisticated bot-driven brute force credential stuffing attacks. These attacks were not only a threat to the sensitive data held in user accounts but also posed a risk to the company's infrastructure. The brute force attacks could potentially impact website performance, causing slowdowns and disruptions for legitimate users. The company's security team was consistently dealing with large-scale botnets targeting their website, which could compromise user accounts if not effectively mitigated. The need to protect their users and maintain the performance of their authentication service was a top priority for Smallpdf.

Brock University, a leading Canadian institution, was facing a significant challenge with its IT infrastructure. The university's mainframe, proprietary database was no longer capable of supporting its online programs and corresponding web-based applications. As the university planned to move from its proprietary mainframe database to a Microsoft SQL Server environment, it was concerned about the protection of its applications and data. The new environment would support a wide array of homegrown, web-based front-end applications, including student self-service applications, administration, finance, and business applications. The university was also concerned about protecting its database against new vulnerabilities that could be introduced over time. Furthermore, the combination of its custom web applications, thousands of users, and database conversion project was going to present a significant number of opportunities for insider threats and external attacks. Given the magnitude of the conversion project and its limited IT resources, Brock wanted a solution that was easy to implement and didn't require a lot of manual tuning.

The organization, a leader in the property and casualty insurance industry, was grappling with the challenge of scaling data discovery across millions of data records. They were also tasked with monitoring hundreds of databases and fulfilling numerous data owner requests every week. The existing manual processes were time-consuming and inefficient, often taking up to four weeks to complete a single data inventory task. The organization was also struggling with managing data owner requests without expanding their staff. Additionally, the audit reporting process was cumbersome and inefficient, leading to a significant amount of time being spent on audit documentation.

A Real Estate service business was in the process of rapidly deploying Amazon RDS databases to enhance its operations. However, this swift transition posed a significant challenge for the company's audit team. They were required to keep pace with the rapid deployment and ensure that all the databases were compliant with the necessary regulations. The team was also under pressure to prepare for an audit that was scheduled in just 60 days. The challenge was to find a solution that could provide rapid coverage of the 8 RDS instances, automatically discover and classify sensitive data, and establish and retain an audit and forensic trail for all database activity.

National Bankcard Services (NBS) provides custom processing solutions for petroleum and convenience store markets, including an online service for retailers to offer various payment options. As part of its operations, NBS enables its customers to track sales from payment card usage through an online portal. To maintain its reputation, NBS must ensure that the sales and related private corporate information of their customers is protected from unauthorized access and data theft. The company was previously performing code reviews and manual code fixes for its web applications, a process that was both time-consuming and prone to human error. NBS needed to comply with PCI 6.6 to protect the online portal from all types of application threats. However, with a small IT staff, the solution needed to be easy to configure and maintain.

vli Limited, a UK-based company that develops and manages innovative web-based solutions, faced a significant challenge in securing its hosted web application platforms. With a customer base of around 100, all of vli’s servers were co-hosted at a data centre operated by a third-party provider. While managed firewalls were already deployed at the data centre, vli had not yet implemented a Web application firewall solution. The company was particularly concerned about SQL injection, a common form of automated application attack that could potentially pose a significant threat to their critical infrastructure. The company's expansion plan for 2009, which involved aggressively targeting the SME market and increasing the number of platforms hosted by them, further compounded the issue. vli needed a robust security solution that could secure their entire legacy, current, and future code, and be fully interoperable with other layers of security architecture.

TechSoup Global, a nonprofit organization based in San Francisco, California, provides other nonprofits with technology resources and support. Their product donation program, TechSoup Stock, allows nonprofits to access donated and discounted technology products, saving organizations over $1.4 billion in expenses as of June 2009. However, the organization faced a significant challenge in securing its web-based transaction processing infrastructure, which was a prime target for hackers due to the processing of donations through credit cards. After an unsuccessful breach attempt, TechSoup realized the need to go beyond traditional perimeter and desktop protection. The organization needed a comprehensive security solution that would effectively monitor and protect its applications from hackers, prevent the loss of sensitive data, and facilitate PCI compliance. The solution also needed to be easy to use and deploy, and require no changes to applications or the network.