Software developer PIEM Corporation needed customers to trust that its new interactive wedding planning system would protect their personal information from cybercriminals and ensure that company web servers could handle a high volume of user access and feature requests. Realizing that a web application firewall (WAF) with load-distribution would solve both issues, and after comparing several vendor solutions, PIEM chose F5.
PIEM’s ONE-W System is an online service that simplifies many wedding activities. Since its rollout in September 2015, ONE-W System has been used by about 30, 000 couples and 250 wedding halls across Japan. With this demand, and each customer interaction leading to deeper engagement and potentially new business, PIEM wanted to ensure that customers’ personal information would remain protected and that all system features would be available whenever a customer wanted to access them.
A classic example of a customer using the ONE-W System is the bride-to-be who needs to manage very time consuming wedding tasks. She typically enters home addresses for all wedding guests, as well as her own personal information. Some of that same personal data is used to create guest lists, send invitations, coordinate venue decorations, order catering, and work with vendors who also use the ONE-W System.
“The system holds a myriad of brides, bridegrooms, and guest information”, stated Mr. Koichi Kitamura, PIEM’s Manager of the System Administration Division. In the past, PIEM used various security solutions; however, the rising problem of internet theft and the alarm it caused customers made it necessary for the company to implement a more robust security solution.
In addition to advanced security, PIEM needed a more precise load distribution solution that was capable of handling access volume. “We had a software load balancer in place but the performance was not satisfactory”, Mr. Kitamura commented. “And the load tended to concentrate on certain servers. We had to look into the load balancer in order to provide stable services even under high loads.”
Embracing technology to resolve problems early on is key. In January 2015, PIEM began searching for products that had both the load balancer and WAF features. After comparing products from multiple vendors, PIEM selected BIG-IP Application Security Manager (ASM). Mr. Kitamura pointed out PIEM saw three benefits in BIG-IP: abundant installation track records, multiple security features, and high processing power.
“At first we felt BIG-IP might be hard to learn because of its rich features, but we are now very satisfied with the quick and detailed advice F5 provided”, stated Mr. Kitamura. F5 engineers provided hands-on training with the actual unit. “We actually tried attacks including SQL injection, cross site scripting (XSS) and cross site request forgery (CSRF) and confirmed they could be properly blocked,” he continued. “PIEM can now ensure visualization of security threats and respond rapidly to new ones.”
On the other hand, the efficiency of BIG-IP Local Traffic Manager (LTM) in distributing load and the implementation of iRules that supports flexible operation are highly appreciated.
From January 2016, PIEM started using the block mode that automatically responds to detected threats and ensures reliable protection against application level attacks.