How EA Sports protects their game servers with Cloud Armor
Lihi Shadmi
Product Manager
Electronic Arts (EA) is a global leader in digital interactive entertainment, known for its cutting-edge games, innovative services, and powerful technologies. So when EA Sports FC, a leading brand in the gaming industry, needed to choose a cloud provider to host its gaming infrastructure, they selected Google Cloud Armor to protect its game servers and enhance its DDoS resiliency.
Distributed denial-of-service (DDoS) attacks can have a devastating impact on gaming companies. They can disrupt gameplay, prevent players from accessing games, and even cause damage to game servers. This can lead to lost revenue, customer dissatisfaction, and tarnish the company's reputation.
“DDoS protection is a top priority for us. Leveraging Cloud Armor to protect our services upstream from our infrastructure lets us focus on the most important things — the player’s experience,” said Peter Vido, network architect, EA Sports.
In the past year, the volume and frequency of DDoS attacks have increased significantly, and the gaming industry was a prime target. According to the Gcore Radar report for the second half of 2023, the gaming industry remains the most affected, enduring 46% of the attacks.
“We want a DDoS solution that has the gaming industry in mind — it has to be effective and scalable without degrading our gaming infrastructure. Google Cloud Armor ticks all these boxes,” said Vido.
DDoS protection with Google Cloud Armor
Cloud Armor is a DDoS mitigation service and web-application firewall deployed at the edge of Google’s Cross-Cloud Network. Cloud Armor protects applications and services whether they are deployed on Google Cloud, on premises, or on another infrastructure provider.
In the past year, Cloud Armor expanded its portfolio to address the unique needs of L4 workloads such as UDP, with a special emphasis on the gaming industry. The underlying networking infrastructure can be an External Passthrough Load Balancer or virtual machines (VMs) with public IPs, and supports both GKE and GCE workloads.
As a subscriber to Cloud Armor Enterprise, EA Sports uses advanced network DDoS protection in conjunction with our new custom network edge security policies. Advanced network DDoS protection provides always-on attack detection and just-in-time mitigation to defend against common volumetric network and protocol DDoS attacks, such as SYN flood, UDP flood, DNS reflection, and NTP amplification attacks.
Cloud Armor custom network edge security policy allows customers to create a set of security rules to allow or deny traffic at the edge of the network according to user-specified filters such as IPs, ASNs, ports, regions, and protocols. Each security policy can be attached to one or more backend services or VMs, allowing customers to fit each security policy to the specific service they wish to protect.
Google Cloud Armor also performs deep packet inspection on ingress traffic to block traffic that doesn’t conform to policy. Customers can configure a security policy rule that inspects each incoming packet according to a user specified TCP/UDP byte offset location filter, which can be used in conjunction with other filters.
Cloud Armor security policies are evaluated and enforced for every incoming packet at the edge of Google Cloud’s network, far upstream of customer infrastructure. The scale and scope of our network can help Google Cloud safely absorb and dissipate large attacks, while minimizing impact to customer infrastructure.
These new custom network edge security policies were developed in close collaboration with the EA Product Infrastructure and Engineering group and other customers. Throughout the development cycle, the Cloud Armor team validated the suggested offering and worked to improve it. The result is a powerful tool that allows EA Sports FC to create security policies that are tailored to their needs, and improve their DDoS protection.
“We have seen a significant decrease in the impact of DDoS attacks thanks to Cloud Armor, leading to improved performance and reliability of our gaming servers and reducing overhead to our operational teams. Using Cloud Armor helps us to provide an industry leading experience to our players,” said Vido.
Learn more about Cloud Armor
Cloud Armor can be a valuable tool for protecting game servers from DDoS attacks. It can help mitigate the impact of attacks, and helps ensure that players can continue to enjoy their games. To learn more see our documentation.
You can hear directly from EA Sports about their experience with Cloud Armor in this year’s Google Cloud Next session.