How can WafCharm with AWS WAF
benefits Ecommerce websites?
Raconteur’s product line “CampaignMO.org” is a multi-channel system that serves various political parties in the USA. This is a political campaign service provider that simplifies and streamlines endorsed candidates, relevant events and voting tools by Precinct
The system allows political campaigns to easily engage and communicate with their parties to coordinate and inform their users during elections and at the same time, easily engage their precinct, district, and state representatives.
information on certified candidates by precinct, relevant events by precinct, voting tools by precinct, etc. These systems allow political campaigns to easily connect with their precinct, district, and state representatives while working with political parties and keeping users informed during the election cycle.
See how Raconteur gets protected by WafCharm with AWS WAF!
CHALLENGES
- Since it’s politics, the methods of attacks are very personal, obsessive, and very serious.
- Blending malicious traffic with our conversions and goals drastically decreases our conversation rates. Having no way to determine the quality of traffic causes our marketing campaigns to lose confidence.
- We needed ways of tracking IP addresses and also blocking access from unwanted IP addresses.
- AWS security packaged services are very expensive.
Solution by WafCharm
RESULTS
- We are able to customize and tune the rules of AWS WAF to fit our business model.
- Rules and signatures are up-to-date and new vulnerabilities are also dealt with.
- We have visibility on the security landscape and quality of traffic.
- Effects of our marketing campaigns are easily measured and explained to our customers by blocking unwanted traffic.
What were the challenges faced in terms of security?
Due to the nature of the category, it’s prone to vulnerability attacks, recon and most importantly service disruption efforts.
In politics, competing agencies and competing campaigns attack each other diligently. In some cases, it’s blatant because they scope each other’s websites or applications to “reference” or “even” point out certain things.
We needed ways of tracking IP addresses and also blocking access from unwanted IP addresses.
Were there any other challenges faced?
Unwanted and malicious traffic makes it difficult to measure the effects of our marketing campaigns accurately.
With Raconteur media, politics and marketing campaigns closely rely on Google Analytics to justify “success” or “performance”. In some cases, it's even a business driver for ROI and even defines KPI.
However because flooding traffic and even scoping traffic are also “counted” in Google Analytics as an impression or a visit, and therefore can compromise the validity of conversion.
Among all WAFs, why did you choose AWS WAF?
Mainly because AWS WAF is a native AWS service and a 3rd party re-routing or configuration was not necessary.
In politics, it is a big deal to worry about 3rd party integration due to the PII nature (Personal Identifiable Information). However, using other WAF services requires an affidavit from the service provider and the campaign to "agree" that data may route outside of their hosting structure.
In the case of AWS WAF, as they have already agreed with AWS so activating AWS products does not require extra agreements.
How does WafCharm help overcoming those challenges?
With AWS WAF and WafCharm, IP addresses of our visitors are tracked. Therefore we can easily block unwanted IP addresses as well as perform due diligence on non-proxy IP addresses which leads us to competitor agencies and known culprits. Raconteur is able to manage a list of IP addresses which should be and would like to be prevented. In most cases, these IP addresses also send out malicious requests.
In terms of measuring the effect of our marketing campaigns, as WafCharm with AWS WAF is on the firewall level, unwanted and malicious traffic does not reach the application layer which prevents unwanted traffic being tracked in Google Analytics.
Before WAF, it would say 100 people came to “visit” the site and 2 people converted so it makes the conversion rate less, but in reality if 30 were just malicious traffic, therefore 70 real people came and 2 converted is basically the realistic data and with high data integrity.
What are the benefits from using WafCharm?
With WafCharm we have all the rules and signatures used in AWS WAF. This provides enough evidence and known information on the method that was used to perform the attack like SQL Injection or LOG4J known attacks.
As noted above, if you see the IP address and it’s blocked by SQL injection rule or LOG4j rule, then we can easily say this IP address, owned by Agency 1 issued a malicious code to us.
For example, Everyone knows that “2603:8081:2700:14a7:1007” is my IP address since that is whitelisted and recorded for server accesses, obviously if that starts being blocked for malicious codes then there is something wrong and can make me liable.
Are there other benefits from WafCharm?
Sure! WafCharm uses US protocols and CVE which easily translates to the most up-to-date or common attacks on the internet today, which means our website is protected from new vulnerabilities.
In some cases, some companies might have hundreds of thousands of “vulnerability” references and checks, but some of their rules are no longer significant.
Just imagine you have an antivirus that protects you from viruses which are running on WINDOWS NT. That is insignificant because WINDOWS is now version 11-12.
For WafCharm, most of the vulnerabilities we are blocking and counting can be easily found on CVE databases and are “still” up to date. What’s amazing about this is, like LOG4j, some of the vulnerabilities were recent.
