Sansec Shield: Real-time Protection
Sansec Shield is a smart Web Application Firewall (WAF) that provides real-time protection for Magento and Adobe Commerce stores. Unlike traditional WAFs that rely on generic rules, Sansec Shield is integrated with the Magento core architecture and benefits from Sansec's famous expertise in Magento security. This makes our WAF the most effective solution to defend your Magento store.
Installation
Requires Magento 2.3+, PHP 7.2+ and a Sansec Advanced or Enterprise account. See source on Github.
composer require sansec/magento2-module-shield
bin/magento setup:upgrade
bin/magento config:set sansec_shield/general/license_key YOURKEY
bin/magento cache:clean
bin/magento sansec:shield:sync-rules
Test it by visiting your store and add ?SANSEC-SHIELD-TEST to your URL. You will find a blocked request on your Shield Dashboard.
Key Features
| Sansec Shield | Adobe Fastly WAF | |
|---|---|---|
| Origin Protection | ✅ Bypass not possible | ❌ CDN, bypass possible |
| Response Time to New Threats | ✅ Minutes | ❌ Weeks |
| Performance Impact | ✅ 0 ms | ❌ 1.5 - 20 ms |
| Setup Complexity | ✅ Simple Module Install | ❌ Complex Setup |
| False Positives | ✅ None so far | ❌ Yes |
| Filtering Transparency | ✅ Full Open Source | ❌ Mostly Closed Source |
| Supports | Adobe Cloud, | Adobe Cloud only |
| Adobe Commerce, | ||
| Magento Open Source |
- Protection against critical Magento 0day exploits
- Buys you time to comfortably schedule an upgrade to your platform
- Secure Supply Chain: No executable code is distributed, eliminating vendor security risks and dependencies
- Open Source: Full transparency with publicly auditable code - no security through obscurity
- Origin Protection: Direct integration with your application provides superior protection compared to CDN WAF solutions, which can be bypassed if attackers discover your origin servers.
Critical Timing Protection
The safe patching window for ecommerce stores has become dangerously short. When security patches are released, attackers typically launch global mass attacks within hours, while your development team may be offline due to timezone differences. There may not be enough time for proper testing before deployment, and rush-deployed patches can introduce new stability issues.
Sansec Shield eliminates this timing pressure by providing instant, automated protection across all timezones. This gives your team the breathing room to properly test and deploy patches during regular business hours.
In comparison, the Adobe Commerce WAF is updated irregularly. When the CosmicSting bug was published on June 11th, Adobe did not implement WAF filters until 5 weeks later. Mass-attacks had been ongoing by then and dozens of Adobe Commerce stores got hacked.
FAQ
Who can use Sansec Shield?
Sansec Shield is currently in beta and is available for Magento 2 stores subscribed to our Advanced plan or higher tiers. It is compatible with Magento Open Source and Adobe Commerce (even running on Adobe Cloud).
Do I still need eComscan then?
Yes, because Sansec Shield only protects against attacks coming in via web traffic. Attacks can also happen via other channels such as compromised SSH accounts, hijacked employee devices, non-Magento applications and so on.
So Shield is the perfect companion to eComscan, and in tandem, they provide maximum security for your store.
We use Cloudflare WAF, is Sansec Shield recommended and compatible?
Yes and yes! Cloudflare (Enterprise) is a generic WAF and does not cover Magento-specific attack vectors (for example, the recent critical CVSS 9.4 vulnerability). We recommend to keep Cloudflare WAF in place, as there is no downside to using them both simultaneously.
Does Sansec Shield impact my store's performance?
No, Sansec Shield is designed to have zero performance impact. The module:
- Uses efficient pattern matching algorithms
- Integrates directly with Magento's caching system
- Only analyzes relevant requests
- Maintains sub-millisecond processing times
How quickly are new threats added to the protection rules?
Our global threat detection network typically identifies and distributes new protection rules within minutes of detecting novel attack patterns. All rules are automatically verified and deployed without requiring manual intervention.
Can Sansec Shield work alongside other security solutions?
Yes, Sansec Shield is designed to complement existing security measures. It works seamlessly with:
- Other WAF solutions
- Magento's built-in security features
- Our eComscan monitoring agent
- Third-party security extensions
In this article
Easy CSP for your store?
Try Sansec Watch! Free, simple and fully integrated. Get PCI compliant alerting with minimal effort.
Sansec Watch
