U.S. Federal Agency

U.S. government agency eliminated DDoS attacks with help from Cloudflare

Challenge: Defending U.S. government agency against sustained DDoS attacks

In the spring of 2023, many U.S. government agencies were the target of ongoing distributed denial-of-service (DDoS) attacks. These attacks were relentless, lasting more than a month and a half and prompted CISA guidance on best practices for DDoS attack mitigation.

Despite having DDOS protection from its ISP, A US Government agency was under siege. Since the attacker targeted the DNS server — making many requests for non-existent sites on the organization's domain — both internal and public-facing applications were impacted by the attack.

Solution: Cloudflare DDoS protection eliminates DDoS attack traffic

When under attack, speed is of the essence. Cloudflare deployed DDOS protection in a matter of days, preparing behind the scenes so the work could commence as soon as the paperwork was complete. The work began on Friday and continued through the weekend as various organizations replaced their cached data with new DNS entries. By the end of Sunday, all traffic to the agency’s systems passed through Cloudflare’s network, and the attack traffic dropped to zero.

The agency's CISO had requested traffic logs from their ISP to track the volume of attack traffic and the amount being blocked. Once Cloudflare was in place, he saw the attack traffic rapidly drop to zero, as the attack traffic was blocked before it even reached the ISP's systems.

Implementation: Restoring normal operations and offering new security opportunities

Restoring operations was critical to preserving the agency's reputation and citizen services. The weeks-long DDOS attack had crippled the performance of critical public-facing applications and had significant operational impacts. In addition to forcing remote workers to return to the office due to overloaded VPN servers, the attack generated a large volume of IT help desk tickets as users struggled to access various applications. While under attack these tickets diverted resources from other IT priorities; normal levels were rapidly restored after Cloudflare’s defenses were in place.

Moving the agency's infrastructure behind Cloudflare added another layer to its defense-in-depth strategy. Previously, IP filtering was performed by firewalls located at the perimeter of the agency’s network. With Cloudflare WAF in place, the organization blocked this traffic before it ever reached its systems, reducing the potential impacts of DDoS and other attacks.

Impact: Helping at every step along the way

After over a month of ongoing attacks, Cloudflare's rapid remediation was key to the agency restoring operations and preserving the citizen digital experience. According to its CISO, “We were under attack, and Cloudflare was there for us every step of the way. That’s the kind of service that you remember for a long time.”