Organizations around the globe rely on applications for connections to customers, business partners, suppliers and staff. To accelerate their digital transformation journeys, organizations have increased their focus on the creation and enhancement of apps. Because development and production environments are more elastic than ever and cloud security comes second to fast app delivery, the attack surface of apps has expanded with vulnerabilities that pop up in correlation with complexity.
Radware’s Application Security Report indicated 98% of respondents experienced attacks against their applications. Eighty-nine percent experienced outages due DDoS attacks targeting their web applications, impacting their customer experience and revenue. Management of bot traffic is also a challenge with 82% of respondents reporting bot attacks. Despite the availability of dedicated solutions to detect and fend-off illegitimate bot activity, only one-quarter of organizations surveyed use it. Businesses need to ensure that their security solution vendor is capable of defending its applications and network.
What happens to businesses without the right protection?
Politically motivated attacks have been targeting this EMEA postal service for years. It experiences thousands of attacks daily ranging from application and bot attacks to network and public cloud attacks. The organization’s IT department was overwhelmed and could not defend against these attacks, resulting in customer dissatisfaction and loss of revenue. The postal service turned to Radware for help.
The postal service needed to overcome challenges to provide a positive user experience and retain revenue. Bot requests started overloading the package tracking service. Bad bot traffic from third-party applications was abusing the API for tracking package delivery.
Next, the postal service experienced bot scraping attacks on their premium services for business and consumer address inquiries. Bot scraping exposed this information on the web for free, reducing service revenue.
In yet another attack, hackers tested the government entity’s defenses by sending low volume (4-5 Gbps) DDoS attacks against its network. These short burst DDoS attacks caused excessive loads on the postal service’s network and on its stressed package tracking application. The DDoS attacks impacted the package tracking API so users were unable to track the delivery of their packages.
The postal service needed to keep APIs and applications available and distinguish legitimate bot traffic from malicious bot traffic. The postal service IT team tried to reduce the bot and DDoS attacks through geo-blocking and reduction of services. Unfortunately, this also limited-service availability for customers, causing a negative user experience and customer dissatisfaction.
The postal service’s website, which the entity depends on to process millions of transactions per day, has also been attacked. Users were unable to access the postal website, yet the organization noticed a significant increase in network traffic. Its website was being targeted by Layer 7 (L7) application attacks, predominately SQL injections (73%).
To stop bot attacks on the package tracking API and the bot scraping of its address inquiry service, the postal service trialed and purchased Radware’s Bot Manager. Once malicious traffic was blocked, overall network traffic was reduced by 40% and transactions were reduced by 50%. The postal service was able to provide customers a better online experience while reducing bandwidth costs and web server computing resources.
The postal service also needed a more efficient way to handle daily L7 application and data center attacks which overwhelmed their IT team. The organization chose to transition from Radware’s premise-based WAF service to Radware’s fully-managed Cloud WAF service. The Cloud WAF is bundled with Radware’s managed Cloud DDoS Protection Service to help the organization handle exploratory DDoS attacks and future DDoS exploits.
MOVE TO THE CLOUD
The postal service wanted to move applications to Microsoft Azure to recognize agility and flexibility in application development and deployment. However, they wanted to secure their proprietary assets in the cloud, where attackers would have access to its valuable data via the cloud vendor. The postal service also required visibility into its assets to remotely manage the risk of exposure of its cloud applications and data.
Radware’s Cloud Native Protector could help the postal service analyze potential risk and give them visibility to manage their cloud assets. After a successful proof of concept and installation, the postal service learned some of its cloud data storage had been exposed. The postal service uses Cloud Native Protector to secure its data assets and is also using the service to control excessive permissions to applications.
When evaluating security solutions, make sure to ask vendor whose solutions you’re evaluating the following questions:
- Can you ensure business continuity under attack?
- What attacks does your solution defend against?
- Do you use behavioral learning algorithms to establish ‘legitimate’ traffic patterns?
- How do you distinguish between good and bad traffic?
Read full EMEA Postal case study here.