National Lottery secures web resources with PT Cloud Application Firewall

2024: PT Cloud Application Firewall Implementation Results

Cloudy firewall to protect Web applications PT Cloud Application Firewall , secures Web resources. National Lottery"" The product is used on a monthly subscription and flexibly adapts to the load IT of assets: the client's web resources process an average of up to 1000 requests per second. This was Positive Technologies reported on July 31, 2024.

The National Lottery faced a combined cyber attack on January 1, 2024, a couple of hours before the start of the New Year's drawing of the flagship Dreamallion lottery. At that time, the company already had layered protection of web resources, including on the basis of PT Cloud Application Firewall, which made it possible to cope with the actions of hackers. As a rule, holiday runs are accompanied by high traffic in the web application - the number of requests processed per second increases by about 100 times compared to normal days. If in non-holiday times a one-day downtime of resources can turn into financial damage for the company in the amount of 3-7% of monthly revenue, then during periods of high demand this figure increases many times.

For us, even a short-term downtime is an unacceptable event that can lead to financial losses to hit reputation, reduce loyalty, and raise questions from regulators, the National Lottery press service noted. - PT Cloud Application Firewall is the best protection tool for us: with a significant increase in traffic, the system scales without using our resources. The product is also profitable in terms of economics: if we compare the cost of using WAF in the cloud and in the on-premium format in terms of the year, then the first costs us about 30 times cheaper than the second. This is also due to the uneven distribution of traffic: it is easier for us to pay the provider's additional bill for a short-term excess of the tariff than to buy the corresponding licenses and maintain equipment all year round,

The feasibility of acquiring PT Cloud Application Firewall was confirmed after the first attempt at a large-scale attack on the National Lottery. The attackers tried to target web resources for 15 minutes, but the product protection mechanisms worked normally, and all hacking attempts were unsuccessful.

Hackers always estimate how much time and resources they need to spend to achieve their goal. In this regard, WAF class systems have two main tasks. The first is to reduce the surface for cyber attacks, making the company's web resources uninteresting at the stage of scanning the target. The second is to force the attackers to retreat, realizing that in order to achieve the result, it is necessary to spend a huge amount of resources without guaranteeing success, "said Denis Prokhorchik, director of cloud product business development at Positive Technologies.