How we stopped 35.000 attacks daily - The Tactical Advantage of Threat Intelligence: A Case Study with OneFirewall
Effective threat intelligence is a tactical necessity to detect, respond, and mitigate these threats in real-time. This article presents a detailed case study of a recent engagement by OneFirewall that demonstrates the measurable impact of actionable threat intelligence.
A new member of OneFirewall (referred to as Member X) operates a B2B SaaS platform serving clients globally through three cloud providers: Azure, DigitalOcean, and GCP. Their infrastructure includes:
Two instances in Europe.
One instance in the US.
As their business expanded, so did their exposure to attacks:
22% of traffic was performing unauthorized operations (attacks).
An average of 35,000 attacks per day targeted web services and management consoles.
Security limitations identified:
Cloudflare (free plan) for CDN without advanced security features.
Direct access to management consoles without VPN.
Insufficient detection capabilities for advanced threats.
Requirements: Member X needed an immediate solution to stop the ongoing attacks without compromising flexibility in their technology stack or adopting complex security solutions.
Objective: Secure Member X’s infrastructure within 24 hours using threat intelligence and targeted defensive measures.
Conducted a comprehensive assessment of attack patterns:
High-frequency automated bot traffic.
Brute-force attempts targeting SSH access.
Application-layer attacks on web services.
Mapped threat vectors to identify critical vulnerabilities.
Integrated OneFirewall’s distributed threat intelligence:
Assessed threat sources using a Crime Score metric.
Prioritized blocking sources with a Crime Score above 120.
Analyzed attack signatures in real-time to refine blocking rules.
Deployed ACLs (Access Control Lists) to block IPs scoring above 120.
Whitelisted remote access to approved IP ranges.
Optimized traffic routing and CDN configurations to reduce attack surface.
Hardened web ingress points using threat intelligence to prevent application-layer attacks.
Blocked Unauthorized Traffic:
Prevented all traffic from IPs with a Crime Score >120.
Eliminated the 35.000 daily unauthorized traffic effectively.
Reduced Latency by 28%:
Blocking malicious traffic at the edge reduced processing overhead.
Improved response times for legitimate users.
Mitigated All Web and SSH Attacks:
Implemented automated blocking for SSH brute-force attempts.
Prevented all identified web application attacks without manual intervention.
Enhanced Threat Intelligence Network:
Member X’s integration added over 12,000 new threat feeds per day.
Identified 0.49% unique threats previously undetected by other members.
Perimeter Security is Critical:
Threat Intelligence as a Force Multiplier:
Continuous Intelligence Sharing:
This case study demonstrates the tactical value of actionable threat intelligence. By rapidly deploying intelligence-driven defenses, OneFirewall secured Member X’s infrastructure against a high volume of attacks without compromising performance or flexibility. This approach underlines the importance of integrating real-time threat intelligence for any online service facing continuous threats.
How we stopped 35.000 attacks daily - The Tactical Advantage of Threat Intelligence: A Case Study with OneFirewall
Effective threat intelligence is a tactical necessity to detect, respond, and mitigate these threats in real-time. This article presents a detailed case study of a recent engagement by OneFirewall that demonstrates the measurable impact of actionable threat intelligence.
A new member of OneFirewall (referred to as Member X) operates a B2B SaaS platform serving clients globally through three cloud providers: Azure, DigitalOcean, and GCP. Their infrastructure includes:
Two instances in Europe.
One instance in the US.
As their business expanded, so did their exposure to attacks:
22% of traffic was performing unauthorized operations (attacks).
An average of 35,000 attacks per day targeted web services and management consoles.
Security limitations identified:
Cloudflare (free plan) for CDN without advanced security features.
Direct access to management consoles without VPN.
Insufficient detection capabilities for advanced threats.
Requirements: Member X needed an immediate solution to stop the ongoing attacks without compromising flexibility in their technology stack or adopting complex security solutions.
Objective: Secure Member X’s infrastructure within 24 hours using threat intelligence and targeted defensive measures.
Conducted a comprehensive assessment of attack patterns:
High-frequency automated bot traffic.
Brute-force attempts targeting SSH access.
Application-layer attacks on web services.
Mapped threat vectors to identify critical vulnerabilities.
Integrated OneFirewall’s distributed threat intelligence:
Assessed threat sources using a Crime Score metric.
Prioritized blocking sources with a Crime Score above 120.
Analyzed attack signatures in real-time to refine blocking rules.
Deployed ACLs (Access Control Lists) to block IPs scoring above 120.
Whitelisted remote access to approved IP ranges.
Optimized traffic routing and CDN configurations to reduce attack surface.
Hardened web ingress points using threat intelligence to prevent application-layer attacks.
Blocked Unauthorized Traffic:
Prevented all traffic from IPs with a Crime Score >120.
Eliminated the 35.000 daily unauthorized traffic effectively.
Reduced Latency by 28%:
Blocking malicious traffic at the edge reduced processing overhead.
Improved response times for legitimate users.
Mitigated All Web and SSH Attacks:
Implemented automated blocking for SSH brute-force attempts.
Prevented all identified web application attacks without manual intervention.
Enhanced Threat Intelligence Network:
Member X’s integration added over 12,000 new threat feeds per day.
Identified 0.49% unique threats previously undetected by other members.
Perimeter Security is Critical:
Threat Intelligence as a Force Multiplier:
Continuous Intelligence Sharing:
This case study demonstrates the tactical value of actionable threat intelligence. By rapidly deploying intelligence-driven defenses, OneFirewall secured Member X’s infrastructure against a high volume of attacks without compromising performance or flexibility. This approach underlines the importance of integrating real-time threat intelligence for any online service facing continuous threats.