Nine’s Web App Shield Blocks 96 Million Malicious Requests Throughout the 2024 Olympics


We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!

Concise Overview

  • Nine Entertainment thwarted 96 million harmful web requests during the 2024 Paris Olympics.
  • The organization employed Fastly’s web application firewall (WAF), capable of filtering 1.2 billion web and app requests each day.
  • Web traffic surged up to four times the usual rate during peak events like swimming.
  • Nine Entertainment relies on Fastly’s managed security service (MSS) for round-the-clock internet security, particularly during busy events.
  • The company is adopting new measures to stop AI bots from scraping content, especially from subscription-based brands like the Australian Financial Review.
  • AI scrapers, such as Perplexity, have demonstrated inaccuracies in content summarization, posing additional challenges for content security.

Nine Entertainment Thwarts 96 Million Malicious Requests During 2024 Olympics

Nine's Web App Shield Blocks 96 Million Malicious Requests Throughout the 2024 Olympics


During the 2024 Paris Olympics, Nine Entertainment successfully blocked more than 96 million malicious web requests, attributing this accomplishment to its advanced web application firewall (WAF) supported by Fastly. This milestone marks a significant advancement in Nine’s persistent initiatives to protect its digital assets against heightened cyber threats, particularly during major events that attract substantial web traffic.

Managing Traffic Spikes During the Olympics

The 2024 Paris Olympics experienced a considerable increase in web traffic across Nine’s platforms such as the Australian Financial Review and Nine News, with some events, like swimming, experiencing traffic peaks reaching four times the normal levels. Andre Lackmann, Nine’s technology director of publishing and enterprise practices, noted that the company’s WAF processes roughly 1.2 billion web and app requests daily, but during the Olympics, the volume of requests surged dramatically.

This surge presented considerable challenges for Nine’s infrastructure; however, by utilizing Fastly’s WAF and Managed Security Service (MSS), the company effectively navigated these obstacles. About 70% of the traffic was managed by Nine’s Content Delivery Network (CDN), while the remaining 30% went through the WAF, with 1-2% being blocked due to harmful activity.

Utilization of Fastly’s Security Services

Nine has been a long-time adopter of Fastly’s security solutions, beginning trials in 2017. By 2023, Nine had completely transitioned from its outdated WAF to Fastly’s service. This transition enabled the media giant to streamline its internet security across its expanding digital properties.

Fastly’s managed security service (MSS) has played a vital role in assisting Nine with its cybersecurity management. Given the increasing intricacies of cyber threats, maintaining a 24/7 in-house team of security professionals proved challenging for Nine. Fastly’s MSS resolved this issue, delivering continuous, year-round protection while allowing Nine’s engineers to concentrate on other essential projects.

Lackmann recounted an incident during the 2024 State of Origin when the team identified unusual traffic trends. They quickly escalated the situation using Slack and consulted Fastly’s MSS team to address the suspicious activity, underscoring the importance of real-time monitoring and responsiveness in the current media environment.

Tackling AI Scrapers and Content Security

In addition to managing elevated web traffic, Nine is also contending with the rising threat from AI scrapers—bots designed to extract content for use in large language models like Perplexity. This is particularly alarming for Nine’s subscription-based publications, such as the Australian Financial Review, The Age, and the Sydney Morning Herald, as premium content serves as a key revenue source.

Lackmann pointed out that AI services are becoming increasingly adept at summarizing news articles, potentially affecting Nine’s revenue model. To mitigate this risk, Nine has revised its robots.txt file to restrict AI scrapers from accessing its content freely. While this step offers some level of protection, it is not entirely foolproof, prompting Nine to investigate more precise rate-limiting strategies to more effectively block scraping bots.

Interestingly, during testing, Lackmann discovered that Perplexity, one of the AI tools, generated inaccurate summaries of a news piece concerning pharmaceuticals in Australia. “It confidently discussed the article, but the details were largely incorrect, illustrating the limitations and risks associated with AI scrapers,” Lackmann remarked.

Conclusion

The achievement of Nine Entertainment in blocking 96 million malicious web requests during the 2024 Paris Olympics highlights the necessity of robust cybersecurity strategies, particularly during high-traffic events. With support from Fastly’s WAF and MSS, Nine adeptly managed the increase in web traffic while also addressing the emerging risk posed by AI content scrapers. As the media landscape evolves, Nine is proactively taking measures to safeguard its digital assets, particularly with regard to premium subscription content.

Q&A Session

Q: How does Nine cope with increased web traffic during major events?

A:

Nine utilizes Fastly’s web application firewall (WAF) and Content Delivery Network (CDN) to manage web traffic. The CDN handles around 70% of the traffic, while the WAF filters the remaining 30%, blocking 1-2% of potentially harmful requests.

Q: What function does Fastly’s Managed Security Service (MSS) fulfill for Nine?

A:

Fastly’s MSS delivers 24/7 internet security surveillance, enabling Nine to address complex cybersecurity requirements without the need for a full-time in-house security team. This is especially crucial during high-traffic events like the Olympics.

Q: How is Nine preventing AI scrapers from accessing its content?

A:

Nine has revised its robots.txt file to restrict AI scrapers, while also employing more sophisticated rate-limiting methods to specifically target bots. This approach is vital for subscription-based content on platforms like the Australian Financial Review.

Q: How accurate are AI scrapers such as Perplexity in content summarization?

A:

According to Lackmann’s evaluations, AI scrapers like Perplexity can lack accuracy. For instance, when summarizing a pharmaceutical article in Australia, it inaccurately referenced unrelated companies, demonstrating the current limitations of AI scraping technologies.

Q: Why is safeguarding content important for Nine’s brands?

A:

Content protection is essential since Nine’s subscription-based brands, like the Australian Financial Review, depend on premium content for revenue. Unauthorized scraping by AI bots could jeopardize this business model by offering free summaries of paywalled material.

Q: When did Nine start using Fastly’s services?

A:

Nine commenced trials of Fastly’s services in 2017 and fully transitioned from its previous WAF to Fastly’s platform in 2023, allowing Nine to unify its internet security efforts across its digital assets.

Q: How does Nine react to unusual web traffic activities?

A:

Nine utilizes platforms like Slack to coordinate between its internal teams and Fastly’s MSS team when abnormal traffic patterns are detected. This timely communication enables the company to respond promptly to potential dangers.

Posted by David Leane

David Leane is a Sydney-based Editor and audio engineer.

Leave a Reply

Your email address will not be published. Required fields are marked *