How to Fight Cyberattacks with Pantheon's Security Tools

Learn how one company managed to mitigate malicious attacks with Pantheon’s security tools.

It was an early morning in October when a sysadmin woke up to some odd behavior on the sites he manages. He noticed some websites were incredibly slow while others were receiving more than 15 times their usual traffic. The sysadmin quickly suspected a cyberattack might be underway. He was correct, but what he didn’t know was that he’d be fighting this sophisticated attack for months to come. 

If this reads like the opening paragraph of a spy thriller, in many ways it is. Except it’s real. The US is one of the top targets for cybercriminals. From large oil companies operating pipelines to small regional hospitals, no company or government agency is safe from cyber threats. Many institutions with outdated technology or infrastructure, as well as small and medium businesses with no cybersecurity plans (or the budget to develop them), will fall victim to cyberattacks every year.

Image

And the situation only became more pronounced during the pandemic, as companies broadened access beyond more secure WANs and LANs to facilitate remote access from employees’ homes, increasing the surface area for would-be attackers. 

The story is no different for our real-life sysadmin who worked for a state agency under attack at the time. They asked to stay anonymous for this story. 

The sysadmin identified the threat coming from Eastern Europe and dove into banning IP addresses as the first line of defense. He spent four hours attempting to shut down malicious traffic only to wake up the next day to a new batch of sites under siege from SQL injections (a common attack vector to harvest names, passwords or some other PII from hosted databases).

In real time, the sysadmin was watching an avalanche of attacks roll across dozens of his web properties. Entire sites were incapacitated freezing work of many departments. The sysadmin and his team of two developers were clearly no match, and he needed a hosted service to help manage security, performance and reliability. He knew that choosing Pantheon to host the 60 sites his agency runs was the right decision.

"These are government sites. Hackers were probably thinking there was going to be some critical public data or records they could mine and then expose,” he said.

In December, his agency subscribed to Pantheon’s Advanced Global CDN (AGCDN) + WAF/IO service, which helped the sysadmin fight the attacks at scale. AGCDN has many features, from IP Allow/Blocklisting to Domain Masking. The rate limiting feature became his first line of defense. This edge configuration allowed him to place limits on the request volume at the network perimeter and successfully block malicious traffic. 

“We no longer needed to look through all the IP addresses, just the spam behavior,” recalled the sysadmin. His agency was able to guard critical assets such as logins and forms by adding this additional layer of security to their sites. The Geofencing/Geolocation Edge Control was also really helpful. 

We started blocking all the sanctioned countries right away, such as North Korea, Iran, etc. And now we've blocked parts of Ukraine and Russia, which were responsible for the traffic spike earlier this year.” 

- Sysadmin of the compromised sites

The sysadmin was using Pantheon’s New Relic tools to monitor page load speeds as an indicator of new attacks. “For example, I will get an alert if the user is experiencing a 12-second page load instead of two seconds,” he said.

The sysadmin credits Pantheon’s AGCDN Rate Limiting feature with a 94% decrease in malicious traffic across the affected sites. A cyberattack that turned into weeks of manual cyber combat was resolved almost instantly. 

Globalization and advances in consumer technologies created a cybercrime industry that scales easily and fast. No target is too small. Pantheon prides itself on the best prevention technologies. Global CDN is included free of charge for all Pantheon customers. Advanced Global CDN provides enterprise-level security and risk mitigation in this highly volatile cyberspace.