Gamania CloudForce and Reblaze join forces to protect the security of corporate websites and Apps

A good corporate website can improve the popularity and image of enterprises; however, when the security of a website fails, it might become a malware spreader and hurt a large number of their customers directly, and the benefits previously described might also all suddenly vanish. It will cause other severe results such as damaging their business reputation and losing customers. This is why website security protection is indeed particularly important to enterprises.

There are hundreds of website security threats nowadays including SQL injection, form manipulation and cross-site scripting attacks etc.; there are also DDoS attacks across network layers and application layers, as well as malicious robots and web crawlers. There is also mobile application (App) security that needs to be taken care of as well. All of these make protection requirements more and more complicated, and it is difficult for enterprises to take care of every aspect. For example, many enterprises are trying extremely hard to block robot traffic, and they have tried every possible means over the years but the problem couldn’t be effectively resolved; it even ended up increasing the burden of IT management cost.

Because of this, Gamania CloudForce who has deep plowed in the information security service for many years officially formed partnership with Reblaze Technologies recently, hoping to protect the cloud websites (applicable for AWS, Azure and GCP) of Taiwan users and the security of Apps by relying on Reblaze’s comprehensive website security solution along with unique energy such as multi-level threat detection, behavior analysis and automated machine learning (ML) etc.

Accurately identifying robot traffic based on hundreds of signatures

Reblaze’s director for the Asia-Pacific region Chieh-Yao Chang stated that this company is an Israeli network security company that was established in 2012. Its headquarters is located in the U.S. committed to developing comprehensive Web security services. It has been praised by many B2C service providers around the world, including many e-commerce, finance, gaming, electronic payment, airlines and government agencies. Its customer base is growing daily, causing Reblaze having to process over 5 billion HTTP/S requests per day and accumulate big data so that this company can use AI/ML to continually uncover valuable information from the data, learning about the latest attack techniques and forming a positive cycle. This allowed its customer retention rate to always be maintained at a high level of approximately 97.5%.

When we talk about Reblaze’s comprehensive cloud website security solution, it includes next generation WAF and DoS/DDoS protection, advanced robot management, real-time traffic monitoring management and even rich website protection functions including CDN, load balance, and automatic resource expansion. It also provides the Mobile SDK to help users protect Apps.

Chieh-Yao Chang said that Reblaze now considers Taiwan its main market; they interviewed many local users and felt that even though business organizations in Taiwan has deep understanding on information security, but there are still hidden concerns; and that is it cannot be confirmed whether the website transaction volume actually came from real customers, and so it is difficult to be sure that websites will not be intruded. These hidden concerns cannot be resolved by using techniques such as WAF or website verification codes alone because the ratio of signature attacks is getting lower and lower these days. On the other hand, there are more and more new types of behavioral attacks, and traditional defense technologies can no longer keep up.

The general manager of Gamania CloudForce Paul Ding stated that the reason why his company values Reblaze so much is because the volume of data they collected is big enough, and that causes ML algorithms to continually improve. It can help users identify website traffic more accurately and whether the session came from real people or from robots.

The robot management algorithm from Reblaze has covered over a hundred signatures to date; it is great at determining whether the visitor is a real person through delicate characterizations including moving speed of the mouse, tapping speed of the keyboard, whether copy & paste is used and whether the angle the mobile phone was held was straight or oblique. Even more, assuming there are two transactions that came from the same IP and one of their behaviors is good and the other is bad, then Reblaze will analyze each of the transactions and release the good one while blocking the bad one; it will not just block the IP entirely and block normal customers accidentally.

Website protection functions can be activated through public cloud, private cloud, or MSSP

Undeniably, many users have already deployed mechanisms including WAF, DDoS protection and CDN etc.; maybe only the limited demand gaps like Bot Manager need to be filled. But even so, Reblaze solutions can still be adopted because Reblaze has highly integrated different information security products; the logs that it generated itself can even be automatically tossed to the SIEM/SOC of the user client for centralized processing.

Chieh-Yao Chang disclosed that even though the usage scenarios described above are quite common in foreign countries, many users gradually replaced their original protection mechanism to Reblaze solutions. He further gave an example: in terms of DDoS protection, general products or services can only block L3/4 attacks; as for L7 attacks, for example hackers simulating the behavior of a real person and causing chronic attacks, this is a defensive strength of Reblaze. Most WAF products and services need manual intervention to set protection rules, but the new generation WAF service from Reblaze can generate “autonomy” results according to the ML algorithm behind and respond to different attacks immediately. All of these are incentives for users to switch over.

Also, even though there already are WAF, DDoS protection, CDN, load balance and other similar cloud services available on the market, but usually when all tenants use the same platform or even the same IP address, there is the risk that if one tenant gets attacked, sometimes every other tenant on the same platform will all suffer consequences together. Reblaze gives each tenant dedicated virtual private cloud (VPC) that can eliminate the multi-tenant loophole and guarantee user privacy; this is one of its highlighted features.

Another thing worth mentioning is that Reblaze users can use a single interface to view all logs comprehensively without having to waste time and log into different systems to collect the different types of logs. If an information security event occurs, the investigation process can be accelerated and contingency measures can be deployed as soon as possible.

Paul Ding said that Reblaze solutions support multiple enabling modes. One is public cloud mode; users can enable Reblaze services right from the cloud platform where the user’s website was set up. Deployment can be completed in as little as 5 minutes. Next is the landing mode. In consideration of highly supervised users such as financial and government agencies, by law their assets cannot be away from the premises, but they still want to strengthen their website defenses. So this is where Gamania CloudForce can help construct a Reblaze service host at the user terminal, and algorithms can still be updated every now and then so similar defense functions can be exerted locally; the only difference is that the automatic resource expansion mechanism used on public clouds is not applicable here. The DDoS protection performance relies on the level of resource preparation by the users themselves.

The third type is the landing public cloud mode; this is based on Gamania CloudForce’s years of accumulated information security service energy. Gamania CloudForce cloud is used to provide information security hosting service (MSSP). This is a win-win option for users who want to use the flexible resources of public clouds but also need to consider the on-site audit requirements of the competent authority.

Reblaze and Gamania CloudForce both think that there are many users in Taiwan who are troubled by the robot management issue and still have not found effective contingency plans, and also wasted a lot of infrastructure cost in response to the invalid traffic for a very long time. Now they can use Reblaze solutions to reinforce these flaws, and there should be deep incentive for implementation.