Crownpeak (and AWS) Successfully Defend Customer From DDoS Attack

Our own chief technology officer Adrian Newby was selected to present at AWS re:Invent 2014 – Amazon Web Services’ annual global user event held at the Venetian in Las Vegas from November 11-14, 2014. His security session shared techniques to combat Distributed Denial of Service attacks, also known as “DDoS” in the information security business. The presentation was titled “Building a DDoS-Resilient Architecture with Amazon Web Services” as part of the conference’s Security track.

Crownpeak was showcased as an AWS customer with real-world battlefield experience defending against DDoS threats, including helping one of our own customers combat an actual attack. Invest the next 10 minutes and listen to the whole video story below (starting at about 36:00 mark). In case you didn’t know, AWS is the bullet-proof, enterprise-grade infrastructure for Crownpeak’s cloud content management platform.

Adrian tells the incredible tale of one of Crownpeak’s larger health care industry customers who suffered a DDoS attack on their public website on the eve of its annual customer conference. The scale of the attack was enormous – at its peak 86 million concurrent users were hitting the site from attack vectors bouncing off 100,000+ hosts around the world.

The FBI got involved. When it was all over 39 hours later, Crownpeak with the close cooperation of its technology partner AWS had successfully defended the customer in this epic battle (two separate waves, actually). Along the way, Crownpeak demonstrated that our platform can scale to handle 20GB/second in site traffic – 40X the average load. Finally the punchline: you won’t believe what this security response cost (see 47:00 mark!).

Adrian presented with Andrew Kiggins, software development manager at AWS. In the session the co-presenters discussed a variety of techniques using AWS and security solutions from AWS Marketplace to build services that are more resilient in the face of DDoS attacks. They shared battle-tested mitigation techniques such as virtual private cloud isolation, security groups in Amazon Elastic Compute Cloud (EC2), and separation of management and data planes in Elastic Load Balancing (ELB) that can be used either separately or in combination to help improve DDoS resiliency.

Adrian has been a very busy guy. He also recently contributed to the book “Business Process Management for Technology Professionals: Leading IT Executives on Creating Strategic, Efficient, and Flexible Frameworks”, part of the Inside the Minds series published by Thomson Reuters. Pick up your own copy today!