Jin Air

Jin Air blocks malicious bot traffic, accelerates performance, and improves online sales revenue with the Cloudflare connectivity cloud

Founded in 2008, Jin Air is one of South Korea’s largest low-cost passenger airlines. It moves around 6 million passengers annually and offers its customers the greatest selection of domestic destinations of any Korean carrier. With four Boeing 777s in its fleet, Jin Air is also the only Korean low-cost carrier with widebody aircraft on its international routes.

In addition to its extensive domestic services, Jin Air’s 26-aircraft fleet serves an expanding list of international destinations. These include China, Hong Kong, Taiwan, Thailand, Malaysia, and Vietnam.

Challenge: Stopping bot attacks, SQL injection attempts, and fake bookings

As air travel to and from Korea returned to pre-pandemic levels, Jin Air saw a strong uptick in demand for its domestic and international flights and services. With the welcome increase in sales and traffic to its websites, the company, however, also experienced a rise in unwanted online attention.

“We faced an increasing series of attacks — external bots and various other cyber threats were on the rise,” explains Mr Park, Manager of Jin Air’s Strategic Digital Transformation Group. “Alongside DDoS attacks, SQL injection incidents, and excessive access attempts, we also experienced third-party web scraping agents impersonating Google bots and a spike in fake bookings.”

The SQL injection and automated credential stuffing attempts attacks posed a potential threat to the airline’s data centers and sensitive passenger information. Likewise, the fake bookings created by automated inventory-hoarding bots blocked genuine customers from reserving flights online. In addition to the disruptions to their website and customer services, the costly bandwidth consumed by the malicious traffic increased the airline's operating expenses and negatively affected its bottom line.

Faced with increasingly sophisticated attacks, Jin Air’s online security partner at the time, an internationally recognized early entrant into the cyber security and content delivery space, failed to address the problems, despite the high cost of its pay-per-use services.

Solution: Cloudflare Application Services to secure and enhance the Jin Air customer experience

In search of a cost-effective solution that delivers on its promises, Jin Air turned to Cloudflare. Working with Cloudflare and Megazone Cloud Corporation — Cloudflare’s 2022 Services Partner of the Year and 2022 Korean Most Valuable Player award winner — Jin Air began a proof of concept (POC) to evaluate Cloudflare services against those of their incumbent vendor.

Throughout the POC and implementation, Megazone provided a local, Korean-language liaison between the airline and the Cloudflare team. The Korean systems integrator offered technical consulting, implementation services, and fast, accurate on-site technical support. This ensured the smooth migration of the airline’s custom security settings to the new Cloudflare solution.

Completing the POC, Cloudflare and the Korean systems integrator began implementing Cloudflare Application services, installing the Cloudflare WAF, Bot Management, DDoS Protection, and Rate Limiting to secure Jin Air’s web domains. With Cloudflare’s core security services protecting all of its online applications, Jin Air saw an immediate reduction in malicious traffic.

“Using Cloudflare, we mitigated our external web threats overnight,” says Park. “We eliminated 99.96% of our problem bot traffic and secured our site against fake bookings.”

As a result of its success using Cloudflare to block malicious bots from accessing its web properties, Jin Air also cut its bandwidth consumption a reduction that translates directly into operational savings for the airline. A combination of moving away from its previous vendor’s pay-per-use pricing structure and the efficiency gained from Cloudflare’s automated managed WAF rulesets instead of time-consuming manual WAF updates contribute further to the airline's savings.

“Overall, Cloudflare reduced our traffic consumption by 51% with managed rules for WAF, DDoS mitigation, and dynamic bot challenges,” says Park. “Cloudflare’s automatic updates, managed rulesets, and dynamic challenges secure us against zero-day exploits and other new threats in seconds rather than the minutes it took our previous vendor.”

Cloudflare application performance services in the connectivity cloud accelerate the international customer experience

With its websites, applications, and services secure, Jin Air began a campaign to enhance its online customer experience. The airline expanded its collaboration with Cloudflare and Megazone to include Cloudflare application performance services — the Cloudflare CDN, Tunnel, and Smart Routing. The goal was to support further development of its Japanese, Chinese, Southeast Asian, and Oceanian customer bases.

Leveraging Cloudflare’s global points of presence — more than 310 cities in over 120 countries including mainland China — Jin Air optimized the performance and speed of its web properties. It reduced latency and shortened processing times for searches and ticket purchases.

Caching content in the connectivity cloud, Jin Air also optimized its ability to update its international web services. Cloudflare pushed the airline's global cache purge times and distribution of new cache rules to below five seconds — it took the previous vendor 10 minutes. A similar reduction in real-time event confirmations — from 10 minutes to under 30 seconds — ensures the airline’s worldwide customers securely receive up-to-the-minute information about seat availability, special offers, and time-sensitive promotions.

“The connectivity cloud has improved our connection speeds, especially to China, Japan, and the US — which are important growth markets,” says Park. Our Cloudflare-enhanced web performance and accessibility in those countries helps increase our international ticket sales.”

Based on its experience working with Cloudflare and Megazone to secure its web applications and accelerate ticket purchases for its customers abroad, Jin Air has plans to extend the partnership. The airline is currently exploring additional services in Cloudflare’s connectivity cloud, specifically the Cloudflare Zero Trust services that could dynamically connect its international workforces to company resources using identity-based security controls.