Overview
TicketNetwork has been ranked by Inc. Magazine and the global firms Deloitte and Ernst & Young as one of the fastest growing organizations. TicketNetwork was founded in 2002 as a software company that provides an online exchange which facilitates transactions for third-party ticket sellers and buyers. Today, the TicketNetwork® Online Exchange provides the technology for thousands of ticket sellers who offer more than 7 million tickets every day, including fans with extra tickets to sell and full-scale ticket brokerage companies.
Security Challenge
“Unfortunately, online ticket sales represents one of the most compelling secondary markets for ticket brokers and, in today’s web-driven environment, hackers,” explains Jeff Mathena, the VP of Information Technology at TicketNetwork. Since the TicketNetwork® Online Exchange allows for credit card transactions, PCI compliance has become a major corporate initiative as a Level 1 Service Provider. Fortunately, TicketNetwork hasn’t experienced any data breaches. But PCI compliance is always a top priority.
Having a secure development lifecycle is important to TicketNetwork’s security strategy. Today, developers use code analysis on the desktop. As they develop, they check their code. Then the compiled code undergoes a pen test. “Imperva’s WAF is the final layer, and, unlike code analysis or pen testing, the WAF is always on and covers everything— custom built or third party,” explains Mr. Mathena. Further, “code analysis is only hitting new development efforts. Imperva’s WAF helps protect all of our applications—old and new.”
Technical Environment
To protect its web-based transactions from hackers, TicketNetwork deployed Imperva’s SecureSphere Web Application Firewall (WAF).
SecureSphere delivers total visibility into data access and usage. Its easy-to use interface provides granular policy creation and enforcement to circumvent unauthorized access or changes to data.
Why Imperva?
TicketNetwork chose Imperva for several reasons:
- Scalability – Prior to deploying Imperva’s WAF, TicketNetwork used F5 Networks’ WAF in production. However, TicketNetwork encountered challenges with the F5 WAF’s ability to handle its needs for high traffic loads. After this problem continued for nearly a year, TicketNetwork decided to evaluate other WAF vendors, including Imperva. “During our evaluation, it was clear that Imperva was not only easy to use, but could easily scale to meet our demanding requirements,” said Mr. Mathena.
- ThreatRadar – Not only did the Imperva WAF easily handle TicketNetwork’s heavy traffic requirements, but Imperva also offered ThreatRadar, an add-on security service for SecureSphere Web Application Firewall (WAF) that provides an automated defense against automated attacks. By integrating credible, timely information on known attack sources into the WAF defense, ThreatRadar can quickly and accurately stop traffic from malicious sources before an attack can be launched. “For TicketNetwork, ThreatRadar’s ability to block malicious IPs is huge. Traffic from bots and other automated attacks comprises about 25 percent of our site visits,” explained Mr. Mathena. TicketNetwork uses Imperva’s WAF in block mode, stopping a good chunk of bad traffic before it even comes to the gate. “Today, all of our traffic flows through Imperva,” said Mr. Mathena.
- Fast time to deployment – Quick deployment means quick compliance and security. Mr. Mathena explains, “With Imperva, our WAF was up in less than a week. This dramatically improves our speed to security and compliance. Additionally, this means my security team can focus on other priorities.”
“My favorite thing about the Imperva SecureSphere product is its ease of use—it’s simply unparalleled,” explained Mr. Mathena.
