View this presentation

HOW TO
BULLETPROOF
YOUR
ECOMMERCE SITE
HOW TO BULLETPROOF YOUR
ECOMMERCE SITE
Maria Karaivanova
Head of Business Development
CloudFlare Inc.
@mariakar
I. What Keeps Merchants Up At Night?
Competition!
Losing customer
trust
Delivering high quality
customer service
Store getting
hacked
Data theft
Not enough
traffic to store
Has Your Store Been Attacked?
May be / Not Sure
17%
No
41%
Yes
42%
What Kind Of Attack Was It?
6% 2%
DDoS Attack
8%
SQL injection
9%
45%
Other
Cross-site scripting (XSS)
Unauthorized admin access
13%
Credit card theft
Directory traversal
17%
How Did You Respond To The Attack?
26%
Firewall
Software update
Using ISP
4%
55%
4%
Changed password
Changed server configuration
Not reported
5%
6%
How Much Did The Attack Cost You?
4% 1%
14%
0-$10k
$10-30k
$30-100k
$100-1 million
82%
II. Security Trends
The latest attacks are increasingly
sophisticated and human-like
Sophistication
The Evolving Landscape Of DDoS Attacks
DNS
amplification
Up to 300 Gbps
NTP reflection
Up to 400+ Gbps
(35% up from DNS ampl.)
DNS
infrastructure
100s Gbps
2013
2014
HTTP
Application
100s Gbps
Source: www.digitalattackmap.com
Ecommerce Sites Are A Lucrative Target
Media &
Entertainment
16%
High Tech
9%
Commerce
27%
Public Sector
20%
Enterprise
28%
Source: www.akamai.com/stateoftheinternet
Example: Application Layer Attack
Layer 7 Attack
Application Layer DDoS Attacks – Layer 7
Layer 7 Attack Mitigation
Application Layer DDoS Attacks – Layer 7
IP challenged and “grey listed” in a matter of seconds.
III. Five Steps to Bulletproof Your Store
1. Encrypt & Secure Customer Data
Use HTTPS/SSL For Your Entire Website
Create A Custom Admin Path
Exercise password hygiene
•
Two-factor authentication
•
Choose complex passwords
•
Always Use Secure FTP
2. Deploy a Web Application Firewall
PCI Compliance - DSS requirement 6.6
The Right Firewall
3. Have A DDoS Mitigation Plan
Better Ways To Delight Your Customers?
…And Better Ways To Kick Off The Holiday Season
“We are getting hammered and can’t keep the
site online. We need to get behind a proxy to
shield us from the attacks.”
Have A DDoS Mitigation Plan
4. Keep Your Website Software Updated
Always Use the Latest Version of Magento
Be Vigilant With Add-ons
Perform Regular Malware Scans
5. Get Ready for Spikes in Traffic
Source: Adobe Digital Index
Be fast around the world
Five easy steps to a more secure
Magento shop
Thank you!
Maria Karaivanova
Head of Business Development
CloudFlare Inc.
@mariakar