CARFAX, a leading provider of vehicle history information, needed to protect its website from attacks, ensure website availability, prevent data theft, and enhance the scalability of its infrastructure. Through a consolidated F5 solution, CARFAX cut site downtime to zero, secured its data, and deployed a high-performance infrastructure to support its rapid growth.
Three years ago, Chris Thomas, Network Manager for CARFAX, was looking for answers. “Managing our growing volume of web traffic was becoming extremely challenging,” he says. “I’d regularly get calls in the middle of the night to deal with outages and slow website response time.” As the problems began to have a greater impact on CARFAX’s business, Thomas knew it was time to make a change.
Millions of consumers rely on CARFAX to get an accurate vehicle history report before they buy a used car or truck, so it was critical that CARFAX.com always be available to consumers. “Our growth is exponential at this point,” says Thomas. “How can you plan for such an unknown?” he asks. “I just knew that I needed as much power as the leading manufacturers could provide.”
But ensuring website availability and performance was just the first of the company’s challenges. Because of its high profile in the marketplace, the CARFAX website was also continuously under attack.
“As a company whose lifeblood is data, it’s essential for us to protect that information from threats like web scraping,” says Thomas. In addition, CARFAX needed help fending off the numerous DDoS attacks that had the potential to slow website performance or even shut down the website completely. “We also needed to be able to block traffic from countries where we don’t provide services,” Thomas added.
Finally, CARFAX wanted to simplify its IT infrastructure and operations. Thomas says, “We had multiple data centers and more than a dozen vendors providing various services, which made management both time-consuming and expensive.”
CARFAX initially deployed BIG-IP Local Traffic Manager (LTM) and BIG-IP Global Traffic Manager (GTM) to intelligently manage network traffic, improve website performance, and ensure high availability. With its need for capacity and scalability, CARFAX chose to build the solution on F5’s high-performance VIPRION chassis, which uses a modular blade system. Based on the success of that deployment, the IT team turned to F5 to help tackle its security challenges.
“As we began to understand more about F5’s unified, platform-based approach—and we learned that F5 could also address our security requirements without adding more hardware—we knew we had found the right vendor for us long-term,” says Thomas. “From there, we started building on our existing deployment piece by piece.”
CARFAX selected BIG-IP Advanced Firewall Manager (AFM) and BIG-IP Application Security Manager (ASM), which work together seamlessly to mitigate DDoS attacks and prevent web-scraping by blocking bot traffic. At the same time, BIG-IP ASM lets CARFAX allow desired bot traffic from legitimate sites such as popular search engines. The company also uses BIG-IP Access Policy Manager (APM) to provide sales associates and partners secure remote and mobile access to proprietary data.
In the future, CARFAX plans to leverage F5 Secure Web Gateway Services to round out its security coverage. F5 Secure Web Gateway Services will enable CARFAX to control employee access to Internet sites, ensuring compliance with the company’s web use policies. It will also protect CARFAX from web-based threats encountered by employees who use the Internet, Software-as-a-Service (SaaS) applications, and social media sites as part of their jobs.
CARFAX implemented a comprehensive portfolio of F5 solutions that ensures the company’s customer-facing website remains available, data theft is prevented, and malicious attacks are stopped. The consolidated F5 solution cuts IT costs, decreases deployment and management time, and also enables CARFAX to rapidly scale its infrastructure to support continued growth.
When CARFAX deployed BIG-IP LTM and BIG-IP GTM, the benefits were tangible and immediate. The company was better able to manage traffic to its multiple data centers located in different states, taking “what had been a considerable amount of downtime on our customer-facing website and turning it into zero downtime,” says Thomas. “The F5 solution proved its value immediately. In the last three years, there hasn’t been a single instance where we’ve been woken up in the middle of the night with an outage incident. It’s a really good feeling.”
By implementing F5 security solutions, CARFAX has strengthened its security posture and safeguarded its proprietary data. BIG-IP AFM mitigates DDoS attacks before they even reach the company’s servers, while BIG-IP ASM derails attempts at data theft. It also enables CARFAX to block sites based on geographic location so that it can refuse all traffic from countries where it doesn’t provide services.
“The best part of using F5 for security is that it’s all properly configured,” says Thomas. “The attacks happen; the attacks get blocked. If we need to change something, the interface is simple enough that we can go in and make all the adjustments in a matter of minutes—without taking anything offline.”
Consolidating services with F5 has freed up a tremendous amount of time and budget for the CARFAX IT team. It has successfully transformed a complex IT environment with more than a dozen vendors to a simplified infrastructure that’s easier to manage.
“I’ve been able to remove two pieces of hardware in each of our data centers, which saves space and power and cooling costs,” says Thomas. “And because the infrastructure is easier to manage and maintain, we estimate we’re getting back nearly one week of work each month. By consolidating vendors, we were also able to reduce our support costs by 10 percent.”
Consolidation has also yielded significant operational benefits. “The fact that all the BIG-IP modules work together has sped time to market for new products, allowing us to grow faster and move more quickly,” says Thomas. “I don’t have to spend time worrying that there’s something wrong or misconfigured, because everything just works.”
With CARFAX growing so quickly, the company’s IT infrastructure had to be flexible and scalable enough to keep up. The VIPRION chassis with its modular blade system allows CARFAX to scale up quickly to keep pace with business demand.
“The great thing about the VIPRION chassis is that I can throw in another blade and it just starts working. With zero downtime, we have all the power we need for the immediate future,” says Thomas.
With business growing every quarter and a new product hitting the market soon, that future certainly looks promising for CARFAX.