Leroy Merlin

Leroy Merlin securely grows their e-commerce platform in Brazil with Cloudflare

Headquartered in France, Leroy Merlin is a leader in home-improvement retail with a strong presence in countries across Europe, Brazil, and South America. The company has had a presence in Brazil since 1998, where there are now 53 physical stores plus several smaller Leroy Merlin Express locations. Leroy Merlin is an omnichannel retailer offering a complete solution for home transformation.

Today, Leroy Merlin is focused on expanding their digital presence in Brazil. While 12% of sales in Brazil are currently generated through the e-commerce platform, the leadership team is working to increase that number to 30% over the next three years.

As Leroy Merlin’s digital presence has grown in Brazil, the company has been increasingly targeted by cyber attacks. The company experiences DDoS and malicious bots — and in some cases, attackers try to change prices on the company’s website.

In fact, Leroy Merlin must guard against multiple types of fraud — including both internal and external fraudulent activities. “Fraud is a key challenge in our industry,” says Fabiana Tanaka, CISO for cyber security and data privacy director at Leroy Merlin. “We need to protect our e-commerce platform, physical stores, and even our warehouses, where we run our logistics and supply chain processes. We have to prevent attacks but also improve our incident response and resilience.”

In selecting solutions that can combat threats, the Leroy Merlin team wanted to avoid increasing complexity. “Employees need to be comfortable using the technology,” says Tanaka. “We need to create an efficient environment for our employees to handle security.”

Addressing key threats and gaining visibility with Cloudflare

The Leroy Merlin team in Brazil began working with Cloudflare to address cyber security challenges. “Cloudflare is a strong partner,” says Tanaka. “We are working together to improve the maturity of cyber security for our digital platform.”

Leroy Merlin uses Cloudflare DDoS protection and bot management to counter some of the most prevalent threats facing the company. DDoS protection mitigates attacks from the nearest location, without having to send traffic to distant scrubbing centers. Meanwhile, Cloudflare bot management draws from extensive threat intelligence from the Cloudflare network and uses anomaly detection capabilities to stop malicious bot activity.

“Cloudflare is helping us stop DDoS attacks, reduce fraud that can come from bots, and mitigate other risks in our digital platform. The result is a better, more secure environment for customers,” says Tanaka.

In addition to blocking attacks, Cloudflare provides better visibility into the shifting threat landscape. “We use Cloudflare dashboards and views that help us explain to our executives and board members the risks that we are experiencing today,” says Tanaka. “That helps us better plan for tomorrow.”

This improved visibility has enhanced collaboration among the various teams that maintain Leroy Merlin’s digital environment. “Infrastructure, cyber security, software development, and marketing teams are all capitalizing on Cloudflare capabilities,” says Tanaka. “With a better sense of the security and performance issues we are facing, we can work together to build strategies for delivering strong customer experiences.”

Automatically blocking DDoS attacks and maintaining strong customer experiences

Cloudflare capabilities are helping address a huge number of threats — including potentially large DDoS attacks that could jeopardize the availability of the e-commerce platform on high-traffic days. With 296 Tbps of network capacity, Cloudflare can mitigate even the largest DDoS attacks without slowing down performance for end users.

“In the last month, we mitigated 5 billion of malicious hits related to DDoS threats. Some months it’s more,” says Tanaka. “Because we are a retailer, we see increased threats on holidays that are important for retail, as well as Black Friday. Cloudflare is essential for blocking those threats so we can keep our platform up and running.”

Because Cloudflare handles those threats without the need for human intervention, Leroy Merlin is able to stop attacks without adding management burdens. “With Cloudflare, we block 90% of malicious activity automatically,” says Tanaka. “We can focus our IT and cyber security staff on other tasks.”

Meanwhile, the marketing team can make sure any remaining security or connectivity issues do not affect the user experiences. “Our marketers continuously monitor user experiences,” says Tanaka. “Cloudflare enables us to sustain availability, accessibility, and performance, which helps us maintain the trust of our customers.”

Cutting costs through consolidation

Tanaka knows that Cloudflare will play a key role in security preparedness for years to come. “We create three-year plans, which we continuously update. Cloudflare is always part of those plans,” says Tanaka. “Together, we can improve the sophistication of how we defend the company from threats.”

By the team’s assessment, the partnership with Cloudflare has already had a measurable impact on security maturity. “In 2021, we had a 50% maturity level,” says Tanaka. “With Cloudflare, we have a 82% maturity level for our e-commerce platform.”

The Leroy Merlin team is confident that they can continue to improve their level of cyber security maturity with Cloudflare. “As we expand our digital platform, we have to keep strengthening cyber security,” says Tanaka. “Cloudflare gives us a strong foundation for moving forward as a business.”