Major Bank Validates Resilience Against a 500 Gbps DDoS Attack Through Testing and Resilience Engineering

The Challenge

A major retail bank operating an online banking platform faces growing DDoS pressure, including volumetric floods and application-layer attacks. With millions of customers relying on 24/7 access, even brief disruption can create financial loss and reputational impact. The baseline edge capacity is assumed to be ~100 Gbps, leaving exposure to larger attack volumes and multi-vector events.

The Approach

• Conducted an infrastructure assessment to map likely attack vectors and bottlenecks
• Reviewed traffic baselines and typical DDoS patterns (volumetric + L7)
• Designed a multi-layer defense architecture using Amazon Web Services (AWS) protections (e.g., Shield Advanced, CloudFront)
• Defined monitoring, detection thresholds, and automated response playbooks
• Validated the design through scenario-based testing, including high-volume simulations and mixed traffic conditions

Implementation (example reference architecture)

• Enabled always-on DDoS protection (e.g., Shield Advanced)
• Configured CDN and edge controls (policies, rate limiting, and protections for common abusive patterns)
• Applied WAF rules to reduce application-layer attack impact
• Implemented 24/7 monitoring and alerting with automated response actions where feasible
• Conducted team readiness sessions and runbooks for attack handling and escalation

Outcomes (representative)

• Validated the ability to withstand a 500 Gbps-class simulated attack without customer-visible downtime during controlled testing
• Reduced detection time from minutes to seconds through tuned thresholds and automated alerting
• Established a measurable resilience baseline (SLOs, thresholds, and response playbooks) and a prioritized roadmap for ongoing reinforcement