Overview

Betfred is the 4th largest bookmaker in the UK with over 10,000 employees. Headquartered in Warrington, England, the company operates over 1,650 bookmaking shops with another 51 shops located on racecourses throughout the UK. Betfred also runs one of the fastest-growing digital gaming platforms through Betfred.com and numerous other domains and mobile applications.

Challenges

Significant Proportion of Bad Bot Traffic

On some Betfred domains, the volume of bad bots was as high as 87% of all web traffic. This took significant hours of IT team’s time to mitigate while also wasting bandwidth and infrastructure resources. “The impact on the backend systems was immense,” said Shaun Clark, Head of Infrastructure. “We did have a DDoS protection layer and our WAF, but they only do so much. We found that the attackers were constantly changing the attack vector, so each time we would put something in place, they would circumvent it within a number of weeks.

High Frequency of Account Takeover Attacks

The main problem was the amount of brute force credential stuffing attacks. At its peak, there were 30 brute force credential stuffing attacks on login pages in a month. And the worst was when there were seven in one day. “After a big breach, someone exposed a list of around a billion usernames and passwords and they were used across websites in the UK.” said Carl Johnson, Director of IT and Change. “During that time, there were so many credential stuffing attacks—we had to find a solution to stop them.”

Application Denial of Service from Infrastructure Strain

“Back-end systems were busy around the clock and the CPU utilization of our IPS/IDS were around 40% dealing with normal traffic,” said Shaun Clark. “But depending on the nature of the attack, it could certainly bring the mobile app or the website offline for a certain amount of time.

While we were getting that attack, it would significantly slow it down. There were some instances where we couldn’t mitigate the attack. And to protect the customers, we put the maintenance pages up, which meant that we weren’t taking any revenue at that point.”

Inconsistent Mitigation Strategies

The bot problem was one that Betfred tried to tackle internally, using other tools like their DDoS, WAF and IPS/IDS. But soon realized those tools were not built to deal with a sophisticated bot operators who could easily circumvent traditional security solutions. “We tried IP
blocking, country blocking, rate limiting, and other techniques, but none of it worked,” said Shaun Clark. “We needed an expert at stopping Bots.”

Team Resources Stretched Thin

The IT Security team was spending too much time dealing with bots. “Our security team was spending a lot of time mitigating attacks. It was a real resource drain. Even if attacks weren’t successful, we had to go through our full security incident reporting compliance process”. This process could involve up to 35 team members to complete. “You can imagine the amount of time that took up,” said Shaun Clark.

Aggressive Unauthorized Scraping of Betting Odds

Bots are used by nefarious competitors to scrape betting line data, perform electronic arbitrage, and create an unfair playing field in the market. Worse still, aggressive web scraping can also lead to application denial of service, and a poor user experience. According to Carl Johnson, “If someone scores a goal, we get that information in real time, and it’s automated in our backend system, and the actual orders are automated as well, which means that we can operate really, really quickly. And it cost us money to operate those services. What we were finding is, people were using our websites to harvest those odds data with bots and they can use that information to their advantage elsewhere without paying us for the feed.”

Vulnerability Scans Looking for Weaknesses

Intrusion prevention system overworked trying to block access from scanners looking for exploits. “We were seeing these security scans, trying to look for holes. Our IPS was struggling to deal with them,” said Shaun Clark.

The Result

Imperva Selected over Akamai

Betfred wanted a solution that would dynamically block attacks and remove the analysis and manual efforts from their team so they could spend more time on other projects. After discussions with Akamai, Clark decided to go with Imperva Bot Management, “What we found with Akamai is that we didn’t feel we had that personal touch. It seemed like they were a CDN playing at bot mitigation.”

Easy Integration with Imperva

Betfred use Imperva’s Private AWS Cloud and Verizon Edgecast as its CDN. Commenting on integrating with Imperva, Shaun Clark said, The integration was pretty seamless. We were integrated within a week with absolutely no issues. So, now, we just point our host names to the AWS
platform. It was as easy as that.”

Reduced Traffic to Website by Half

Defense for Web, Betfred began to see a significant reduction in traffic. According to Shaun Clark, “Once we put Imperva Bot Management into CAPTCHA mode, and started dropping some of those connections, we halved the requests to our website within four weeks. Before we received about 40 million page requests per day, across our digital platform. With Imperva it is down to 15 to 20 million.”

Dramatic Reduction in Brute Force Credential Stuffing Attacks

From the peaks of multiple attacks in one day, Imperva has removed the time and effort spent on mitigating the constant credential stuffing attacks. While these attacks still occur, their impact is minimal. “Prior to using Imperva Bot Management, we were seeing up to 30 attacks per month. We’ve only had two instances of attempted brute force attacks since we installed Imperva. In both cases we were able to mitigate the issue within seconds rather than hours.” said Shaun Clark. “Imperva bot management now takes care of it automatically without us being involved.”

Less Infrastructure Strain

The impact on the backend systems was immense,” said Clark. Once we turned on blocking with Imperva bot management, we saw resource utilization drop across the whole website stack and we saw a lot of improvements to the backend.” Betfred has an IPS/IDS system in place
behind its DDoS protection layer, but in front of the website. “Once we put Imperva Bot Management in, it just stopped doing any work whatsoever.” said Shaun Clark. “Previously, our backend systems were probably operating at around 40% of CPU utilization. Post putting Imperva bot management in, we’re operating around about 3-4%.”

Prevented Downtime During Biggest Event of the Year

Peak events like a big sporting event can also cause infrastructure problems. The combination of increased volume from people placing bets added to the constant amount of bad bot traffic, can cause availability issues and potential downtime. The annual Grand National horse race in the UK is one such event. According to Shaun Clark, “The Grand National is always one of our biggest peaks. Every year we have to monitor connections to make sure people can get in. It is like a DDoS, but with legitimate human traffic. After installing Imperva bot management, this is the first time in ten years where we didn’t reach our threshold and have any downtime.”

Eliminated Unauthorized Scraping of Real-Time Betting Odds

Aggregator services are allowed to scrape Betfred’s betting odds to offer a comparison of available odds. Typically, the aggregator has a business arrangement with Betfred to allow this scraping. But some services perform unauthorised scraping effectively stealing Betfred’s
data without permission. According to Shaun Clark, “When we first put Imperva Bot Management in, we actually found a user agent from a company that we didn’t have a business relationship with, they were scraping us anyway. Imperva gave us the visibility to see it and contact that company to put a stop to it.”

Strong Analyst Managed Service Support

The service from the Analyst team has been excellent. They are always eager, motivated and committed. I text or slack with the team almost every day. I expected that service level to have dropped at this point. But it hasn’t. It’s something that you don’t get with other vendors. You tend to see everything great and rosy during implementation, and everyone’s your best friend up until you’ve purchased the product, and then you have to go through the normal support process. It’s over 12 months since we started this process and nothing’s changed, which is good,” said Shaun Clark.

No More Ruined Weekends

The major effect of putting Imperva is that it has given the Betfred team more peace of mind that a solution is in place. Inconvenient disruptions have been reduced because there are less incidents around credential stuffing. Shaun Clark added, “It means that less of my weekends are ruined by bot-related emergencies.” Imperva is an important part of the infrastructure. According to Shaun Clark, “We view Imperva Bot Management as a key web security product for us. Imperva being in has allowed me to just forget about security on the website. Not totally forget about it, but it’s parked a problem for me. Imperva has allowed me to focus somewhere else. It’s totally eradicated our bot issues. Sometimes, I forget it’s in place because it’s doing such a good job.”