Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks

Signal Sciences is excited to announce the availability of new advanced rate limiting features that extend our customers’ ability to detect and stop abusive behavior at the application and API layer.

Over the past several weeks as part of our early access program, we piloted advanced rate limiting in real-world production environments and stopped major attacks for customers from major retailers with large-scale e-commerce operations, financial services firms with mission-critical applications to major online media companies that stream video content to hundreds of millions of users monthly.

The Value of Intelligent Rate Limiting to Protect Applications

The primary objective of rate limiting is to prevent apps, APIs and infrastructure from being exploited by abusive request traffic, much of it originating from automated bot operators. Stopping this traffic from reaching your app and API endpoints means availability, reliability and a satisfying customer experience.

Up to this point, customers have used the Advanced Rules capability of our next-gen WAF to monitor and block web request traffic that attempts to carry out application denial-of-service attacks, brute-force credential stuffing, content scraping or API misuse.

Advanced rate limiting from Signal Sciences stops abusive malicious and anomalous high volume web and API requests and reduces web server and API utilization while allowing legitimate traffic through to your applications and APIs.

With our new advanced rate limiting capability, Signal Sciences customers can leverage the ease of use, effective defense and precise blocking they’ve come to expect from our next-gen WAF and RASP solution. In addition to out-of-the-box protection, they also gain immediate insight and understanding of the traffic origins and can take granular custom actions by:

• Creating application-specific rules to prevent app and API abuse
• Defining custom conditions to block abusive requests
• Identifying and responding to a real-time list of IPs that have been rate limited
• Taking action on the identified source IP addresses with one click

How Signal Sciences Advanced Rate Limiting Works

Leveraging our award-winning app and API web protection technology, advanced rate limiting provides intelligent controls to reduce the number of requests directed at key web application functions such as credit card validation forms, forgot password fields, email subscription sign-ups, gift card balance checkers and more.

Signal Sciences customers can easily create app-specific rate limiting rules to automatically block traffic or take other actions such as adding an IP address to a block list or white list.

Our technical approach for this new capability was informed by the expertise our company has gained from protecting over a trillion web requests monthly. This experience shows us that web requests that result in application abuse can blend in with legitimate traffic. Signal Sciences advanced rate limiting is designed to identify such traffic and prevent individual IPs from causing app abuse.

Take the next step and effectively stop and manage abusive traffic

We invite you to learn about other common attack scenarios that customers use advanced rate limiting to thwart and how easy it makes stopping and managing the attack origin traffic: download the rate limiting data sheet or request a demo today.

Originally published at https://www.signalsciences.com on March 20, 2020.