Transforming DDoS Defence for a Real Estate application service provider

Customer is based out in New York City with owned and managed overseas operations in Brasov Romania, Chennai India and Madurai India. Has expertise in developing scalable, enterprise level web-based software applications for the real estate industry. The Customer Support Division delivers premier service through interactive and proactive engagement that ensures a successful experience.

• Customer encountered significant DDoS attacks that impacted multiple servers and applications. Customer has faced this 3 times with in 3 months before coming to  workmates and failing to get the root cause and protection.
• The attacks included an HTTP flood of 80,000 requests per second targeting their India based web application servers, a SYN flood of 120,000 packets per second and DNS amplification with 40,000 queries per second, and a UDP flood of 60,000  per second.
• They faced additional difficulties with their WAF in handling legitimate VPN users, who experienced access issues and increased latency due to the firewall’s stringent rules.
• The attack involved an overwhelming influx of nearly 1.2 billion requests over just 20 minutes and This attack originated from approximately 74k unique IP addresses. The sources of these addresses were substantial from Indonesia and China amongst 10 countries identified. A total of 200Mn+ requests ware observed during the attack.

• AWS Advanced Shield: Implemented for enhanced DDoS protection across their AWS infrastructure.
• Custom WAF Rules: Developed 20 tailored rules, including specific allowances for approved VPN users, and filters to block traffic from China and Indonesia.
• Continuous Monitoring: Leveraged AWS CloudWatch for ongoing surveillance of the web environment.
• Regular Audits: Established AWS Config rules for automated compliance checks and corrective actions.
• Dynamic Alert System: Created using Amazon EventBridge and Amazon SNS to facilitate swift incident response.

• DDoS Impact Reduction: Achieved an 80% reduction in the impact of DDoS attacks, effectively managing traffic spikes of up to 2 billion requests per minute during peak times.
• Improved Traffic Management: Updated and custom rules led to a 60% improvement in handling legitimate traffic, reducing false positives significantly.
• Enhanced VPN Access: Introduced a dedicated rule for 150 approved VPN clients, resolving access issues and decreasing latency by 40%.
• Overall Security Enhancement: Strengthened defenses against large-scale DDoS attacks, leading to improved uptime and user experience, while safeguarding the client’s global infrastructure.

The partnership with Workmates significantly enhanced the client’s ability to manage and mitigate DDoS threats, demonstrating substantial progress in protecting their operations and ensuring a reliable service for their users.