Using Cloud-Based Protection to Ensure a Superior Banking Experience


This post is also available in: French German Italian Portuguese (Brazil) Spanish

This credit union has been serving customers throughout the Southeastern United States for over 75 years. With over 300,000 members and $4 billion in assets, it is one of the largest credit unions in the region.

Like most financial service organizations, this credit union is heavily dependent on various online platforms, including its website and customer banking portal, to provide a
superior digital experience for its customers.

The Challenges

Several years ago, the credit union’s online platforms came under attack and customers were unable to access the portal and/or complete banking transactions, resulting in dissatisfied customers. This necessitated the implementation of a cloud-based web application firewall (WAF). The credit union selected Imperva’s Cloud WAF.

Unfortunately, several months later, the credit union was still suffering from various application-based attacks, including a series of new bot-based, account takeover attacks. While Imperva’s WAF proved successful in blocking these attacks, it came at an unacceptable cost. Imperva was reactionary and manual-driven, requiring the credit union’s security team to identify attack traffic themselves. This cost the credit union time when under attack and tied up limited security resources.

[You may also like: The 2020 App Threats Landscape in Review]

The credit union, which had previously inquired about Radware’s DDoS protection solutions, reached out a second time to discuss application protection. Radware and Cisco, a Radware alliance partner, presented a joint solution to provide comprehensive protection against an array of network and application attack vectors.

Staying in Business While Under Attack

In October 2020, the credit union was the target of advanced application and bot attacks which nearly crippled their application and network infrastructure. From October 17-21, the credit union experienced access control violations of their websites, followed by website application attacks which peaked at 2.5 MPPS on October 24th. A series of malicious bot attacks against the credit union websites, totaling 57.43 million hits, started on October 25th (See Figure 2).

At the time of these assaults, the credit union was still using Imperva Cloud WAF, which was incapable of fully mitigating the attacks. This resulted in high call volumes since many users were unable to access their accounts via the mobile application.

Radware expedited the implementation and onboarding of Radware Cloud WAF Service and Bot Manager. Both solutions mitigated the assaults and restored availability and security for the credit union’s mobile and web applications. The VP of IT stated that the credit union’s security team was impressed with speed and effort of the implementation and the ability of Radware professional services to address the credit union’s issues.

Radware’s Cloud WAF Service and Bot Manager have successfully safeguarded the credit union’s application from a series of high-volume application and bot attacks, allowing the company to guarantee uninterrupted service for its customers.

Because Radware’s application security tools use automation and behavioral learning to adapt to new threats, the credit union security team has more time to do proactive planning for the next evolution of threats. Next on the agenda for the credit union is implementing Radware’s Hybrid DDoS protection service.

Download The State of Web Application and API Protection to learn more.

Download Now


  1. The first step to monetizing bank instruments is to be aware of the different types of bank instruments that exist. Bank instruments can be classified as either secured or unsecured. Secured bank instruments are typically considered as collateral for loans.


Please enter your comment!
Please enter your name here