Source URL: https://cloud.google.com/blog/products/identity-security/how-electronic-arts-protects-their-game-servers-with-cloud-armor/
Source: Cloud Blog
Title: How EA Sports protects their game servers with Cloud Armor
Feedly Summary: Electronic Arts (EA) is a global leader in digital interactive entertainment, known for its cutting-edge games, innovative services, and powerful technologies. So when EA Sports FC, a leading brand in the gaming industry, needed to choose a cloud provider to host its gaming infrastructure, they selected Google Cloud Armor to protect its game servers and enhance its DDoS resiliency.
Distributed denial-of-service (DDoS) attacks can have a devastating impact on gaming companies. They can disrupt gameplay, prevent players from accessing games, and even cause damage to game servers. This can lead to lost revenue, customer dissatisfaction, and tarnish the company’s reputation.
“DDoS protection is a top priority for us. Leveraging Cloud Armor to protect our services upstream from our infrastructure lets us focus on the most important things — the player’s experience,” said Peter Vido, network architect, EA Sports.
In the past year, the volume and frequency of DDoS attacks have increased significantly, and the gaming industry was a prime target. According to the Gcore Radar report for the second half of 2023, the gaming industry remains the most affected, enduring 46% of the attacks.
“We want a DDoS solution that has the gaming industry in mind — it has to be effective and scalable without degrading our gaming infrastructure. Google Cloud Armor ticks all these boxes,” said Vido.
DDoS protection with Google Cloud Armor
Cloud Armor is a DDoS mitigation service and web-application firewall deployed at the edge of Google’s Cross-Cloud Network. Cloud Armor protects applications and services whether they are deployed on Google Cloud, on premises, or on another infrastructure provider.
In the past year, Cloud Armor expanded its portfolio to address the unique needs of L4 workloads such as UDP, with a special emphasis on the gaming industry. The underlying networking infrastructure can be an External Passthrough Load Balancer or virtual machines (VMs) with public IPs, and supports both GKE and GCE workloads.
As a subscriber to Cloud Armor Enterprise, EA Sports uses advanced network DDoS protection in conjunction with our new custom network edge security policies. Advanced network DDoS protection provides always-on attack detection and just-in-time mitigation to defend against common volumetric network and protocol DDoS attacks, such as SYN flood, UDP flood, DNS reflection, and NTP amplification attacks.
Cloud Armor custom network edge security policy allows customers to create a set of security rules to allow or deny traffic at the edge of the network according to user-specified filters such as IPs, ASNs, ports, regions, and protocols. Each security policy can be attached to one or more backend services or VMs, allowing customers to fit each security policy to the specific service they wish to protect.
Google Cloud Armor also performs deep packet inspection on ingress traffic to block traffic that doesn’t conform to policy. Customers can configure a security policy rule that inspects each incoming packet according to a user specified TCP/UDP byte offset location filter, which can be used in conjunction with other filters.
Cloud Armor security policies are evaluated and enforced for every incoming packet at the edge of Google Cloud’s network, far upstream of customer infrastructure. The scale and scope of our network can help Google Cloud safely absorb and dissipate large attacks, while minimizing impact to customer infrastructure.
These new custom network edge security policies were developed in close collaboration with the EA Product Infrastructure and Engineering group and other customers. Throughout the development cycle, the Cloud Armor team validated the suggested offering and worked to improve it. The result is a powerful tool that allows EA Sports FC to create security policies that are tailored to their needs, and improve their DDoS protection.
“We have seen a significant decrease in the impact of DDoS attacks thanks to Cloud Armor, leading to improved performance and reliability of our gaming servers and reducing overhead to our operational teams. Using Cloud Armor helps us to provide an industry leading experience to our players,” said Vido.
Learn more about Cloud Armor
Cloud Armor can be a valuable tool for protecting game servers from DDoS attacks. It can help mitigate the impact of attacks, and helps ensure that players can continue to enjoy their games. To learn more see our documentation.
You can hear directly from EA Sports about their experience with Cloud Armor in this year’s Google Cloud Next session.
AI Summary and Description: Yes
Summary: The text highlights Electronic Arts’ (EA) selection of Google Cloud Armor to bolster their gaming infrastructure against escalating DDoS attacks. This move is relevant for industry professionals focusing on cloud computing security, infrastructure resilience, and DDoS mitigation strategies.
Detailed Description:
The text outlines a case study involving Electronic Arts (EA), a prominent player in the digital gaming sector, and their collaboration with Google Cloud to enhance security against Distributed Denial-of-Service (DDoS) attacks. Here are the key points of significance:
– **Increased DDoS Threats**: The gaming industry is experiencing a surge in DDoS attacks, with EA Sports recognizing the necessity of robust protection measures due to their devastating impact on gameplay and company reputation.
– **Google Cloud Armor**: EA selected Cloud Armor for its ability to provide advanced, scalable DDoS protection tailored for the specific needs of the gaming sector:
– **DDoS Mitigation**: Cloud Armor not only mitigates DDoS attacks but also functions as a web application firewall, protecting services deployed across various infrastructures.
– **Scalability and Effectiveness**: EA Sports emphasized the importance of a solution that meets industry demands without degrading gaming performance, and Cloud Armor is designed with these needs in mind.
– **Custom Network Edge Security Policies**: EA utilized Cloud Armor’s advanced features, which include:
– Always-on attack detection
– Just-in-time mitigation strategies for various DDoS attack vectors (e.g., SYN floods, DNS reflection)
– Customizable security policies that allow granular control over traffic filtering based on IPs, ports, and regions.
– **Collaborative Development**: The development of these security policies involved close collaboration between Google Cloud’s Cloud Armor team and EA’s engineering group, demonstrating an adaptive and customer-focused approach to security.
– **Performance Improvement**: EA reported a notable reduction in the impact of DDoS attacks, resulting in improved server performance and more reliable gameplay experiences for users.
– **Industry Implications**: The discussion surrounding the necessity of tailored DDoS protection in the gaming industry is vital for professionals focused on cloud security. The insights offered by EA’s experience with Google Cloud Armor can inform best practices and strategies for mitigating similar threats across other sectors.
In conclusion, the text serves as a critical overview for security and compliance professionals in understanding emerging threats in the gaming sector, the importance of scalable security solutions like Google Cloud Armor, and the collaborative efforts necessary to develop effective protection strategies.