Improving DDoS Attack Response Using AWS Shield with Bitbank

Bitbank was founded in 2014 and provides trade data, charts, and technical analysis tools to nearly 600,000 users in Japan. The company started as a cryptocurrency exchange and is preparing to expand its services into other regions. As customers keep their digital assets with the company in the form of digital wallets, security has always been of high importance to bitbank. But its workflow to accomplish this wasn’t efficient. Each time the company discovered a DDoS attack, it had to decide how to respond, gain internal approval from the chief technology officer, and then implement a response. With DDoS attacks on the rise and nearly 440,000 DDoS events recorded in the first half of 2022, bitbank wanted to improve its response time and make sure its services stayed available so that customers would not have any loss of opportunity and bitbank would not lose out on revenue opportunities. Furthermore, it is vital to comply with Financial Services Agency regulations and take further measures to keep private keys to digital wallets safe.

Bitbank is cloud native and has been using AWS services since its inception. After evaluating various cloud service offerings, the starting company chose AWS. “AWS stood out because of the range of services, strong documentation, and high quality of support it provides,” says Shogo Ishikawa, infrastructure engineer at bitbank. To keep its origin server protected from traffic, the company uses Amazon CloudFront, a content delivery network service built for high performance, security, and developer convenience. The company used this solution to reduce pressure on the regional server by sending responses from the edge cache.

To make the distinction between an increase in natural traffic and a DDoS attack, the company uses AWS Shield Advanced. Now, whenever the company identifies an attack, bitbank teams follow a predetermined process that no longer needs additional approval. Furthermore, the company has access to support from the AWS Shield Response Team whenever a security event arises. Bitbank began the implementation of its new process in 2022 and completed the majority in October 2022.

Bitbank received support from AWS Enterprise Support, 24/7 technical support from high-quality engineers, and other AWS teams for this redesign of its DDoS attack response workflow. During this transition process, bitbank was alerted to the threat of a DDoS attack. The company took action immediately and, alongside the AWS team, switched to AWS Shield Advanced and made the necessary configurations to prevent the attack from happening—all within a few hours. To automate many of the configuration tasks for its new response workflow, bitbank chose AWS CloudFormation, used to model, provision, and manage AWS and third-party resources by treating infrastructure as code. “The biggest advantage of AWS-managed services is that we can automate processes for our operations,” says Shogo Ishikawa. “Being able to achieve secure attack detection without needing to scale up personnel is an advantage for small-scale organizations.”

Bitbank also uses AWS WAF, which businesses can use to protect themselves against common web exploits and bots that can affect availability, compromise security, or consume excessive resources. The company uses AWS WAF to make rules changes in its firewall as situations and needs change. Bitbank redesigned its response workflow for DDoS attacks and, as part of the process, upgraded AWS WAF and changed from AWS Shield Standard to AWS Shield Advanced, which is tailored to help protect against sophisticated DDoS events on more layers of an application.

With the new DDoS attack response workflow, bitbank is secure in the availability of its services and its ability to respond to and mitigate any DDoS attacks. “Using AWS Shield Advanced and the new processes we have in place, we have the peace of mind to focus on our other work,” says Kensuke Ota, manager of the infrastructure security team at bitbank. The new workflow is also much faster in responding to DDoS attacks because it does not involve additional permissions to take effect. When a DDoS attack is detected, bitbank can begin following the predetermined mitigation process immediately. This safeguarded availability of service for bitbank results in direct benefits to its customers. End users experience no loss of opportunity for trading during DDoS attacks because the new process is quick to deal with them, making sure there is no loss of availability of services for customers.