Company Background

With over 3.2 million registered users, Indiegala is a leading digital distribution platform for online games. Through its website (www.indiegala.com), Indiegala offers over 2,000 different titles from indie developers and publisher partners at the lowest prices on the market.

One of the busiest bundle sites on the web, Indiegala’s website and e-commerce operation supports average monthly traffic volumes of 2.5-3 million user sessions while processing 85,000 payment transactions per month.

The Business & Technical Challenge

To support its business operations, Indiegala built its network infrastructure on Google Cloud. While this robust platform includes some basic security features, it lacks the specialized security focus needed to counter today’s sophisticated web threats and DDoS attacks.

“Due to the competitive nature of our business, we had to assume that at some point we would become the target of a malicious attack that could disrupt our business,” said Riccardo Rosapepe, co-founder of Indiegala. “While we felt confident that Google Cloud minimized the risk of large network level DDoS attacks taking down our website, we still needed web application security to protect us against targeted attacks looking to compromise our clients’ account information as well as our own business assets.”

To address its security requirements, Indiegala sought a solution that would give it visibility into its application traffic and enable it to filter its incoming requests. It needed a tool with the granularity to block malicious bots and web threats without interrupting the user experience of its legitimate visitors. At the same time, Indiegala required the flexibility to create customer security rules and maintain blacklists to block unwanted traffic based on IP address, country, client type or any other parameter.

The Solution

Based on recommendations from IT security experts, Indiegala decided to evaluate Incapsula as well as a few other website security vendors.

It didn’t take long for Indiegala to realize that the cloud-based Incapsula service was the most appropriate solution for its needs. Not only does Incapsula offer an industry leading Web Application Firewall (WAF), the entire service is built on top of a global CDN for full site acceleration. Indiegala is currently using Incapsula to secure its website from all types of web threats, including application level DDoS attacks.

As is common in the e-commerce and gaming industries, over the years Indiegala has experienced numerous bot attacks aimed at trying to access protected sections of the website with malicious intent. Some of these were simply brute force attacks aimed at stealing client account information, while others were aimed at stealing software keys that would have allowed the perpetrators to download games for free. The Incapsula WAF identifies and blocks these types of attacks out of the box. In addition, using the IncapRules feature, Indiegala has set up custom security rules to block requests from certain IPs that exceed a pre-defined rate.

After deploying the Incapsula solution, Indiegala was targeted by two large network level DDoS attacks, the largest reaching 17.8 Gbps. These attacks were mitigated by the always-on Incapsula DDoS Protection service without affecting the site’s operations. “Our visitors had no perception of the DDoS attack and no one here even realized we were under attack until we saw the traffic statistics on Incapsula,” added Rosapepe.

“Today’s website operators, particularly in the e-commerce and gaming industries, face complex security threats such as automated bot access, malware injection and DDoS attacks on a daily basis,” said Marc Gaffan, General Manager for the Incapsula service at Imperva. “Incapsula offers a cloud-based, enterprise-grade solution that allows Indiegala to protect its business operations without compromising site performance and user experience.”

Results and Benefits

By using the Incapsula website security and acceleration service, Indiegala has achieved concrete benefits:

Safer and better business – Enterprise-grade WAF protects Indiegala’s sensitive business information from application attacks, allowing the IT team to focus its efforts and resources on business support

Improved performance – By using the Incapsula CDN and by filtering out unwanted bot traffic, Indiegala has been able to accelerate its website and improve the user experience

Zero downtime – DDoS attacks are mitigated by Incapsula before reaching Indiegala’s servers, ensuring business continuity while reducing Indiegala’s bandwidth costs

Transparent mitigation of application level DDoS attacks – Incapsula protects Indiegala’s website application from DDoS attacks without any impact on its user base