Banking

International Bank Chooses RADAR™ to Prevent Damaging DDoS Attacks

DOWNLOAD THE PDF

The Customer

A large, international bank operating in Europe and the US was facing repetitive DDoS attacks and downtime of critical online banking and third-party financial services.

Key Takeaways

Customer Challenges

• Recurring DDoS downtime
• Lost revenue, due to the disruption of business operations
• High risk of customer churn

Our Impact

• Elimination of damaging DDoS downtime 

• Lower DDoS vulnerability level – from 57% to under 5%  
• Reduction of the cost of cyber insurance

The Challenge

Ongoing DDoS attacks created the following challenges:

• Unavailability of critical, customer-facing services, including online and mobile banking, and proprietary trading platforms 
• Inaccessibility of third-party, connected applications (such as loan and payment apps) 
• Interruption to VPN connectivity, creating issues for employees and remote branches 
• Risk to open banking initiatives due to API vulnerabilities

Our Solution

RADAR’s nondisruptive DDoS attack simulation solution was deployed in the bank’s primary data centers. RADAR identified vulnerabilities in the scrubbing center, CPE, and WAF protection layers. 

First, RADAR identified the following DDoS vulnerabilities in the bank’s deployed protection technologies: 

• 57% DDoS vulnerability level – across layers 3, 4, and 7
• Automated DDoS protection that was only 43% effective
• DDoS protection policies that were not customized, leaving the bank exposed.

Working with MazeBolt’s Professional Services team, the bank was able to gain critical visibility into its DDoS protection misconfigurations and vulnerabilities – per security layer.

Next, RADAR provided the bank with a prioritized report of identified vulnerabilities. MazeBolt’s actionable remediation plan continues to be generated automatically after each cycle of RADAR attack simulations. This enables MazeBolt’s team to focus on the attack vectors that present the greatest risk to the bank’s environment, including: sophisticated Layer 7 attacks, Slowloris, UDP, and DNS attack vectors. 

Customer Benefits

Since the bank started working with RADAR, all DDOS attacks have been mitigated automatically without without any damaging downtime.

Additional benefits include:

• Improvement of automated DDoS protection by over 120% (from 43% to over 95%), enabling the bank to avoid disruption of business operations
• Reduction in cyber insurance costs
• Drop in the bank’s DDoS vulnerability level – from 57% to less than 5%
• RADAR-generated reports that are key to the bank’s compliance with cybersecurity regulations

MazeBolt’s actionable remediation plan continues to be generated automatically after each cycle of RADAR attack simulations. This enables MazeBolt’s team to focus on the attack vectors that present the greatest risk to the bank’s environment, including: sophisticated Layer 7 attacks, Slowloris, UDP, and DNS attack vectors.

– CISO, International Bank

Insurance

Avoiding Damaging DDoS Downtime

In less than 6 months, MazeBolt RADAR™ identified and remediated over 93% of DDoS vulnerabilities for a major insurance company.

DOWNLOAD THE PDF

The Customer

The customer is a leading insurance company catering to a customer base of over 4 million, with yearly revenues of over $8 billion. The customer recently underwent a comprehensive digital overhaul – enhancing its offerings by delivering essential services and mobile applications to its valued customers, agents, and staff. They struggled to prevent recurring DDoS attacks that caused damaging downtime. 

Key Takeaways

Customer Challenges

• Recurrent downtime due to DDoS attacks 

• Multi-million-dollar losses and online reputational damages 

• Identification of only a fraction of the DDoS vulnerabilities  

• Lack of an actionable remediation plan 

The Benefits

• Understanding critical DDoS exposure and risk 

• Avoidance of damaging DDoS downtime  

• Access to insight and data necessary to protect services 

• All DDoS attacks have been mitigated automatically 

• Automated DDoS protection improved by over 150% 

The Challenge​

Despite having robust DDoS protection solutions in place – including a Scrubbing Center and on-premises DDoS protection – the company experienced damaging DDoS downtime. The downtime caused: 

• Disruption to critical mobile and online services 

• Disruption to claims and payment processes 

• Agent productivity loss (i.e., when the agent portal is unavailable) 

• Employee productivity loss (i.e., when the VPN and email servers are down)

A rough estimate of DDoS downtime costs indicated a multi-million-dollar loss, as well as reputational damage. Biannual, DDoS pen testing was disruptive to network security teams. They required maintenance windows and were not effective in preventing attacks due to the testing’s irregularity. In addition, traditional DDoS tests identified only a fraction of the DDoS vulnerabilities and lacked an actionable remediation plan. Recognizing the growing risk of DDoS attack, the company was looking for ways to significantly reduce the risk and prevent damaging DDoS downtime. 

Our Solution

MazeBolt conducted a short Proof of Concept (POC), and it became clear that over 54% of Layer 7 attacks were not blocked and were likely to cause downtime. The company decided to deploy MazeBolt RADAR in three data centers downstream of each of their DDoS protection layers, so that – using continuous, non-disruptive DDoS testing – they could easily expose all the company’s DDoS vulnerabilities. RADAR uncovered the following information: 

• Over 2,800 DDoS vulnerabilities 

• 63% of the DDoS vulnerabilities (from layers 3, 4, and 7) remained a threat 

• The existing DDoS protection deployed was only 37% effective 

• Emergency response teams and SLAs were only implemented after the attack 

RADAR automatically provided a prioritized remediation plan of all DDoS vulnerabilities, including Slowloris, UDP, IKE, and DNS attack vectors. MazeBolt’s Professional Services team helped manage the remediation process, working side by side with the customer’s SOC team and DDoS mitigation vendor.  

During the first round of testing, RADAR identified that the company did not have Layer 7 DDoS protection and required SSL off-loading to enable it. If the company had been hit with a DDoS attack at that time, the enormous volume of their DDoS vulnerabilities would have left the company’s environment unprotected. Manual intervention of emergency response teams would have been required, resulting in damaging time-to-mitigation (TTM) and emergency response SLAs. 

Customer Benefits

The impact of RADAR on the company’s DDoS resilience included: 

• Identifying and eliminating over 93% of DDoS vulnerabilities in layers 3,4, and 7 

• Improving automated DDoS protection by over 150% 

• Choosing and deploying a Web Application Firewall (WAF) solution  

• Automatically blocking Layer 7 attacks (based on RADAR recommendations) 

• Reducing DDoS vulnerability levels to less than 10% 

• Eliminating the need to initiate emergency response SLAs  

Since deploying RADAR, the customer has successfully proactively mitigated DDoS attacks automatically, without any damaging downtime – despite being heavily targeted by multiple threat actors. Ongoing RADAR validation provides the necessary insight and data to maintain and protect new services. 

The company is currently extending the RADAR deployment to their cloud environments. Their cloud deployment will be centrally managed with the company’s existing, on-prem. deployment, to create a unified vulnerability flow with their DDoS mitigation vendor. 

Following our work with MazeBolt, I felt our previous DDoS protection efforts were like a ‘placebo.’ MazeBolt provided us with critical insights to remediate all our DDoS risks. I’m confident our systems are much safer today with RADAR and our DDoS protection is as resilient as possible.

– CISO of a leading, global insurance company

Government

Government Secures Parliamentary Elections

Israel’s government used RADAR™ to protect over 2,300 online services from DDoS attack & ensure that national election processes were secured.

DOWNLOAD THE PDF

The Customer​

Israel’s governmental institutions offer over 2,300 services online. As public services are widely used online, it is essential that business continuity of these services is maintained 24/7 – and that downtime is avoided. Successful DDoS attacks are highly publicized in Israel, and potentially, a DDoS attack can become an issue of national security.  

Key Takeaways

Customer Challenges

• Protecting the integrity of upcoming national elections 

• Ensuring effective defense against ongoing DDoS attacks 

• Preventing damaging DDoS downtime 

Our Impact

• Ensuring parliamentary elections took place without disruption

• Maintaining the business continuity of online governmental services 24/7 

The Challenge​

The Israeli government continues to be a major target for politically motivated DDoS attackers. At the same time, the government continued to move additional public services online, including payments, requests and informational services. 

During Israel’s parliamentary elections, all these issues were exacerbated: 

• Multiple threat actors –Government departments were under constant threat from multiple groups 

• Stability – Online availability during elections is critical to Israel’s democratic process 

• Zero downtime – With so many governmental institutions offering services online, downtime due a DDoS attack must be avoided 

Our Solution

After RADAR was deployed, the Israeli government’s cybersecurity unit gained complete visibility into their DDoS security posture. Following initial testing, several DDoS protection layers were identified as vulnerable. MazeBolt’s Professional Services team prioritized remediation efforts and empowered the Israeli government to work with their DDoS protection providers and ensure zero disruption to online services. 

Customer Benefits

The impact of RADAR on the company’s DDoS resilience included: 

• Full visibility – The cybersecurity team gained full visibility into each security layer  

• Remediated vulnerabilities – Discovery of regions of the network that weren’t protected, and closing vulnerabilities quickly and efficiently 

• Zero Downtime – No interruption to online services during testing and remediation periods, while successfully blocking all DDoS attack attempts 

• Complete resilience – Despite being targeted by threat actors, none of the sites that implemented RADAR experienced any DDoS attacks 

Israel’s Head of IT Security indicated that the continuous visibility provided by RADAR, combined with the clear and precise reports provided by RADAR, allowed the government’s cybersecurity department to dramatically reduce their DDoS risk and ensure that parliamentary elections were not disrupted. 

Banking and Financial Services

Eliminating DDoS False Positives

DDoS risk was reduced from 48% to 2% for a global, financial services enterprise that uses RADAR™ to gain better ROI on their DDoS protections.

DOWNLOAD THE PDF

The Customer

A global financial services organization was committed to providing reliable services and tools to its account holders. They had developed a system that made it easy for their customers to set up and use their services, and a complex, secure, and highly intelligent platform was behind the streamlined customer experience they developed. The platform included intricate applications and networks that worked together seamlessly. But a single incident spiraled into a hazardous DDoS attack. The company’s legitimate customers were blocked from accessing services. 

Key Takeaways

Customer Challenges

• Understanding true DDoS exposure and risk 

• Effectively securing rapidly expanding online services 

Our Impact

• Drastically reduced risk from 48% to 2% – a 24x risk reduction 

• Elimination of false positives 

• Better ROI on DDoS protection investments 

• Continuous DDoS testing with no service disruption  

The Challenge

When the company added new services – designed to improve sales and increase customer engagement for their merchants – one of the applications inadvertently sent out a push request to the customer base. This resulted in a flood of legitimate responses. The company’s automated DDoS protection mistakenly identified the legitimate request as a DDoS attack and the end-users were blocked. As a result, thousands of their customers were denied access, which resulted in significant reputational damage.  

The company sought a way to ensure that their DDoS protection would keep pace with any future changes introduced to their online services because of digital transformation processes, and that the DDoS protection would not cause false positives. The management needed assistance to: 

• Understand their true DDoS exposure and risk 

• Effectively secure their rapidly expanding online services 

Our Solution

MazeBolt RADAR empowered the company to identify legitimate requests – running DDoS testing automatically, continuously, and nondisruptively. RADAR was incremental to the company’s existing DDoS protection to provide full visibility into legitimate requests that were blocked, for each web-facing IP/target in the network environment. 

By harnessing RADAR’s thousands of vulnerability simulations, the company was able to work effectively with their DDoS protection vendor and fine-tune their DDoS protection configurations. As a result of continuously validating assets against both legitimate traffic and malicious DDoS attacks, two things happened: 

• Minimized false positives – RADAR’s insights helped configure the company’s DDoS protection for maximum resilience, ensuring no legitimate traffic was being blocked. 

• Maximized, continuous DDoS resilience – RADAR continuously tested, identified, and triaged DDoS vulnerabilities, preempting potential DDoS exposures and effectively eliminating risk. 

Customer Benefits

Using RADAR, the company’s CISO gained visibility into DDoS vulnerabilities and was able to proactively secure online services – regardless of any changes that their digital transformation process required. This visibility was achieved quickly and effectively.  

RADAR was deployed and complimented the company’s existing DDoS protection solution. Their security teams focused their efforts on prioritizing DDoS vulnerabilities, thereby saving valuable time and budgets – and achieving true DDoS resilience.  

MazeBolt RADAR gave us real-time insight into our DDoS exposure and better management of our online services. Now we have actual DDoS visibility.

– CISO, Global Fintech organization

Banking and Financial Services

From 50% to Less Than 15% DDoS Risk

A leading, North American financial services provider used RADAR™ to close severe DDoS vulnerability gaps & avoid damaging DDoS downtime.

DOWNLOAD THE PDF

The Customer

The company offers a range of digital financial services, including investment, mortgage, and retirement planning. Having suffered an uptick of attacks and a major business disruption, the company chose MazeBolt to conduct annual red team testing. During the test, they discovered that they were vulnerable to 50% of the attack vectors tested. 

Key Takeaways

Customer Challenges

• Providing uninterrupted digital services 
• Lack of visibility into a dynamic DDoS attack surface
• The limited effectivity of red team testing 

Our Impact

• Reducing exposure from 50% to less than 15%
• Maintaining the business continuity of online services
• Validating changes in network configuration
• DDoS testing without any operational disruption 

The Challenge

When they realized the severity of their DDoS exposure, the company understood the need for continuous DDoS vulnerability testing and remediation. Their red team test was limited due to the limited attack surface coverage – only 3 targets and up to 15 attack vectors, so the test results were not a sufficient method for evaluating the effectiveness of the customer’s DDoS protection. 

Our Solution

The company implemented RADAR to perform thousands of DDoS simulations for over 140 attack vectors, and a larger number of targets. With MazeBolt’s analysis and remediation plan in hand, the company was able to work with its DDoS protection vendor and close DDoS vulnerability gaps, dramatically reducing DDoS risk.

Customer Benefits

After remediation changes were implemented, the company achieved the highest level of business continuity and DDoS readiness. They were able to continue to validate all changes in network configuration with zero operational downtime. 

Now that we are aware of the DDoS vulnerabilities in our environment, we will continue to use RADAR testing to remediate and close vulnerabilities.

– COO, Leading North American Financial Services Provider

Gaming

Gamer Maintains Business Continuity

A global online gaming provider and digital entertainment publisher stopped DDoS attacks – remediating over 96% of their DDoS vulnerabilities.

DOWNLOAD THE PDF

The Customer

The customer is one of the leading, publicly traded companies in the gaming industry, with over 6,000 employees, hundreds of partners, and millions of gamers. They specialize in online casino games with integrated online solutions for gaming operators and partners. As a worldwide leader, the company drew the attention of threat actors and suffered from relentless DDoS attacks.

Following several weeks of intermittent service disruptions and downtime, their ability to function was impaired and they suffered from significant reputational damage. The company needed to uncover its true DDoS exposure to secure its online services. 

Key Takeaways

Customer Challenges

• Several weeks of intermittent service disruptions  

• Millions of dollars in lost revenue from users and in-game ads (per hour of downtime) 

• High risk of customer churn – both partners and gamers 

Our Impact

• Eliminating damaging DDoS downtime 

• Insight and data to validate the effectiveness of their DDoS protection 

• Reducing churn by improving the user experience 

The Challenge

With millions of Daily Active Users (DAU) and significant Average Revenue Per User (ARPU), every minute that the company is offline results in millions of dollars in losses. They made a significant investment in hybrid DDoS protection solutions from top-tier vendors, but they continued to suffer damaging DDoS downtime.  

Due to the nature of their 24/7 business, the company couldn’t allow maintenance windows to perform DDoS pen tests. They needed to maintain 100% uptime with zero disruption to gamers so looked for innovative solutions that could provide complete visibility into their DDoS security posture. The CISO was intrigued by the ability of MazeBolt RADAR™ to run continuous DDoS vulnerability assessments without service disruption or downtime. 

Our Solution

After a short Proof of Concept (POC) that exposed significant vulnerabilities, RADAR was deployed downstream to each of the company’s mitigation layers. Continuous simulations identified severe vulnerabilities in layers 3 and 4, with critical misconfigurations in the CPE (for the on-premises DDoS protection) and of the Scrubbing Center (for the cloud-based DDoS protection). 

RADAR helped the company identify the following: 

• Their DDoS protection was vulnerable to 45% of attack vectors launched 

• The mitigation solutions they deployed relied heavily upon reactive and manual protection procedures previously not disclosed to the company 

• Over 190 DDoS vulnerabilities were uncovered 

After RADAR was deployed and provided the company with initial DDoS vulnerability data, MazeBolt’s Professional Services team established a new streamlined process with the company and its mitigation vendor. They created a prioritized remediation plan and made sure all online services were protected – without compromising the company’s crucial uptime and availability. 

Over 120 vulnerabilities were closed within six weeks, during which time the company continued to be targeted by DDoS attacks. The company realized that they needed to prioritize improving their DDoS resilience as soon as possible. 

Customer Benefits

Working with MazeBolt’s Professional Services team and their DDoS mitigation vendor, the company developed an action plan for continuous remediation. The impact of RADAR on the company’s DDoS resilience included: 

• Over 96% DDoS vulnerabilities remediated in less than 6 months, with zero downtime 

• Fully automated DDoS protection integrated with RADAR vulnerability testing, allowing complete prevention of damaging DDoS attacks 

• A move away from a reliance on “smart human processes” and reactive emergency response  

• Expansion of their DDoS coverage to Layer 7 vulnerabilities 

• Continuous RADAR simulations and a remediation plan with the necessary insight and data to validate the effectiveness of its DDoS protection

Case Study

Access Full Case Study

About the customer

A leading multi-channel bank focused on retail banking, insurance, and asset management activities. With nearly 45,000 employees globally in 1500 branches, a barrage of DDoS attacks was damaging business continuity and hurting customer experience.

What you will learn

• 
  Customer challenges
• 
  MazeBolt RADAR findings
• 
  
  Our solution
  
• 
  Customer outcomes