Company Background

eToro empowers more than 2.75 million users in more than 140 countries worldwide to trade currencies, commodities and stocks through an online and mobile investment platform. Users can tap into eToro’s active community to connect with other traders and make smarter investment decisions.

The Business & Technical Challenge

As the world’s leading social investment network, eToro processes thousands of transactions every minute. To support its diverse operations, the company operates a complex IT environment comprising multiple HTTP/HTTPS sites, mobile apps, social networks, cashier systems and proprietary APIs (both web-based and application-based). eToro’s infrastructure is based on a highly secure, available and redundant environment designed to maximize system uptime for online traders worldwide.

In July 2014 eToro’s infrastructure experienced a massive network DDoS attack on a full C-class of IP addresses. The volume of traffic in this attack overpowered eToro’s defenses, and even caused serious connectivity issues with its ISP. As a result of the attack, eToro’s trading systems were completely down.

Based on the magnitude of this DDoS attack, eToro needed a solution that could be activated for an entire subnet and that was able to safeguard its services against both floods of web traffic and Direct- to-IP DDoS attacks. Moreover, as its infrastructure was still “under fire”, it required an anti-DDoS solution that could be onboarded immediately.

“As the largest social trading community today, with millions of people trading at any given time, our company cannot afford disruptions in service,” said Johnathan Assia, CEO of eToro. “As such, we required a solution that could mitigate both network level and application level DDoS attacks against our multi-faceted infrastructure. Transparency of mitigation was another key factor, ensuring that our users’ online experience is not impacted even under abnormally large DDoS attacks.

The Solution

With these needs in mind, eToro contacted Imperva about its Incapsula Infrastructure Protection service. This on-demand service leverages Border Gateway Protocol (BGP) routing to safeguard critical network infrastructure from volumetric and protocol-based DDoS attacks, such as UDP, SMTP or SYN Floods, executed directly or via DNS/NTP amplification. The solution protects all core services (web, email, FTP) from DDoS attacks, as well as protecting against direct-to-IP attacks.

Using BGP announcements (the mechanism used to route traffic across the Internet), traffic to eToro’s sites was re-routed from eToro’s ISP to the Incapsula network scrubbing centers. Within half an hour, all incoming traffic to eToro’s IP ranges was being routed through Incapsula for inspection and filtering. Legitimate traffic is securely forwarded to eToro’s network using GRE tunneling. Outbound traffic continued to flow normally via eToro’s ISP.

In addition, to protect its websites and applications against application level attacks, eToro onboarded the “always on” Web Site Protection service. This service uses sophisticated security rules and challenges to identify and filter out malicious HTTP/ HTTPS traffic.

“Our Infrastructure Protection service is designed for seamless on-demand onboarding. With the GRE tunnel in place, BGP routing is used to activate and deactivate the service on- the-fly, allowing our customers to quickly and easily respond to any type of DDoS attack.”

Johnathan Assia, CEO at eToro: “To address both network and application level DDoS threats, we have boosted our collaboration with Imperva to make sure we are prepared for the most persistent and sophisticated attack scenario. We are implementing their state-of-the-art anti-DDoS solution across our production environment, from infrastructure to web applications. In fact, immediately following implementation of the Incapsula solution, we were able to transparently mitigate additional attempts to attack us with zero business disruption to our users.”

Results and Benefits

Incapsula is now an important component of eToro’s security infrastructure. By using Incapsula’s Infrastructure Protection service, eToro achieved concrete benefits:

Comprehensive DDoS Protection

Blanket DDoS protection for multiple protocols and services (HTTP/HTTPS, UDP/TCP, SMTP, FTP, SSH, VoIP, etc.), as well as effective protection against direct-to-IP DDoS attacks

Highly resilient

The Infrastructure Protection service is built on top of Incapsula’s global network of high powered data centers. Route advertisements are propagated from all data centers to create a “many-to-many” defense for incoming DDoS attacks.

Simple and fast implementation

Protection is enabled on-demand for entire subnets using BGP announcements, allowing customers with many origin IP addresses to quickly and easily mitigate attacks. Activation is performed using a simple on/off settings button.

Unhindered Visibility

Legitimate incoming traffic passing through the Incapsula network is unaltered to ensure source IP address visibility remains intact.

24x7 Managed Security Service

Incapsula’s experienced security engineers are available around-the-clock to ensure optimal Web Ops - from system configuration to incident response and policy tuning.