Founded as a private American NGO in 1978 to monitor the Soviet Union’s compliance with the Helsinki Accords, Human Rights Watch (HRW) has grown to become a worldwide leader in the battle for, and protection of, human rights. From offices on 5 continents, HRW’s 400 employees are dedicated to protecting the human rights of people around the world. They stand with victims and activists to prevent discrimination, uphold political freedom, protect people from inhumane conduct in wartime, and bring offenders to justice.
The HRW website is critical to organisational success, because it allows the organisation to make information available around the world about abuses that are taking place. At the same time, the website comes under attack occasionally from individuals, governments and organisations that have a stake in blocking HRW’s efforts.
These nefarious actors leverage many attack types, but their favored type is the denial of service attack, or DoS. “Every couple of months we can count on getting hit by a large-scale attack,” said Mihai Cuibus, Senior Digital Engineer at Human Rights Watch. “Once in a while, attackers will throw in an injection attack as well.”
For years, HRW had the ability to manually mitigate DoS or DDoS attacks, but the organisation still suffered each time an attack took place. This was primarily due to the time required to identify threats, notify key IT team members and take defensive measures. Once alerted to an attack, HRW’s two-person technical web team would need to drop what they were doing and respond to it. While they did, HRW’s 70 content creators and publishers would be unable to perform their critical web-related tasks. This prevented the organisation from getting the word out on current events as fast as they wanted.
In addition, online donations could not be processed by the HRW website while an attack was taking place, as it consumed all server resources. In this way, automated alerts were not suitable for preventing damage. “We received automated attack alerts from our New Relic technology,” said Cuibus. “But knowing an attack is underway and stopping it are two different things. We needed to gain a more proactive defense posture.”
When Human Rights Watch migrated hosting services to Pantheon in 2014, the web team decided to simultaneously implement a solution for proactive DDoS detection and mitigation. They did not have to look far for the ideal solution. They had already been accelerating their website content and applications for several years using CDNetworks.
As HRW completed its hosting implementation, they pointed all traffic to CDNetworks global acceleration servers which include special DDoS ‘absorption’ PoPs. These absorption PoPs, which can handle millions of simultaneous requests, are incorporated into the CDNetworks cloud-based server network.
Through its Pantheon-to-CDNetworks deployment, the web team looked to ensure their website infrastructure would meet the following requirements:
The web team implemented the new hosting infrastructure quickly. “CDNetworks’ expertise around accelerating Drupal websites really helped,” said Cuibus.
The Human Rights Watch website is fast and high performing on CDNetworks 200 global points of presence. Now, with DDoS protection and 24/7 security monitoring, the website will always be accessible. Each time an attack occurs, the CDNetworks absorption PoPs automatically mitigate the malicious website traffic, while the rest of the CDNetworks PoPs accelerate the legitimate traffic. “For the past several years, we have been extremely happy with CDNetworks stellar support and performance,” said Cuibus. “The CDNetworks DDoS absorption PoPs will keep our website up and performing fast, even as we come under attack. Instead of people sitting around and waiting for a fix, our 70+ content creators can continue publishing critical content without missing a beat.”
Additionally, CDNetworks is speeding Drupal content and providing SSL encryption for Human Rights Watch website. This ensures the privacy of all website users and helps maximise the ability to keep donation transactions flowing securely.