Bloon
About Bloon
Bloon, a prominent fintech application, recognized the critical need to fortify its security measures to safeguard sensitive financial data and ensure uninterrupted service delivery. With AWS CloudFront, Bloon aimed to leverage advanced security features to mitigate potential threats and enhance its security posture and ensure uninterrupted service delivery.
Bloon, a prominent fintech application, recognized the critical need to fortify its security measures to safeguard sensitive financial data and ensure uninterrupted service delivery. With AWS CloudFront, Bloon aimed to leverage advanced security features to mitigate potential threats and enhance its security posture and ensure uninterrupted service delivery.
Tech Stack
Challenges
Bloon faced several security challenges:
- 01. Protection of Sensitive Data
Ensuring that financial data remains secure and inaccessible to unauthorized entities.
- 02. Threat Mitigation
Implementing measures to mitigate common threats like DDoS attacks, SQL injection, and cross-site scripting (XSS). - 03. Regulatory Compliance
Adhering to industry regulations such as PCI DSS to maintain trust and credibility among users.
- 04. Continuous Monitoring
Establishing a system for real-time monitoring and logging to promptly detect and respond to security incidents.
Solutions
Bloon implemented a comprehensive security strategy using AWS CloudFront:
- 01. Implementation of Origin Security Features
1.1 Origin Access Identity (OAI) for S3
- Bloon configured an Origin Access Identity (OAI) and associated it with the CloudFront distribution to restrict direct access to the S3 bucket containing static content.
- A bucket policy was implemented to allow access only to requests originating from CloudFront, enforced through the OAI.
- Security groups were configured for EC2 instances hosting dynamic content, permitting inbound traffic solely from CloudFront IP ranges and blocking direct access.
- Network ACLs were utilized at the subnet level to impose additional security controls and restrict unauthorized access.
-
1.3 Custom Headers for Origin Validation
- CloudFront was configured to include a custom header (X-Origin-Auth) with each request to the origin.
- Bloon's application server validates the presence and value of the X-Origin-Auth header to ensure requests originate from CloudFront, enhancing origin validation.
- 02. Implementation of Application Firewalls @Edge using AWS WAF
2.1. AWS WAF Configuration
- Bloon created a Web Application Firewall (WAF) ACL and associated it with CloudFront to filter incoming requests.
- AWS Managed Rules were enabled to protect against common threats such as SQL injection and XSS, providing immediate security against known vulnerabilities.
- Custom rules were established to implement rate limiting, restricting the number of requests from a single IP address to mitigate DDoS attacks.
- Geo-blocking was employed to block requests from specific countries known for malicious activity, reducing the risk of potential attacks.
- Bloon enabled logging for the Web ACL, directing logs to an S3 bucket for analysis and auditing.
- CloudWatch alarms were configured using WAF metrics to alert administrators of anomalous activity, such as spikes in blocked requests, facilitating prompt response to potential threats.
Results
The implementation of AWS CloudFront’s advanced security features yielded significant outcomes for Bloon:
Bloon enhanced data security by effectively protecting sensitive financial data from unauthorized access and potential breaches. It successfully mitigated common threats like DDoS attacks, SQL injection, and XSS, ensuring service integrity and availability.
By achieving compliance with PCI DSS, Bloon fostered trust and credibility among users and regulatory bodies, and established a proactive security posture with real-time monitoring and response capabilities.
Get PDF10X
Protection against DDoS attacks. Mitigate DDoS attacks by distributing traffic across multiple edge locations.
50%
Reduction in latency. Faster load times and reduced latency enhanced user satisfaction.
60%
60% reduction in bandwidth costs. Efficient caching reduced the load on origin servers, leading to lower operational costs.
99.99%
Improved Uptime to 99.99%. With over 300 edge locations globally, it ensures low latency and high availability.
Results
10X
Protection against DDoS attacks. Mitigate DDoS attacks by distributing traffic across multiple edge locations.
50%
Reduction in latency. Faster load times and reduced latency enhanced user satisfaction.
60%
60% reduction in bandwidth costs. Efficient caching reduced the load on origin servers, leading to lower operational costs.
99.99%
Improved Uptime to 99.99%. With over 300 edge locations globally, it ensures low latency and high availability.
By achieving compliance with PCI DSS, Bloon fostered trust and credibility among users and regulatory bodies, and established a proactive security posture with real-time monitoring and response capabilities.
Get PDF
Let’s have a conversation today!
Our experts are available to discuss your requirements and to become your tech partner
India
SDF L-1, NSEZ,
Sector 81, Block L, Phase-2,
Noida, Uttar Pradesh-201305
USA
OnGraph Technologies,
120 Bethpage Rd, Suite 304,
Hicksville, NY 11801, USA
Canada
7-1039 CEDARGLEN GATE,
Mississauga, Ontario,
Canada L5C 3A7
UK
89 Banstead Road South,
Sutton, Surrey, SM2 5LH
United Kingdom
Malaysia
G-3A, Amaya Maluri, Jalan
Jejaka 2, Taman Maluri,
KL–55100, Malaysia
Singapore
10 Anson Road,#26-04
International Plaza,
Singapore (079903)
