Radware has helped leading Turkish bank Garanti BBVA maintain availability and security during two major crises in the past six months - a history-making volumetric attack followed soon after by the disruption associated with the COVID-19 pandemic.
“The customers of financial services organizations demand availability and a sense of normalcy even in unpredictable times,” said Anna Convery-Pelletier, Radware’s Chief Marketing Officer. “Our twenty-year relationship with this bank is a case study in Radware’s track-record of continuous innovation to match new technology demands while also maintaining high levels of support.”
In October 2019, Radware helped Garanti BBVA maintain service level availability as massive DDoS attacks disrupted internet access throughout Turkey. During the campaign, the bank faced a 700-900 Mpps volumetric attack that lasted approximately 36 hours.
More recently, Radware helped the bank maintain compliance with stringent Turkish security regulations on financial institutions as it managed a dramatic increase in the number of remote employees in response to the COVID-19 pandemic. The increase in remote employees led to a sharp and immediate rise in external traffic to the bank’s network. To ensure that legitimate users weren’t blocked, Radware appliances and a team of expert support staff were able to dynamically adjust traffic thresholds using Radware’s attack mitigation system to avoid false positives.
“Radware’s attack mitigation allows us to sleep at night,” said Cihan Subasi, IT Security Operation Unit Manager for Garanti BBVA. “At the beginning of each attack it saves our critical initial attack downtime before the cloud services kick in, saving us four to five minutes of downtime for each attack, and when you multiply that against an average of 20 events a year, it’s a significant saving.”
Garanti began using Radware’s Alteon® line of enterprise application delivery controllers and load balancers nearly two decades ago. Today, Radware protects Garanti’s on-premise data centers and its more than 500 mobile and internet hosting sites, from an array of attack vectors that include DDoS assaults, Layer 7 attacks, HTTP/S-based attacks, and volumetric assaults. The bank’s application and microsite hosting infrastructure are often struck by UDP-, NTP amplification-, LDAP injection, and DNS-based attacks as well.