Genuine Parts Company

Genuine Parts Company teams up with Cloudflare to create a cohesive security posture across its global ecommerce footprint of 900+ sites

Since its inception in 1928, Genuine Parts Company has sold a wide variety of automotive replacement parts, industrial parts, and related supplies to a diverse customer base of individuals and businesses.The company’s high-profile brands include NAPA AUTO PARTS, Traction Heavy Duty Parts, Motion NA, and Motion Asia Pacific.

A Fortune 200 company, Genuine Parts Company employs more than 53,000 people worldwide and markets its products both online and through brick-and-mortar stores. Online sales are an increasingly important channel, and the company operates more than 900 ecommerce websites.

Challenge: Gain better visibility into the attack surface

According to Damian Apone, global director of governance, risk, compliance, and security at Genuine Parts Company, the company’s primary security challenges revolved around effective attack surface management. The team couldn’t tell how many bot attacks and DDoS attacks were occurring globally. In addition, there was no visibility into how many attacks were prevented.

The company had a web application security service, but it did not deliver the level of insight Genuine Parts Company needed. In addition, the security service ran in multiple regionally siloed instances, making it difficult to manage centrally.

“We were paying a lot of money, but we had no visibility into our global digital footprint,” Apone explains. “We didn’t have any information on how or when we were being attacked and we had no idea who was targeting us.”

The solution: Cloudflare delivers robust security with broad, deep visibility

The security team opted to move to Cloudflare not only because of its exceptional protection for websites and applications, but also because Cloudflare provides a comprehensive view of attacks. With Cloudflare’s Bot Management, DDoS mitigation, Web Application Firewall (WAF), and Rate Limiting, the security team now has the visibility they need to achieve robust surface attack management.

Cloudflare’s Security Center console depicts Genuine Parts Company’s attack surface visually to help the team understand attack types, associated vulnerabilities, and risk levels. This visibility enables team members to quickly see which attacks represent a serious threat so they can marshal their defensive resources in the most effective and efficient manner.

Today, Cloudflare protects 900+ Genuine Parts Company websites around the world.

“Our busiest website gets approximately 2.5 billion requests a month,” Apone explains. “It’s hit by approximately 57 million threats each and every month. And Cloudflare blocks all 57 million every month. I know this because Cloudflare’s security insights technology shows me exactly what's happening across the entire digital footprint.”

Apone adds that senior leaders constantly scrutinize expenditures and want proof that the company gets adequate return on every investment. Cloudflare delivers value by providing details on the volume and type of attacks it defends against.

“It’s exceptionally powerful to walk into the boardroom and say, ‘these are the attacks we’re experiencing, here’s where they are coming from, and this is how we’re blocking them,’” Apone says. “It resonates across the business when we say Cloudflare thwarted 450 million threats in one year. Each and every one of them could have had serious financial repercussions. When board members see the numbers, they know we’re getting a solid return on our Cloudflare investment.”

Security insights in action

The Cloudflare Security Center is the source for data on each attack along with insight into the business impact. For example, using the security insights technology, the security team identified the top five IP addresses hitting the company’s most heavily trafficked ecommerce website. Investigation showed that the second most active IP address transacting on the site was a competitor. And that competitor was engaging in extensive screen scraping of the online catalog and accessing private company information.

“If we didn’t have Cloudflare, we wouldn’t have known this was happening and the behavior would have continued,” Apone recalls. “Malicious activity like this could affect company revenue. So Cloudflare allows us to not only protect the security of our websites, but also take steps to prevent this competitor from obtaining any additional private company information. It’s not just security, it's also resiliency from a revenue perspective.”

Alignment with strategic policies

Vendor consolidation is an important aspect of Genuine Parts Company’s security strategy. Working with a patchwork of different providers makes it difficult to maintain a coordinated and collaborative security posture across areas of the business. So the security team focuses on partnering with providers that deliver services across a range of security requirements. Apone maintains that reducing the number of providers enables the security team to orchestrate efforts from a single place, which increases efficiency and productivity.

Cloudflare’s ability to handle a broad range of threats and provide broad and deep visibility into all of them aligns with Genuine Parts Company’s strategic goals for vendor consolidation.

Advantages of a true partnership

Apone notes that the most beneficial aspect of switching to Cloudflare is the partnership that has developed. “I don't need services, I don't need software, I need help solving problems,” he says. “Cloudflare embraces and approaches everything through the lens of what's best for the customer, always putting the customer first.”

That customer-first attitude has made Cloudflare a trusted partner for Genuine Parts Company. “Cloudflare is truly interested in solving our problems. The Cloudflare team has been at our side from the beginning. Regardless of the time of day or night, they’ve rolled up their sleeves and helped us overcome every issue we’ve experienced. That’s where Cloudflare excels.”