Melbourne Airport has deployed Cloudflare’s web application firewall (WAF) and moved its network perimeter to Cloudflare’s global network edge to protect its multi-layered IT environment and public-facing network against DDoS attacks.
Chief information officer Anthony Tomai said that maintaining visibility and implementing integrated security solutions was a serious challenge because the airport relies on a diverse variety of IT-supported services to serve its 25 million annual passengers and work with its 40 airline partners.
“The entire airport is a broad technological ecosystem that supports a vast mix of enterprise and operational systems. I can’t understate its complexity,” Tomai said in a statement.
Melbourne Airport’s head of cyber security Cheuk Wong added that another challenge the team faced is the number of network users.
“When you add free public wi-fi into the mix, over 100,000 people connect to our network daily,” Wong said.
Melbourne Airport began its partnership with Cloudflare by testing the security vendor’s WAF; it trialled rulesets by logging traffic on a small group of hostnames before activating WAF rules across its entire system.
Incident response manager Evan Thomson said the airport “quickly strengthened our protections for our publicly facing assets” in doing so, “securing our externally exposed URLs and restricting problematic traffic from inappropriate international sources.”
Cloudflare’s WAF also boosted Melbourne Airport’s visibility of its network and made it easier to modify its protection policies, the company’s security team said.
After deploying the WAF, Melbourne Airport said it was prompted to further invest in DDoS mitigation “when recent creditable cyber threats were publicised in the world media”.
The company moved its network perimeter to the Cloudflare global network edge in 36 hours using Cloudflare’s Magic Transit solution.
Magic Transit protects companies’ IP networks from DDoS attacks and accelerates their network traffic by using Cloudflare’s content delivery network and employing standards-based networking protocols for routing and encapsulation.