Recent research reviewing small- to medium-size website traffic revealed that 51% of web site traffic is non-human, and that 31% is potentially damaging – automated malicious traffic from hackers, spies, scrapers, and spammers.
Given these numbers, no one wants to leave a website’s “front door” open. Website owners work hard to attract quality human traffic, but it’s equally important to identify and block the “bad” visitors – bots that can hack and disable a site, steal customer data, access proprietary business information, and worse.
SMB Websites are Attacked with Increasing Frequency
A study by WhiteHat Website Security published last year found that a whopping 64% of websites were attacked in 2010. Of these, the most harmful attacks were DoS (Denial of Service) and network application attacks like SQL Injection and Cross Site Scripting. Surprisingly, the study found that 40% of the attacks were against small- to medium-sized websites, and that this percentage is growing.
However, until recently, there was no easy-to-deploy, efficient and affordable solution for SMB website security. The solutions that were available were expensive and appliance-based, and required time and resources that most SMBs just didn’t have.
The Solution: Cloud-Based Website Security Service
Cloud-based security solutions (like Incapsula’s) have recently become more popular among SMB websites, as they provide easy-to-use and affordable protection against all existing and emerging threats, while also providing website acceleration features which reduce page-load time and improve user experience.
How it Works
When joining a cloud-based service, the website owner receives instructions to change the website’s DNS settings. Once changes are made, website traffic is seamlessly routed through the service’s globally distributed network of POPs. Incoming traffic is intelligently profiled in real-time, blocking even the latest web threats. Meanwhile outgoing traffic is accelerated and optimized with a global CDN for faster load times, keeping welcome visitors speeding through.
What to Look For
When choosing a cloud-based web site security service, a number of key factors should be considered, notably:
Protection against all current and emerging threats: Cloud-based security services should include sophisticated visitor identification technology that can differentiate between legitimate website visitors (humans, search engines, etc.) and automated or malicious clients. Another important feature to look for is a fully-featured Web Application Firewall to protect against sophisticated SQL Injection, Cross Site Scripting, Remote File Inclusion, Illegal Resource Access and all other OWASP Top 10 threats.
Setup in minutes; No hardware or software: Joining the service should take no more than 5 minutes, and should involve only a simple DNS settings change. No software or hardware installation should be required, nor any changes to the website.
Improved website performance: Cloud-based security services should include a global CDN that improves website performance by caching and optimizing its content and delivering it directly from the Internet’s backbone. This results in faster load times and less bandwidth consumption.
Benefit of scale: As cloud security services serve thousands of websites, they should be able to spot and analyze attacks on one of the websites in their network, and immediately apply protection over all other websites.
Simple PCI Compliance: Since cloud-based security services transmit customer data, eCommerce website owners should ensure that the service is compliant with the Payment Card Industry Data Security Standard (PCI DSS).
Protection against DDoS attacks: Cloud-based DDoS Mitigation services should be available, and easily activated in minutes on a cost-effective monthly subscription with on-demand upgrade options, eliminating the need to purchase expensive equipment.
Website Analytics: Services should provide access to a dashboard including live stats for all website traffic, including human visitors, bots, performance statistics and detailed threats reports.
Conclusion
What was once impossible for the average SMB is now a simple task. Cloud-based website security services finally allow SMBs to protect and accelerate their websites in an easy to deploy, simple to use and affordable way – without requiring the skillset of a website security specialist or network optimization engineer.
Marc Gaffan is the Co-Founder and VP Marketing & Business Development at Incapsula, a spin-off of the data security company Imperva. Incapsula a cloud-based service that makes websites safer, faster and more reliable.
Incapsula provides websites of all sizes with capabilities that were previously only available to very large websites.Before founding Incapsula, Gaffan was the Director of Product Marketing at RSA, EMC’s security division, responsible for strategy and go to market activities of a $500M IT Security product portfolio.
Gaffan has a BA in Computer Science and Economics and an MBA from Tel Aviv University.