FourBank protects its applications and APIs against DDoS attacks by adding a programmable security layer at the Edge
Creating a digital bank to offer high-quality, personalized services to clients requires a know-how that not all companies in the financial sector have. At these times, FourBank emerges as the ideal partner to get plans off the ground with speed and simplicity.
“FourBank is a Banking as a Service (BaaS) that offers a system for creating internet banking, backoffice, and more, and we use our own structure to provide the service to customers”, explains the company’s DevOps Engineer, Wellington Terrão.
With FourBank growing at a fast pace, optimizing security has become an increasingly recurring issue in the company’s corridors due to the current cyberthreat landscape, in which attackers have been innovating, adapting new techniques and launching large-scale attacks, as pointed out by Jefferson Bornhausen, IT Director at FourBank.
“The concern with security, especially in the field in which we operate, has increased due to the number of incidents in the market, which affects both marketing and financial issues. Security of what we are delivering has always been a crucial point.”
As FourBank’s security experts had to deal with increasing DDoS attacks, a plan to eliminate vulnerabilities in the network and application layers was started. The goal was to create a robust and modern defense, overcoming the security limitations of the cloud provider.
Migrating FourBank’s legacy solutions to Azion’s Edge, according to Wellington Terrão, was immediately promising. That’s because the goal was to add an intelligent, programmable layer of security to protect their applications and APIs, something that even the world’s largest cloud provider doesn’t enable them to do.
Using Azion Edge Firewall and its Web Application Firewall (WAF) and Network Layer Protection modules, building firewall rules to fulfill specific functions, such as mitigating DDoS attacks on APIs, became not only possible, but a task that FourBank’s DevOps team can easily perform.
“We implemented a network control to prevent a DDoS attack from increasing the load within an API. In practice, we established a limit on simultaneous requests to URLs and also limited them to a context that we predefined – otherwise, the user is blocked”, details Wellington.
As a provider of financial solutions and owner of other institutions in the sector, such as PAGME, FourBank has to follow market regulations, such as LGPD (General Data Protection Law) and PLD (money laundering prevention) policies. In terms of compliance, Azion’s Edge brings opportunities for FourBank to strengthen its policies, including:
- access data collection and ensuring end-to-end encryption on connections directly to cloud infrastructure;
- building test environments to simulate security scenarios to ensure the effectiveness of firewall rules before putting them into production; and
- automation of an Incident Response Plan.
To ensure the best experience with Edge, Azion engineers provided all the necessary support to the FourBank team, presenting the platform’s features that, according to Wellington, are essential today for formulating data-driven strategies.
“Azion’s support team gave me a great lesson on how the platform works, how to analyze incoming request data to build stronger WAF rules in response to those events, which helps us to improve the restrictions always taking into account that our client cannot go offline.”
Results and impact
“When everything started to travel through Azion, we gained a better understanding of everything that happens in the applications, enabling us to make action plans to deal with certain situations if they appear”, says Bornhausen.
Another relevant impact is access control by geolocation. In just a few clicks in Real-Time Manager, FourBank engineers made security even more proactive and preventive, creating blocklists made up of countries whose traffic is unfeasible for business and poses risks to the platform.
A key reason that led FourBank to tighten security was the ever present threat of DDoS. DDoS attacks are now mitigated by Azion’s firewall rules and DDoS Protection, which filters the most massive and sophisticated attacks without impacting good requests.
“We had contact with some players until we chose Azion to carry out a proof of concept, which was very successful and gave us positive feedback. The processes of uploading the environment and starting to use the benefits of the solution were fast, and the readiness of the Azion team to solve the problems made us very safe at every step.”
Jefferson Bornhausen, IT Director at FourBank
“Azion’s team was essential in the implementation process and was always willing to make a call to solve our problems. Once, we noticed something wrong with the application; I called the Azion people and, in a call of a few minutes, engineers detected what was missing in the settings and everything was fixed.”
Wellington Terrão, DevOps Engineer at FourBank
FourBank provides technology and expertise in the financial system and cooperative financial institutions, focused on the best market practices and on products with quality and reliability. With more than 15 years of expertise of its professionals, FourBank was born from the investment of its partners, who observed that the Financial System demanded specialized technological solutions and services in the financial area.