> ## Documentation Index > Fetch the complete documentation index at: https://docs.onefirewall.com/llms.txt > Use this file to discover all available pages before exploring further. # 35.000 attacks daily > How we stopped 35.000 attacks daily - The Tactical Advantage of Threat Intelligence: A Case Study with OneFirewall Effective threat intelligence is a tactical necessity to detect, respond, and mitigate these threats in real-time. This article presents a detailed case study of a recent engagement by OneFirewall that demonstrates the measurable impact of actionable threat intelligence. *** ## Background: Scaling Business, Scaling Attack Surface A new member of OneFirewall (**referred to as Member X**) operates a B2B SaaS platform serving clients globally through three cloud providers: **Azure, DigitalOcean, and GCP**. Their infrastructure includes: * **Two instances** in Europe. * **One instance** in the US. As their business expanded, so did their exposure to attacks: * **22% of traffic** was performing unauthorized operations (attacks). * An average of **35,000 attacks per day** targeted web services and management consoles. * Security limitations identified: * **Cloudflare (free plan)** for CDN without advanced security features. * **Direct access to management consoles** without VPN. * Insufficient detection capabilities for advanced threats. **Requirements:** Member X needed an immediate solution to stop the ongoing attacks without compromising flexibility in their technology stack or adopting complex security solutions. *** ## OneFirewall’s Approach: A Tactical Action Plan **Objective:** Secure Member X’s infrastructure within 24 hours using threat intelligence and targeted defensive measures. ### **Step 1: Threat Analysis** * Conducted a comprehensive assessment of attack patterns: * High-frequency automated bot traffic. * Brute-force attempts targeting SSH access. * Application-layer attacks on web services. * Mapped threat vectors to identify critical vulnerabilities. ### **Step 2: Threat Intelligence Integration** * Integrated OneFirewall’s **distributed threat intelligence**: * Assessed threat sources using a **Crime Score** metric. * Prioritized blocking sources with a **Crime Score above 120**. * Analyzed attack signatures in real-time to refine blocking rules. ### **Step 3: Implementation of Preventive Controls** * **Deployed ACLs (Access Control Lists)** to block IPs scoring above 120. * **Whitelisted remote access** to approved IP ranges. * **Optimized traffic routing and CDN** configurations to reduce attack surface. * **Hardened web ingress points** using threat intelligence to prevent application-layer attacks. *** ## Results: Concrete Security and Performance Gains 1. **Blocked Unauthorized Traffic:** * Prevented all traffic from IPs with a **Crime Score >120**. * Eliminated the 35.000 **daily unauthorized traffic** effectively. 2. **Reduced Latency by 28%:** * Blocking malicious traffic at the edge reduced processing overhead. * Improved response times for legitimate users. 3. **Mitigated All Web and SSH Attacks:** * Implemented automated blocking for SSH brute-force attempts. * Prevented all identified web application attacks without manual intervention. 4. **Enhanced Threat Intelligence Network:** * Member X’s integration added **over 12,000 new threat feeds per day**. * Identified **0.49% unique threats** previously undetected by other members. *** ## Key Observations 1. **Perimeter Security is Critical:** * Immediate blocking of malicious traffic at the edge is essential for both security and performance. 2. **Threat Intelligence as a Force Multiplier:** * Real-time intelligence enabled accurate blocking without affecting legitimate traffic. 3. **Continuous Intelligence Sharing:** * Member X’s contribution strengthened the entire OneFirewall community by expanding the threat intelligence dataset. *** ## Conclusion This case study demonstrates the tactical value of actionable threat intelligence. By rapidly deploying intelligence-driven defenses, OneFirewall secured Member X’s infrastructure against a high volume of attacks without compromising performance or flexibility. This approach underlines the importance of integrating real-time threat intelligence for any online service facing continuous threats.