BookLive uses AWS WAF and AWS Shield to block DDoS events for safer reading on the web

The BookLive service prioritizes reading experience so users can always carry “a comic library” in their hearts. It has delivered over one million copies of free comics and light novels to more than 15 million readers.

The system platform for the store switched from its initial on-premises environment to AWS in 2016 for greater scalability. "We needed flexible infrastructure to expand our services,” says Higano, Manager of the System Development Department at BookLive. “We chose AWS for its wealth of internal and external knowledge and comprehensive service lineup.”

Security measures against cyber-attacks include vulnerability countermeasures at the application layer, suspicious IP address blocking, and vulnerability diagnoses. A decision to launch a massive advertising campaign in 2018 prompted BookLive to examine the strength of its web security.

“We were concerned the increased visibility from the advertising campaign would attract more cyber-attacks,” explains Higano. “DDoS attacks and excessive requests from malicious bots were increasing at the time, and we were worried about service availability and security. We therefore examined web application firewalls (WAF) to prepare for an increase in external access.”

With BookLive running its store system entirely on AWS, the company adopted AWS WAF for compatibility and implemented AWS Shield Advanced to protect against DDoS attacks.

According to Higano, “We were concerned that if we introduced another company’s WAF service, a failure would affect the entire store system on AWS. We decided AWS WAF would ensure high availability and be easy to disable if a failure occurred.”

Conveying the cost-effectiveness of security tools to business executives can be difficult, which makes receiving internal approval challenging. BookLive was conscious of maximizing the effectiveness of security costs with limited resources, so IT managers quantified the amount of damage a cyberattack could cause to encourage executive approval.

“Trying to strengthen security measures indiscriminately can cause cost blowouts, so we followed a ‘select and focus’ principle, determining the scope of application by considering the most important service aspects,” says Higano. “During the internal approval process, we made executives understand the dangers by demonstrating the possible financial losses.”

After deciding on AWS WAF, BookLive conducted a trial and adjusted rules between March and April 2018, and switched to block mode (rule-based blocking) in July after previously testing count mode (detection only).

BookLive has used AWS Shield Advanced since May 2018. According to Furukawa from the SRE Team of BookLive's System Development Department, “Being able to receive support from the Shield Response Team (SRT), an AWS unit specializing in DDoS response, is incredibly reassuring. We were worried about communicating in English, so we devised a method of automatic escalation with boilerplate text.”

With AWS WAF, BookLive can permit and deny specific IP addresses, block access from malicious bots, guard against vulnerability attacks such as those described in the Open Web Application Security Project (OWASP) Top 10, and block access aimed at exploiting PHP vulnerabilities.

The system sends chat messages when AWS WAF detects malicious requests and visualizes blocked requests with a business intelligence tool.

“We can clearly visualize the attacks that occur most frequently,” says Furukawa. “Our business intelligence tool receives regular checks from administrators and automatically notifies us of high-urgency blocks via chat.”

AWS WAF has given BookLive greater control over malicious requests, with the company now blocking an average of six million requests a day. Before adopting AWS WAF, the company blocked suspicious IP addresses using proxies several times a year. However, these events have all but disappeared with the introduction of AWS WAF and less labor is spent on changing proxy settings.

“The advantage of AWS WAF is that it can block attacks at the WAF layer,” says Higano. “This eliminates excessive loads on web servers and makes operations more stable.”

BookLive’s bot countermeasures provide sophisticated protection against high-volume requests with the same IP addresses, reducing approximately 97 percent of requests from malicious bots. The result is a lighter server load and lower error rate.

“This is our first-time visualizing bots, and we’re just getting started,” says Furukawa. “There are still times when web servers are temporarily under heavy loads, and there are search crawlers and generative AI bots, to which we’re deciding our response as we go along.”

BookLive uses AWS Shield Advanced to automatically subdue Layer 3 / Layer 4 DDoS attacks. This solution automatically notifies of top-tier Layer 7 DDoS via chat and escalates support cases to the AWS Shield Advanced team, which cuts employee workloads and provides a sense of security.

AWS WAF and AWS Shield Advanced have significantly hardened the security of the BookLive store system, protecting against cyber-attacks, excessive bot requests, and DDoS attacks.

According to Higano, “The greatest advantage is that we’ve strengthened security while providing customers with a safe and enjoyable reading environment.”

AWS WAF makes it easy to respond quickly to vulnerabilities on the application side, where rapid response is usually tricky due to the code fix es required. Rule updates are also easier, making the system stronger against attacks exploiting new vulnerabilities.

BookLive’s next challenge is to foster internal security awareness. As business continues to grow, employee numbers increase, and security awareness levels become increasingly crucial. The company is now developing a maturity model-based security plan to properly manage employees who are not familiar with AWS.

“As we’re in charge of customers' personal information and the content of authors, publishers, and other stakeholders, we have a duty to ensure that data is protected,” explains Higano. “That’s why we’ll continue to enhance security with AWS services.”