Ranked as one of the world’s best low-cost airlines, AirAsia offers domestic and international flights to more than 165 destinations in 25 countries, with its online ticketing platform constantly accessed by a wide audience in different geographies around the world. Because of this, the airline’s ticketing platform has been exploited by crawlers and botnet attacks, affecting both website and app performance. AirAsia faced malicious activities from bots that occupy free seats, hindering customers from purchasing their tickets and directly compromising airline bookings and revenue.
AirAsia thwarted high-level hackers and uncovered complicated hacking patterns then implemented a security solution that utilizes a content delivery network with customized rules applied to a cloud web application firewall. Stricter security checks were introduced, including custom-built captcha solutions, which have successfully blocked botnet attacks that comprised 90% of web traffic. With the cloud-based security solution, AirAsia has enabled improvements in the latency and Round-Trip Time (RTT) of its website, while moving to a content delivery network (CDN) has ensured traffic optimization for access based on user profiles.