Customer Stories / Software and Internet / Israel
Strengthening Protection Against Bots and DDoS Events While Reducing Costs Using AWS WAF with Moovit
Learn how software company Moovit strengthened security against DDoS events and bots while improving visibility using AWS.
75% decline
in DDoS events that require manual intervention per quarter
50% reduction
in data transfer out costs
Overview
Mobility-as-a-service provider Moovit develops the Moovit journey planner app for the web and mobile phones. The app is used by more than a billion people to navigate public transit networks around the world.
Running this kind of service requires a highly secure and resilient infrastructure. However, the increase in the frequency and severity of distributed denial of service (DDoS) events and bots had become a challenge for the company’s existing infrastructure. So, the company turned to Amazon Web Services (AWS) and migrated from its previous web application firewall (WAF).
Moovit built a new security architecture using a range of AWS services, including AWS WAF, which protects web applications from common exploits. Now, the company has strengthened its security posture to gain better protection against DDoS threats and drastically lower data transfer out (DTO) costs.
Opportunity | Using AWS WAF to Secure the Entire AWS Environment for Moovit
Moovit, a subsidiary of Mobileye, is an Israel-based software company that offers an app for navigating across public transit modes, including buses, rapid transit, and more. Moovit’s app is powered by its public APIs, but that availability increases the risk of bot and DDoS events. “We needed a solution that was both public and secure,” says Eli Rapoport, chief information security officer at Moovit. The company was using an external load balancer and a WAF from a third-party provider. However, with bots and DDoS events becoming more frequent and severe, the company was looking to enhance security and resiliency.
Moovit has been using various AWS services for years, and it decided to migrate to AWS WAF to take advantage of AWS WAF Bot Control, which provides visibility and control over common and pervasive bot traffic. “Expanding the coverage and making sure all public-facing endpoints are protected by a WAF was much simpler to achieve using AWS WAF than the previous solution,” says Rapoport.
Then, Moovit began using Amazon CloudFront, which securely delivers content with low latency and high transfer speeds, as its content delivery network. Now, all requests reach Amazon CloudFront first, while AWS WAF and its load balancers defend against any unwanted traffic. Next, Moovit adopted AWS Shield Advanced, which provides higher levels of protection against events targeting applications on AWS. The company configured automated rules through AWS Shield Advanced that learned the normal patterns of API use. Now, those rules detect anomalies automatically to proactively block DDoS threats.
Most of the migration was done within 1 month, and the entire project was completed in 2 months. “We migrated to AWS WAF because of the ease of using it and its excellent integration with our cloud environment,” says Rapoport.
By using AWS WAF, Amazon CloudFront, and AWS Shield Advanced, we’re proactively defending against malicious bot activities and DDoS threats.”
Eli Rapoport
Chief Information Security Officer, Moovit
Solution | Cutting DTO Costs in Half Using Amazon CloudFront
On its new architecture, Moovit can more effectively handle malicious bot traffic and protect its cloud environment. The company has seen a 75 percent decline in DDoS events that require manual intervention per quarter. It can also take advantage of DDoS cost protection, 24/7 access to the AWS Shield Response Team, and threat intelligence feeds using AWS Shield Advanced. “The ability of the AWS Shield Response Team to come into an incident and take an active part in the response was very important to us,” says Rapoport. “The team provided us with high-quality recommendations when we were faced with a DDoS event.”
With customers around the world, Moovit used to incur high DTO costs with its external load balancer. Because Amazon CloudFront is available around the world, customers now get data from the region that’s closest to them. As a result, the company has reduced DTO costs by 50 percent.
Another priority was protecting against data scraping. The company has found that the AWS WAF Bot Control feature intercepts more data scraping attempts than its earlier security solution. And whereas the old system could protect against simpler DDoS events, AWS WAF Bot Control can stop more sophisticated events, such as when outside parties use IP addresses of good repute or change parameters between requests.
Meanwhile, Moovit has more visibility and observability into its infrastructure. “It’s much simpler to understand your security coverage when you’re using AWS WAF instead of an external solution,” says Rapoport. The company has enhanced log analysis for specific events that it wants to look at more closely. It has created dashboards tailored to specific needs using AWS and other third-party tools for observability. Now, Moovit’s teams are using the logs to identify and investigate production issues.
The customers who depend on Moovit’s services are seeing benefits too. “We saw a big reduction in latency for our users, especially in regions in Latin America,” says Rapoport. Moovit uses Amazon CloudFront caching to enhance application performance by speeding up response times. In addition, DDoS events can’t overwhelm Moovit’s load balancers because Amazon CloudFront and AWS WAF stop the requests before they reach that point. That, in turn, improves the availability of Moovit’s applications.
“In our pursuit of a robust security framework, AWS stood out as the clear choice for our security enhancement,” says Rapoport. “By using AWS WAF, Amazon CloudFront, and AWS Shield Advanced, we’re proactively defending against malicious bot activities and DDoS threats. Our users’ safety remains paramount as we navigate the digital mobility landscape.”
Outcome | Continuing to Prioritize Strong Data Security and Resiliency
Moovit has been using this security setup since the summer of 2023. The company is exploring innovative technologies, such as generative AI, and is planning to increase its use of AWS for an even stronger defense against bots and DDoS threats. “With this migration to AWS, we improved our DDoS and data scraping protection capabilities,” says Rapoport. “We achieved significant cost reductions and streamlined the management of application security components. It’s been very successful.”
About Moovit
Moovit provides mobility-as-a-service solutions, including branded apps and mobile fare payments, AI-powered mobility solutions, and more. It also runs the Moovit navigation app in more than 3,500 cities.
AWS Services Used
AWS WAF
AWS WAF helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
Amazon CloudFront
Amazon CloudFront is a content delivery network (CDN) service built for high performance, security, and developer convenience.
AWS Shield Advanced
In addition to the network and transport layer protections that come with Standard, Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, and integration with AWS WAF, a web application firewall.
More Software and Internet Customer Stories
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.