The Grinch Who Almost Stole Black Friday

If you’re a fan of Costco, you know that it has an almost cult following; I am one of the proud cult members who makes most of my family’s big purchases through Costco Online. Early on the morning of Black Friday, I logged into Costco Online to take advantage of deals. I added items to my shopping cart with no problem, but when it was time to checkout, I received the following message:

“The website is currently experiencing longer than normal response times. Please note that all Thanksgiving Day-only promotions have been extended into Friday, November 29th, WHILE SUPPLIES LAST. We apologize for any inconvenience.”

According to outage tracking site Downdetector, Costco’s e-Commerce site went down for more than 16 hours between Thanksgiving day and Black Friday. The outage impacted an estimated 2.65 million customers who were trying to access the web site, costing the retailer an estimated $10,924,650 in lost sales.

Costco wasn’t the only website to experience performance issues over the Thanksgiving weekend. Many other sites, such as H&M and Nordstrom Rack, also had slowdowns and outages.

[You may also like: Retailers, How Much of Your Holiday Traffic is Actually Human?]

Behind the Slowdowns & Outages

The slowdown and outages could have happened for a myriad of reasons – programming errors, bot and denial of service attacks, application security issues, other operational issues such as scalability and availability problems, lack of visibility or errors in deployment due to lack of automation, just to name a few.

As enterprises transition to the cloud, many are using microservice architecture to implement business applications as a collection of loosely coupled services to enable isolation, scale, and continuous delivery for complex applications. Despite the advantages of doing so (resource footprint, instantiation time, better resource utilization), you have to balance the complexity that comes with a distributed architecture with the application security and scale requirements, as well as time-to-market constraints.

[You may also like: 10 Commandments for Securing Microservices]

Adopting containers doesn’t remove traditional security and application availability concerns. Application vulnerabilities can still be exploited; recent ransomware attacks highlight the need to secure against denial of service and application attacks.

Security AND availability should be top-of-mind concerns in the move to adopt containers. As cyber threats force organizations to tighten security, delivering advanced and secure application services quickly and cost effectively poses a challenge to IT teams. Here are some factors to consider:

Security from the Get-Go

In addition to using built-in tools for container security, traditional approaches to security still apply.

Many API-based microservice applications are accessible over the web and open to malicious attacks. As the hackers probe network and application vulnerability to gain access to sensitive data, the prevention of unauthorized access needs to be multi-pronged as well.

[You may also like: Agile Security Is Now A Reality]

This includes preventing bots and denial of service attacks, checking access levels and validating users before they can access an application, preventing rogue application ports/applications from running in the enterprise, routine vulnerability assessment scans on applications and scanning application source code for vulnerabilities and fixing them, and securing the data at rest and in motion.

Availability & Scalability is Mandatory

A user interacting with a container-based application does not need to know about the application instance that’s serving them. This is precisely the isolation and de-coupling that is required to ensure availability. In addition, look for automated scale-in and scale-out of applications as the traffic patterns change.

Automation Should Be a Given

Even with many benefits that accompany a container-based application, one of the challenges is how to quickly roll out, troubleshoot, and manage these micro-services.

Manually allocating resources for applications and reconfiguring the load balancer to incorporate newly instantiated services is inefficient and error prone. It becomes problematic at scale. A server discovery and automating the deployment of services quickly becomes a necessity.

[You may also like: Application Security in the Microservices Era]

Monitor….or Else

When deploying microservices that may affect many applications, proactive monitoring, analytics and troubleshooting become critical before they become business disruptions. These may include a micro-service or an application is not meeting its SLA requirements such as latency, security issues, service up ntime, and problems of access.

Organizations should be concerned with ensuring security and availability of their sites. Businesses that have to support complex IT must adopt automation, visibility, analytics and orchestration best practices and tools that fit in with their agile and DevOps processes. The goal is to keep your business highly available and secure without losing development agility.

Read “Radware’s 2019 Web Application Security Report” to learn more.

Download Now

Prakash Sinha

Prakash Sinha is a technology executive and evangelist for Radware and brings over 29 years of experience in strategy, product management, product marketing and engineering. Prakash has been a part of executive teams of four software and network infrastructure startups, all of which were acquired. Before Radware, Prakash led product management for Citrix NetScaler and was instrumental in introducing multi-tenant and virtualized NetScaler product lines to market. Prior to Citrix, Prakash held leadership positions in architecture, engineering, and product management at leading technology companies such as Cisco, Informatica, and Tandem Computers. Prakash holds a Bachelor in Electrical Engineering from BIT, Mesra and an MBA from Haas School of Business at UC Berkeley.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center