Insurance
Avoiding Damaging DDoS Downtime
In less than 6 months, MazeBolt RADAR™ identified and remediated over 93% of DDoS vulnerabilities for a major insurance company.
The Customer
The customer is a leading insurance company catering to a customer base of over 4 million, with yearly revenues of over $8 billion. The customer recently underwent a comprehensive digital overhaul – enhancing its offerings by delivering essential services and mobile applications to its valued customers, agents, and staff. They struggled to prevent recurring DDoS attacks that caused damaging downtime.
Key Takeaways
Customer Challenges
- Recurrent downtime due to DDoS attacks
- Multi-million-dollar losses and online reputational damages
- Identification of only a fraction of the DDoS vulnerabilities
- Lack of an actionable remediation plan
The Benefits
- Understanding critical DDoS exposure and risk
- Avoidance of damaging DDoS downtime
- Access to insight and data necessary to protect services
- All DDoS attacks have been mitigated automatically
- Automated DDoS protection improved by over 150%
The Challenge
Despite having robust DDoS protection solutions in place – including a Scrubbing Center and on-premises DDoS protection – the company experienced damaging DDoS downtime. The downtime caused:
- Disruption to critical mobile and online services
- Disruption to claims and payment processes
- Agent productivity loss (i.e., when the agent portal is unavailable)
- Employee productivity loss (i.e., when the VPN and email servers are down)
A rough estimate of DDoS downtime costs indicated a multi-million-dollar loss, as well as reputational damage. Biannual, DDoS pen testing was disruptive to network security teams. They required maintenance windows and were not effective in preventing attacks due to the testing’s irregularity. In addition, traditional DDoS tests identified only a fraction of the DDoS vulnerabilities and lacked an actionable remediation plan. Recognizing the growing risk of DDoS attack, the company was looking for ways to significantly reduce the risk and prevent damaging DDoS downtime.
Our Solution
MazeBolt conducted a short Proof of Concept (POC), and it became clear that over 54% of Layer 7 attacks were not blocked and were likely to cause downtime. The company decided to deploy MazeBolt RADAR in three data centers downstream of each of their DDoS protection layers, so that – using continuous, non-disruptive DDoS testing – they could easily expose all the company’s DDoS vulnerabilities. RADAR uncovered the following information:
- Over 2,800 DDoS vulnerabilities
- 63% of the DDoS vulnerabilities (from layers 3, 4, and 7) remained a threat
- The existing DDoS protection deployed was only 37% effective
- Emergency response teams and SLAs were only implemented after the attack
RADAR automatically provided a prioritized remediation plan of all DDoS vulnerabilities, including Slowloris, UDP, IKE, and DNS attack vectors. MazeBolt’s Professional Services team helped manage the remediation process, working side by side with the customer’s SOC team and DDoS mitigation vendor.
During the first round of testing, RADAR identified that the company did not have Layer 7 DDoS protection and required SSL off-loading to enable it. If the company had been hit with a DDoS attack at that time, the enormous volume of their DDoS vulnerabilities would have left the company’s environment unprotected. Manual intervention of emergency response teams would have been required, resulting in damaging time-to-mitigation (TTM) and emergency response SLAs.
Customer Benefits
The impact of RADAR on the company’s DDoS resilience included:
- Identifying and eliminating over 93% of DDoS vulnerabilities in layers 3,4, and 7
- Improving automated DDoS protection by over 150%
- Choosing and deploying a Web Application Firewall (WAF) solution
- Automatically blocking Layer 7 attacks (based on RADAR recommendations)
- Reducing DDoS vulnerability levels to less than 10%
- Eliminating the need to initiate emergency response SLAs
Since deploying RADAR, the customer has successfully proactively mitigated DDoS attacks automatically, without any damaging downtime – despite being heavily targeted by multiple threat actors. Ongoing RADAR validation provides the necessary insight and data to maintain and protect new services.
The company is currently extending the RADAR deployment to their cloud environments. Their cloud deployment will be centrally managed with the company’s existing, on-prem. deployment, to create a unified vulnerability flow with their DDoS mitigation vendor.
