Interview with Ryan Gravatt, CEO of Raconteur Media

  • What were the challenges faced in terms of security?

    Due to the nature of the category, it’s prone to vulnerability attacks, recon and most importantly service disruption efforts.

    In politics, competing agencies and competing campaigns attack each other diligently. In some cases, it’s blatant because they scope each other’s websites or applications to “reference” or “even” point out certain things.

    We needed ways of tracking IP addresses and also blocking access from unwanted IP addresses.

  • Were there any other challenges faced?

    Unwanted and malicious traffic makes it difficult to measure the effects of our marketing campaigns accurately.

    With Raconteur media, politics and marketing campaigns closely rely on Google Analytics to justify “success” or “performance”. In some cases, it's even a business driver for ROI and even defines KPI.

    However because flooding traffic and even scoping traffic are also “counted” in Google Analytics as an impression or a visit, and therefore can compromise the validity of conversion.

  • Among all WAFs, why did you choose AWS WAF?

    Mainly because AWS WAF is a native AWS service and a 3rd party re-routing or configuration was not necessary.

    In politics, it is a big deal to worry about 3rd party integration due to the PII nature (Personal Identifiable Information). However, using other WAF services requires an affidavit from the service provider and the campaign to "agree" that data may route outside of their hosting structure.

    In the case of AWS WAF, as they have already agreed with AWS so activating AWS products does not require extra agreements.

  • How does WafCharm help overcoming those challenges?

    With AWS WAF and WafCharm, IP addresses of our visitors are tracked. Therefore we can easily block unwanted IP addresses as well as perform due diligence on non-proxy IP addresses which leads us to competitor agencies and known culprits. Raconteur is able to manage a list of IP addresses which should be and would like to be prevented. In most cases, these IP addresses also send out malicious requests.

    In terms of measuring the effect of our marketing campaigns, as WafCharm with AWS WAF is on the firewall level, unwanted and malicious traffic does not reach the application layer which prevents unwanted traffic being tracked in Google Analytics.

    Before WAF, it would say 100 people came to “visit” the site and 2 people converted so it makes the conversion rate less, but in reality if 30 were just malicious traffic, therefore 70 real people came and 2 converted is basically the realistic data and with high data integrity.

  • What are the benefits from using WafCharm?

    With WafCharm we have all the rules and signatures used in AWS WAF. This provides enough evidence and known information on the method that was used to perform the attack like SQL Injection or LOG4J known attacks.

    As noted above, if you see the IP address and it’s blocked by SQL injection rule or LOG4j rule, then we can easily say this IP address, owned by Agency 1 issued a malicious code to us.

    For example, Everyone knows that “2603:8081:2700:14a7:1007” is my IP address since that is whitelisted and recorded for server accesses, obviously if that starts being blocked for malicious codes then there is something wrong and can make me liable.

  • Are there other benefits from WafCharm?

    Sure! WafCharm uses US protocols and CVE which easily translates to the most up-to-date or common attacks on the internet today, which means our website is protected from new vulnerabilities.

    In some cases, some companies might have hundreds of thousands of “vulnerability” references and checks, but some of their rules are no longer significant.

    Just imagine you have an antivirus that protects you from viruses which are running on WINDOWS NT. That is insignificant because WINDOWS is now version 11-12.

    For WafCharm, most of the vulnerabilities we are blocking and counting can be easily found on CVE databases and are “still” up to date. What’s amazing about this is, like LOG4j, some of the vulnerabilities were recent.

  • Thank you for your time.