The number of DDoS attacks on AvtoVAZ sites increased 18 times in 2022

2022: Site Protection with Solar MSS Ecosystem

In 2022, the number attacks of online resources AVTOVAZ increased almost 3 times compared to the same period in 2021. At the same time, the number DDoS-attacks increased 18 times - say the specialists of the company "," RTK-Solar which provides cyber defense the site and sub-dealer domains network of AvtoVAZ. Safety online resources are implemented using the Web Application (WAF Firewall) service of the ecosystem. This was Solar MSS announced by the company "RTK-Solar" on October 17, 2022.

Illustration: vologda.bezformata.com

The WAF service protects AVTOVAZ web applications from L7 level attacks (DDoS and attacks from the OWASP Top 10 list). If in January-September 2021, about 45 thousand DDoS attacks were identified and blocked with its help, then in 2022 - already 811 thousand. The total number of medium and high criticality attacks increased from 350 to 935 thousand.

The service model has proven its economic and practical feasibility: the company has provided comprehensive protection of corporate web services, reduced equipment costs and unloaded its own information security service. At the same time, colleagues from RTK-Solar showed their readiness to adapt security profiles to a fairly large application pool, and the connection itself did not require major changes at the infrastructure level, Timur Yarullin noted, Head safety information of Systems and Technologies Department of AvtoVAZ.

AvtoVAZ information security service receives weekly reports on the operation of the service, and can also track the required indicators in real time through its personal account. At the same time, the service model turned out to be more profitable than its own similar solution.

The WAF service is implemented as a disaster recovery cluster located cloudy in the "" platform. Rostelecom The solution is operated by specialists from the countermeasures center. to cyber attacks Solar JSOC The response time of the technical support service is no more than 30 minutes.

The connection of AvtoVAZ web resources to the service was carried out in several stages. First of all, site protection was implemented. To do this, a virtual network infrastructure of sufficient power was deployed on the side of the service provider and traffic routing through the Rostelecom cloud platform was configured. At the next stage, the service worked in training mode: the service provider's specialists, together with the customer, analyzed the incoming traffic and configured the rules for blocking malicious activity. After testing, the service is put into active filtering mode. The next step was to scale the solution to other AVTOVAZ web applications.

More than 70% of intrusions over the IT perimeter of organizations are related to web vulnerabilities. Using WAF, you can detect and block attacks on web applications that miss traditional firewalls and intrusion detection systems. But any WAF requires proper configuration and constant signature updates, and this requires 24-hour incident monitoring and expertise from several cybersecurity specialists. The offer from a large service provider allows companies to resolve this issue as efficiently and quickly as possible, maintaining the speed of change required for the business. emphasized Konstantin Kamanin, Director of Product Portfolio Development at Solar MSS of Rostelecom-Solar.