Search Blog for

Extended Stay America Chooses Incapsula WAF and CDN [video]

With more than 650 locations and considered one of North America’s largest hotel chains, Extended Stay America has about 3.5M check-ins per year. It hosts everyone from families (with or without pets) seeking value in a short-term stay, to business professionals being relocated and are in need of home-style accommodations over a longer duration.

The majority of Extended Stay America’s business comes directly through its website and is a huge part of its bookings. Yet its computer network infrastructure was subject to performance and security issues. Our video case study shows how Extended Stay America chose Imperva Incapsula for web application protection and CDN services.

The business and technical challenge

Extended Stay America didn’t use a content distribution network (CDN); all traffic was routed through its own servers. Without sufficient caching, the hardware was being weighed down. Performance suffered as a result.

Ben Hall, CISO and Sr. Director of Technology, was also concerned that the company had no DDoS protection in place. The infrastructure included basic firewall security and load balancing, but Hall recognized that his team wasn’t in a position to stop the more sophisticated vector attacks that are so prevalent today.

Our Q1 2016 Global DDoS Threat Landscape Report states, “Overall, multi-vector assaults accounted for 33.9 percent of all network layer assaults, representing a 9.5 percent increase from the previous quarter. Speaking in absolute terms, the number of multi-vector assaults went from 1,326 in Q4 2015 to 1,785 in Q1 2016.”

In addition to his concern about DDoS attacks, Hall’s priority was to assure users of the company’s website that their credit card and personal identifiable information were safe.

“The security of our users’ information, allowing them to quickly and safely use our site—that’s our top priority. We had no granular control over bots and other traffic coming in,” Hall said. He was also concerned by level of reporting that didn’t give him a full view of site activity.

Choosing the solution

Hall and his team compared Incapsula to other well-known security solutions. Noting that it has a very strong WAF with a good CDN backend, Hall’s ultimate deciding factor was its competitive pricing.

Ease of use was also an important consideration. “It was very configurable without needing an extensive security background or experience. We were up and running within just a few hours of configuration,” he said. “Our experience with Incapsula has been excellent. The service has been very stable and reliable.”

After integrating Incapsula Hall notes that Extended Stay America was able to cache 70 percent of its bandwidth off of its origin servers. At the browser level, it was finally able to take advantage of long-term caching. Worldwide users of the Extended Stay America website enjoy better user experiences since the company’s content is served from Incapsula’s geographically dispersed data centers.

As for desired additional security, Hall notes that, “Out of box, Incapsula is catching a lot of bots and unnecessary traffic.” He also likes being able to easily verify what’s happening on his network through granular reporting capabilities from Incapsula.

“My job isn’t to secure things just for the sake of securing them, but to make sure our guests, and potential guests, have a good experience online.”

Read the full case study and Extended Stay America’s experience here.