RedShield Enhances DDoS and Bot Attack Protection

RedShield, a web application security service using AWS technology, has introduced a new layer of security in response to the proliferation of ever-more-sophisticated Distributed Denial-of-Service (DDoS) and automated bot attacks. 

The new Third Horizon protection that RedShield is introducing to its service thwarts DDoS attacks by disrupting the attack vector, requiring bad actors to respond in ways that cannot easily be managed by typical automated tools to gain access to a web application. 

“Much of the security industry remains focused on traffic profiling via AI-driven anomaly detection," said Fabian Partigliani, Chief Executive Officer at RedShield. “However, in the last three years automated, bot-driven threats have become both greater in scale and frequency and more sophisticated.

“As a result, traditional anomaly detection alone is no longer enough as a defence. In response to the escalation of DDoS and automated bot attacks, RedShield is introducing the ‘Third Horizon' as the next evolution of DDoS and bot protection.”

When deployed to protect an application, and RedShield’s controls detect suspicious activity, users seeking access to a web application must first provide a valid email address and then verify their identity via a code sent to that address. This adds friction and therefore cost to the attacker seeking to make automated attacks. While this may seem like a familiar two factor authentication approach, Third Horizon comes into play even when there is no existing user account. 

“Third Horizon adds a layer of complexity that bad actors hate because it costs them more time, resources and money,” says Partigliani. “There are no simple technologies available to let them create enormous volumes of fake user accounts and then retrieve and enter verification for each one. An attacker will typically go and find an easier target.”   

RedShield’s protection operates on multiple horizons: 

• Traffic Profiling: Blocking large volumetric attacks and obvious bad traffic. This is "table stakes", necessary but not sufficient given the evolving attacks. RedShield uses "always on" volumetric protection from hyperscale cloud provider, AWS, to provide the best defence.
• Sophisticated Bot Detection: Using advanced techniques to identify and block malicious bots that are trying to look legitimate. This raises attacker cost but is an ongoing arms race – determined attackers will find ways to evade detection.
• Identity and Intent Challenge: When activity looks suspicious or systems are under particular strain, RedShield’s controls can challenge the user, asking for an email address and only enabling access to the site when a code included in an email sent to that address is entered. As mass automated bot attacks cannot readily respond to this challenge at scale, this significantly increases the complexity and cost for the attacker, protecting critical applications while prioritising availability for legitimate users.

According to the Imperva Bad Bot Report, almost half of all 2024 traffic was related to bot activity, with almost one third of the overall global traffic being connected to malicious bots. While attacks of greater than 1 terabit per second (Tbps) grew 1800% globally from Q3 to Q4 last year alone, a bigger concern is their sophistication. Bots mimic humans to take over accounts, scrape data, or overload specific functions like login pages or checkout processes. Attacks target APIs and business logic, putting New Zealand businesses at risks of operational disruption, data theft, and reputational damage.

RedShield’s service applies its three horizon approach and AWS’ global infrastructure to protect organisations from even these latest threats. RedShield’s Third Horizon will be available to customers in the coming weeks, on request, as an additional service for critical applications that need an extra layer of protection.