About the customer
Industry:Technology, IT Services
During periods of sustained peak operational activity, an IT firm found itself exposed to sophisticated Distributed Denial of Service (DDoS) attacks. The B2B business engaged Cloud Kinetics to combat this risk and reduce vulnerability by designing a scalable, repeatable security framework that would help ensure the continuous availability of the customer’s web services.
Challenge
Vulnerability to DDoS from visibility blindspots and loose baselines
Recurrent exposure to high levels of malicious traffic in high engagement windows (where transaction volumes were at their highest) posed a risk to the platform availability. This in turn risked the stability of the customer’s core services.
The constraints and issues:
CloudFront WAF logging was disabled, making it impossible to immediately identify source IPs, attack patterns or traffic anomalies in real-time.
High setting for default rate limit (10,000 requests) meant excessive traffic bursts could pass through without triggering any defensive mechanisms.
No predefined security baselines or path-specific limits were configured, leaving the system vulnerable to targeted endpoint attacks.
Solution
Data-driven defence with AWS Athena and reinforced CloudFront WAF configuration
Cloud Kinetics helped the company shift from reactive incident handling to a predictive data-driven security model. AWS Athena queries to resolve the critical outage proved instrumental in achieving rapid incident resolution.
The AWS WAF configurations were redesigned and intelligent, path-specific restrictions that maintained legitimate traffic, while effectively neutralizing the attack, were put in place:
Rate limit reduced to 100 requests per 5-minute evaluation window
Target path identified through Athena log analysis as the primary attack vector
Source of attack grouped by Source IP Address and IP Ranges restricted to prevent individual sources from overwhelming the endpoint
Success Metrics
Proactive approach with a scalable DDoS mitigation framework
Sustained measurable improvements were seen as a result of this implementation.
Eliminated blind spots in traffic monitoring
New security baseline was established for future traffic anomalies
Created reusable WAF patterns for similar attacks
Global limit tightened from 10,000 to 4,000 requests
99% traffic drop with immediate stability achieved post-implementation
100% service recovery – incident fully resolved and services stabilized
The business has now built long-term resilience and ensured continuous service availability by transforming traffic-based threats that could cause critical outages into manageable, predictable events.
