The current situation
E-Commerce websites might be the most exposed and attacked sites. Merchants sites feature :
- very attractive flows for new cyber criminals : web hackers who act for financial reasons. e-commerce websites deal with goods that usually have a market value. And they also handle financial flows and payment tools. Potential frauds are numerous : data theft, transaction fraud, for instance cookie manipulation to decrease purchase price, identity spoofing, credit card number theft, blackmail, defacement, fiscal fraud and evasion, money laundry, ... and of course spoofing, illegal hosting, relay, ... An e-commerce website is thus very EXPOSED !
- e-commerce websites are designed to be user-friendly, they need to make consultation and order easy, to attract and make end-users happy and loyal, they need to offer value added service ... Then home applications are numerous and they are highly customized.. Consequently an e-merchant website is VULNERABLE
- Raw material is information which is usually confidential, it requires integrity, access continuity, availability. These information and financial flows attract cyber-criminals.
BinarySEC brings a perennial solution
- A web application protection like BinarySEC is especially needed and efficient for e-merchant websites. BinarySEC quickly regulates incoming HTTP traffic, makes monitoring very easy, its intelligent tool concept strongly simplifies its use. IT programmer or system admin skills are not necessary. No need to have expertise in regular expressions ! Return on Investment is very quick and easy to calculate as it happens at the very first attack attempt ! At last, security feeling is unvaluable !
- BinarySEC equation is simple : potential attack = unexpected request = abnormal traffic. Consequently, BinarySEC modelizes normal traffic, then rejects abnormal traffic
- Attacks often start with IP address and machine scan, then requests testing applications availability are sent, then targeted exploits. In all cases, traffic is abnormal so it is blocked an logged
- BinarySEC installs directly on the web server and learns normal traffic for THIS specific application. So it refines its experience base for THIS specific server and it adapts its protection. This very close and dedicated shielding reduces false positives rate and increases efficiency. The experience base (ie learning achieved by the AI engine) of a Content Management Server - for instance using Joomla or SPIP - will differ from a data presentation server
- Multi-server monitoring and statistics features enable to control tens of servers from a single web interface