skip to Main Content
https://www.signalsciences.com/wp-content/uploads/2020/01/case-study-featured-image.jpg

Case Studies

Vimeo

Vimeo deployed Signal Sciences quickly to protect a growing number of new sites deployed in AWS infrastructure
READ FULL CASE STUDY
Lack of visibility into production traffic and new merger and acquisition activity highlighted a need for attack detection modernization

CHALLENGE

Vimeo is the world’s leading professional video platform and provides powerful tools for hosting, sharing and streaming high-definition video. With over 150 million users globally and a number of recent acquisitions, Vimeo is scaling fast but remains highly focused on ensuring the creators and viewers have a seamless experience on their site.

To support the company’s recent growth, the Vimeo team knew they had to strengthen their current application security program to prevent prevalent attacks like XSS, SQLi, API abuse, and account takeover. Additionally, they needed a solution that would work seamlessly with their newly built AWS infrastructure without extensive tooling and upkeep. Finally, all requirements had to be consolidated under a single vendor for ease of use across multiple teams.

“Out of the box” configuration was an immediate uplift not only for general visibility but to stop a lot of bogus traffic from hitting our resources.

Corey Mahan, Director of Security, Vimeo

SOLUTION

Signal Sciences now provides deep attack detection and blocking capabilities for billions of daily requests on all of Vimeo’s public-facing production sites.

Vimeo implemented Signal Sciences due to comprehensive detection and blocking capabilities, ease of use, minimal configuration and maintenance while providing extensive visibility into attacks on their applications. In 30 days, Vimeo was able to install, test, and deploy in production across all of a new acquisitions infrastructure.

Immediate time-to-value
A critical selling point for Vimeo was our immediate time-to-value across different functions and teams across their organization, especially for Engineering, SRE, Dev, and Security. “ ‘Out of the box’ configuration was an immediate uplift not only for general visibility but to stop a lot of bogus traffic from hitting our resources,” said Corey Mahan, Vimeo’s Director of Security. Additionally, being able to deploy across all their newly acquired properties quickly gave them traffic insights they lacked previously.

Low Operational Expenses
Unlike other Layer-7 approaches to security, Signal Sciences next-generation WAF requires no rules or ongoing maintenance to stop OWASP Top 10 attacks. According to Mahan, “Signal Sciences has saved us hours of tuning and testing that is traditionally required with more legacy approaches to web application firewalls.” With nearly non-existent operational expenses resulting in lower resource utilization, Mahan can direct manpower towards more critical tasks.

Focusing and Scaling Resources
With better visibility into their traffic signals and more dedicated resources, Vimeo were able to take on security projects with the data and automation Signal Sciences provided. In one unique use case, Vimeo implemented a callback to automatically roll back user accounts flagged for suspicious behavior. “This allows us to scale our user protections with Signal Sciences,” says Mahan, “while complementing other in house tooling for the safest and best user experience.”

One of the most interesting results was that we are able to readily gain insight into our top attack signals and correlate these into reported bugs or recurring issues. Knowing what type of attack trends focus on which of our products or sites helps us double down on our defensive protections there.

Corey Mahan, Director of Security, Vimeo

Ready to get started?

Back To Top