Robust DDoS Mitigation Strategy Implemented for Multinational Healthcare Company

Executive Summary

This case study describes how SecureKloud is strengthening their customer’s existing Cloud Network Security, enabling 24*7 threat detection through continuous monitoring and eventually protecting their critical application data on their AWS Cloud environment from DDoS attacks.

About the client

The client is a Swiss multinational healthcare company that operates worldwide under two divisions: Pharmaceuticals and Diagnostics. They focus on finding new medicines and diagnostics and utilizing data-based insights to evolve the practice of medicine and help patients live longer better lives.


Global Locations


Certified Cloud Architects


Years of Cloud Experience


Cloud Transformations

Business Challenge

The client has many applications which log the medical research data and can be retrieved by several authorized researchers/scholars and medical practitioners across the world to study. The data is all stored and retrieved from cloud. These applications are highly prone to DDoS attacks. These DDoS attacks halt many research programs/studies causing lots of chaos among Medical Teams.

The diagram below shows the Cloudflare WAF Solution Architecture on the client’s account which exposes HTTPS services over the internet.

Our Solution

SecureKloud is constantly monitoring the client’s AWS resources and AWS Network Security using various tools as we are already engaged with the client as their AWS Managed Services partner.

After analysing client’s existing Network Security Setup, SecureKloud proposed the following solution to protect their data from unauthorized access.

Based on the research on the DDoS attacks due to different requirements from different clients, SecureKloud has developed solutions that include customization and implementation of third-party tools such as Cloudflare and Imperva. This is done to mitigate DDoS protections for the applications running in the Client AWS accounts.

SecureKloud customized and implemented the Cloudflare tool as per the client’s requirements to provide DDoS protection for their critical applications.

As a part of its Cloud DevOps for Innovation and Maturation (CDIM) approach, SecureKloud constantly keep updating the Cloudflare configuration based on the updates in their critical applications to ensure complete protection from DDoS attacks

Cloudflare protects and accelerates all websites, apps, and APIs with unmetered DDoS protection, a global CDN, and more.

To secure the service, all inbound traffic passes through a cloud-based Cloudflare Web Application Firewall (WAF). The WAF routes traffic to the ALB, via DNS name resolution, where it is then load-balanced to the backend instances.

All public facing applications should be configured to route the traffic via DMZ Zone. So, the Internet traffic will first hit the External Load balancer of the DMZ Account in AWS. Then the traffic will be routed to the backend host of Cloudflare instance where web filtering happens and then the Cloudflare directs the traffic to the Client’s internal Load balancer. Similarly, the reverse traffic is routed back to the internet via Imperva Revers proxy.

To prevent direct access from the internet to the front end of the ALB a security group has to be added to the ALB with an inbound rule allowing only the IP ranges of Cloudflare. Those ranges can be found on Cloudflare's public website ( By default, only port 443 is allowed inbound by the security group from the Cloudflare public IPs.

Business Outcomes

Through our solutions, we were able to achieve these outcomes

  • Protected client’s assets with enterprise-grade security without compromising or sacrificing web performance.
  • Network security and scalability are greatly achieved.
  • Customize and enforce security policies and gain visibility of your entire infrastructure from the Cloudflare dashboard.

Are you looking to keep your cloud intact from potential threats?

Our experts are here to help you out.

Get In Touch