For some time I tried to find an easy and affordable solution to harden my application security. There is a lot of ways to monitor and block traffic directly on a server, but in some cases that's not possible, for example with Heroku you can't configure your server freely since it's Platform as a Service. Finally, after a long search, I found out service called Sqreen, and it did more than I expected.
How does it work?
Sqreen agent needs to be dropped in your software (I will go thru this later on) and it starts to inspect all incoming HTTP requests. At this point, you may think this will slow down your application but that won't happen since any of the traffic won't be redirected anywhere.
Agent software will monitor traffic for various events like:
- Malicious activity
- Commands executed by your application
- SQL queries (also NoSQL queries) for vulnerabilities
- File and network accesses
- Execution flows in your application
And top of all that Sqreen also monitors suspicious user activities at the authentication layer. That's a quite sweet set of goodies but like TV-Shop says "Wait, there's more....!" One of the best things in Sqreen is stack traces it will deliver gather for you, this helps out a lot when finding out what happened and what needs fixing.
Sqreen agent won't only analyze all this, it will also block attacks once they are identified.
Is it really working?
I have used Sqreen for some time in a quite busy environment and it really has helped out a lot. We have over 1.4 million requests in 30 days which all are monitored by Sqreen. There have been malicious requests as well as sometimes attacks happen. Everything has been blocked, reported and mentioned as an incident on Sqreen dashboard. Every incident can be opened up and it has a lot of information about what happened.
As mentioned before there is security monitoring on authentication layer, it summarizes logins which are suspicious, users who are using TOR-network, password retries and can sum up which accounts seem to be more hazardous than others.
Back to the question, is it working? Yes, it's really working!
One last thing to mention, Sqreen also monitors your software dependencies and will inform if you have old and/or vulnerable dependencies in your software.
Sqreen works with Ruby, Node.js, PHP and Java. Since this is about Rails, after all, I only say couple words about Ruby part of an installation. Full instructions will be shown once you sign up and start using Sqreen. This here is just for you to see how easy it is.
- You need to add
sqreengem to your Gemfile
config/sqreen.ymland insert your Sqreen token there
All this comes to you nicely in copy-paste ready format once you set up your software on Sqreen site.
If you haven't already clicked any of the links on this article here is the link once more https://sqreen.io :)