About the customer
Industry:Technology, IT Services
During periods of sustained peak operational activity, an IT firm found itself exposed to sophisticated Distributed Denial of Service (DDoS) attacks. The B2B business engaged Cloud Kinetics to combat this risk and reduce vulnerability by designing a scalable, repeatable perimeter defence framework that would help ensure the continuous availability of the customer’s web services.
Challenge
Vulnerability to DDoS from gaps in perimeter defence and loose baselines
Recurrent exposure to high levels of malicious traffic in high engagement windows (where transaction volumes were at their highest) posed a risk to the platform availability. This in turn risked the stability of the customer’s core services.
The constraints and issues:
CloudFront WAF logging was disabled, making it impossible to immediately identify source IPs, attack patterns or traffic anomalies in real-time.
High setting for default rate limit (10,000 requests) meant excessive traffic bursts could pass through without triggering any defensive mechanisms.
No predefined security baselines or path-specific limits were configured, leaving the system vulnerable to targeted endpoint attacks.
Solution
Strengthening perimeter defence with data-driven traffic scrubbing with AWS Athena and CloudFront WAF
Cloud Kinetics helped the company shift from reactive incident handling to a predictive data-driven security model. AWS Athena queries to resolve the critical outage proved instrumental in achieving rapid incident resolution.
The AWS WAF configurations were redesigned and intelligent, path-specific restrictions that maintained legitimate traffic, while effectively neutralizing the attack, were put in place:
Rate limit reduced to 100 requests per 5-minute evaluation window
Target path identified through Athena log analysis as the primary attack vector
Source of attack grouped by Source IP Address and IP Ranges restricted , enabling automated traffic scrubbing to prevent individual sources from overwhelming the endpoint
Success Metrics
Proactive approach with a scalable DDoS threat mitigation framework
Sustained measurable improvements were seen as a result of this implementation.
-
Perimeter defence: By reinforcing the edge, the firm moved from a reactive to a predictive stance.
-
Threat mitigation: The new framework provided continuous protection against evolving DDoS vectors.
-
Traffic scrubbing: Automated filtering ensured that legitimate users access services while malicious traffic is blocked at the edge.
Eliminated blind spots in traffic monitoring
New security baseline was established for future traffic anomalies
Created reusable WAF patterns for similar attacks
Global limit tightened from 10,000 to 4,000 requests
99% traffic drop with immediate stability achieved post-implementation
100% service recovery – incident fully resolved and services stabilized
The business has now built long-term resilience and ensured continuous service availability by transforming traffic-based threats that could cause critical outages into manageable, predictable events.
