Case Study: Formative achieves robust API DDoS protection and account-takeover prevention with Reblaze

EdTech Platform Gets Managed API Security, DDoS Protection, and Account Takeover Prevention on AWS

Formative (formative.com) is an EdTech platform that delivers interactive student assessments and collaboration tools to schools worldwide. Facing repeated HTTP request floods—attacks of many thousands of requests per second—and an API that could not be cached by CloudFront, Formative needed precise, condition-based protection and account-takeover (ATO) defenses without added latency or privacy compromises, so they engaged Reblaze for Web Application and API Security (WAAP) on AWS.

Reblaze was deployed in the same AWS region/zone as Formative and delivered a managed WAAP solution including multilayer DDoS protection, advanced rate limiting/throttling, ATO prevention, bot/human detection, and SOC monitoring. As a result, Reblaze eliminated the DDoS traffic that previous services couldn’t stop, mitigated high-volume HTTP floods, blocked brute-force and bulk account-creation attempts, enabled targeted per-user throttling and customizable policies, preserved low latency and data privacy, and continues to manage and monitor Formative’s deployment.

Formative