Performance is the Key Success Factor
Setting aside security for a minute, eCommerce retailers have enormous network performance challenges. The competitiveness of the brand, and even the success of the business, depends on the ability to quickly offer up compelling content. This content can be customized to each shopper as they arrive at the online store. The entire experience must be rich, seamless, and most importantly fast. If content is stale, not customized, delivered too slowly, or the checkout process takes too long, it will have a severe impact on brand and ultimately actual revenue.
Amazon reported that just 100 milliseconds of additional network latency corresponds to at least a 1% drop in revenue. Wal-Mart thinks it's a 2% drop in revenue1. That’s the impact of one tenth of a second of network latency. Network latencies compound dramatically into the user experience as multiple requests, resources, and calls are involved in any web session. When you consider the transaction value for large retailers; the financial impact is extreme. It is important to note that even small network latencies will add up to much larger user experience latencies. This is a result of the summation of all the network latencies.
1 Datapath.io Network Latency & E-Commerce Conversion Optimization
The Security Challenge
When you consider the security requirements that must be met in this environment, the stakes get even harder. You don’t want to let bots, spammers, and other malicious sources tie up your web servers. You also don’t want to leave your payment and customer systems exposed, but you must cut down on the 50 million events coming into your SOC every year2. Your team can’t analyze all of these events and it’s too big of a source of exposure if you let these threats reach your environment. These are big problems to solve in fractions of a second.
In addition to cutting down SOC event volume, e-commerce retailers also have a big problem with "card not present" credit card transactions. As credit cards are routinely compromised, the account numbers can be bought and sold on the dark web. The compromised cards are often used quickly to purchase goods from e-commerce vendors. These transactions look good initially, but are disastrous financially. Once the charges are eventually disputed by the victims the credit card processors turn the bill back over to the retailer. The goods are long gone, but the vendor has the bill and a mess of administrative costs to resolve the matter. Experian reported that last year in 2016 commerce fraud rates spiked 33%. If even 1% of all transactions are fraudulent, that could be a crippling financial burden. This is a very expensive problem that isn’t going away.
2 IBM Factsheet Managed Security Services
Network Payment Intelligence
A powerful way to address cyber-risk to ecommerce vendors is to use payment intelligence applied in the network. If you know in advance of even allowing a prospect to visit your site in the first place whether they are legitimate; then you can take action at the very front end of the cyber kill-chain (inbound in the network). This is the most advanced security posture and clearly a very difficult problem that requires ultra high performance systems. We must identify the risky visitors and we must address them upfront in micro-seconds.
Centripetal Leverages Visa’s
Dynamic Threat Intelligence Feed
Fortunately, there is now a solution to this problem with Centripetal’s ultra-high performance gateways paired with Visa’s dynamic threat intelligence. Visa specializes in payment intelligence. This intelligence is information about the sophisticated adversaries that attempt to compromise the payment system and their methods. Successful breaches can expose your customer data, but these breaches and attempts also leave a trace. Payment intelligence captures these actors and their methods and it can now be applied for a protective benefit. With this data applied by Centripetal, you can isolate cyber-crime in the network as it first attempts to access your store. The all-risk communications can be prevented and the high-risk communications can be isolated selectively for the scrutiny they deserve. You can shield your payment systems from those that would attempt to breach it. This is a key risk area that can be reduced with applied payment intelligence.
No Entry for Thieves
Payment intelligence also has another key benefit. In the same way that you can shield your store from sophisticated hackers that would attempt to steal your customer data, you can block professional frauds that routinely acquire and use compromised cards. Fraudulent purchases are almost always shifted back to the vendor. The lost products and wasted administrative costs can be very significant. You can now determine in a few micro-seconds whether you should do business with a prospect by way of network-based indicators.
The ROI to eCommerce teams for applied threat intelligence is huge. Latency can be lowered, enriching the overall customer experience. Furthermore, significant segments of all risk traffic can be immediately removed, optimizing resources and cutting SOC burdens. As important, attempted breaches and professional frauds can be blocked from your store at the front door.
So, how do you solve the many challenges while ensuring the right customer experience with critical dynamic content that is so essential to the bottom line of your business?
First, you have to have the right intelligence. The security community knows the sources of these threats. In any given day, there are 5-12 million IPs in Webroot’s All Malicious IP Database and they are changing every 5 minutes. There are over 100,000 known scanners active at any one time, over 30,000 active TOR nodes, and over 250,000 fast flux domains created every day. Centripetal has deep expertise in leveraging threat intelligence from many reliable sources to stop unwanted traffic at the edge of your network.
The second key problem is operationalizing this data at scale and with ultra-high performance. Centripetal’s delivers the ultra-high performance gateway technology that is required for this job. A legacy enforcement point just can’t do this scale of threat intelligence. A router’s ACL list or linear search firewall can do a few thousand blunt indicators or just a few hundred precise ones before latencies spike. If the device is doing any other UTM functions, performance gets bad really fast. Network World tested the Juniper SRX 5800, the largest NGFW in production3. Its aggregate throughput is 160GB/s. In testing, when even a small amount of higher layer content inspection is turned on, the throughput dropped to 30 GB/s. With small packet sizes, the throughput dropped further, to 6.9 GB/s or only 4%. Benchmarking of other high-end NGFWs has shown that the SRX 5800 performed very well by comparison! All the capacity of the NGFW will be consumed by its standard functions and it is ill-equipped to implement threat intelligence as well.
Knowing that your firewall can’t do this, you might be tempted to go to the cloud for a solution. Unfortunately, there are two problems with this.
- The first is that cloud services are built on the same legacy filter technologies. It's the same old stack just “in the cloud”. While there may be more of them it’s nowhere near enough. To get sufficient rule coverage alone you’d have to construct a serial path through hundreds of devices. This would be an insufferable latency penalty.
- The second problem is a little more fundamental. The round-trip time for a packet on a network link to a scrubbing facility 12 miles away is over 200 micro-seconds (at the speed of light). These additional latencies are multiplied by each protocol turn for each element of dynamic content in the page delivery. This adds up quickly. When you consider other problems, such as inefficient BGP routes, buffering, and queuing, you’ve already blown your latency budget and haven’t done any security work. Until someone finds a way to exceed the speed of light, it’s safe to say a co-located solution is required.
3 NETWORKWORLD Juniper SRX 5800 Biggest Firewall Ever
“90% of successful breaches
are from already known locations.”
- Webroot, Dave Dufour
RuleGATE alerts and blocks events in real-time
This is where we come in! Centripetal has developed ultra-high performance threat intelligence gateways. We rely on advanced algorithms to filter traffic against dynamic threat intelligence. Our performance is without equal. For our large eCommerce customers, we routinely filter high speed, 10GB network links, against millions of threats, in well under ten micro-seconds. We become more efficient as we apply more intelligence. Our performance capabilities enable eCommerce retailers to make advanced filtering decisions at scale for the first time. Scaled filtering can be used to automatically remove the “all-risk, non-business” classes of traffic. This filtering can massively reduce utilization on the network and risk exposure. Specialized threat intelligence on serial credit card frauds can cut transaction loss rates. Most importantly, we automatically cut down the 50 million+ events that a typical SOC could otherwise have to sift through in their SIEM.