How does IndiaMART use Google Cloud Armor for AI-based cybersecurity and DDoS protection?

IndiaMART, a leading Indian B2B marketplace, strengthened its defenses against DDoS attacks and malicious bots by integrating Google Cloud Armor into its digital infrastructure. This AI-powered tool filters bad traffic at the edge, protects against OWASP Top 10 vulnerabilities, and blocks abusive bots before they reach IndiaMART’s servers. The result: reduced server load, improved site performance, and enhanced customer experience. The blog explores implementation strategy, threat detection methods, and measurable business outcomes.

  Security News & Threat Intelligence   Jul 22, 2025   16  Add to Reading List

Table of Contents

Why Did IndiaMART Need a Smarter Cyber Defense?

IndiaMART, one of India's largest B2B e-commerce platforms, handles millions of daily visits across multiple domains. In late 2023, the company witnessed a sharp spike in traffic to its product display pages—from just 20,000 monthly requests to over 330,000 per month. This raised serious concerns:

  • Is this a DDoS attack?

  • Are malicious bots scraping product data?

  • Is the server load compromising availability?

IndiaMART realized traditional server-side scripts were not enough. They needed a cloud-native solution to filter threats before reaching the core infrastructure. Enter Google Cloud Armor.

What Is Google Cloud Armor and How Does It Work?

Google Cloud Armor is an AI-driven security platform that protects applications from DDoS, OWASP Top 10 attacks, and bot traffic. It works at the edge level with Google Cloud Load Balancers to stop malicious traffic before it hits your app.

Core Features of Cloud Armor

Security Feature Purpose & Benefit
AI-Powered DDoS Protection Blocks L3-L7 volumetric attacks using ML models
WAF Rules (Pre-Built + Custom) Filters SQLi, XSS, and custom threats
Geo-Based Blocking Allows or blocks countries or IP zones
Rate Limiting Controls abusive users/IPs
Threat Intelligence Feeds Automatically blocks known malicious IPs
Integration with Cloud Logs Real-time analytics and threat reporting

What Challenges Did IndiaMART Face Before Using Cloud Armor?

1. Server Overload Due to Bad Bots

Traditional IP-blocking scripts only worked after the server processed the request—wasting resources.

2. No Edge-Level Mitigation

Malicious traffic wasn’t filtered at the network perimeter, leading to higher latency and server strain.

3. Lack of Granular Control

Blocking bots, users, or geographies manually wasn’t scalable or intelligent enough.

How Did IndiaMART Implement Cloud Armor?

IndiaMART tested Cloud Armor in Preview Mode on its main site:

  • www.indiamart.com

After successful testing, it was rolled out to other domains:

  • m.indiamart.com (mobile)

  • dir.indiamart.com (directory)

  • apps.indiamart.com, export.indiamart.com, and Hindi sites

Daily Threat Analysis Strategy

IndiaMART built an in-house threat analysis system to improve Cloud Armor rules using:

  • Header and User-Agent fingerprinting

  • Request frequency tracking per IP and User

  • Country-based traffic mapping

  • Third-party risk scoring (IP reputation)

What Kind of Traffic Did IndiaMART Block?

  • Bad Bots: Including scrapers pretending to be Googlebot or Yandex

  • Suspicious Headers: Missing referrer or fake browser headers

  • Excessive Requests: Users making 100+ product requests in minutes

  • Malicious Countries: Geo-blocked China and unknown traffic regions

Example: Yandex Bot Block

A 13-day snapshot showed Yandex as a major bad bot contributor. IndiaMART used Cloud Armor rules to block this crawler specifically, reducing bot traffic by over 60%.

What Results Did IndiaMART See?

Malicious traffic dropped significantly
Server load stabilized, improving performance
Bot detection accuracy improved using AI and behavior models

Cost Optimization with Cloud Armor

IndiaMART switched to an Enterprise Subscription, reducing pay-as-you-go costs:

  • Previous monthly spend: ₹3.5 Lakhs

  • After optimization: ₹2.6 Lakhs

  • Annual savings: ₹12 Lakhs (~$14,000)

What’s Next in IndiaMART’s Security Roadmap?

IndiaMART plans to enhance protection further:

  • ASN Blocking: Stop threats from specific data centers and hosting providers

  • AI-Driven Anomaly Detection: Analyze browsing behavior to auto-flag bots

  • Policy Grouping: Streamline WAF and rate rules for better scalability

  • Advanced Geo-Intelligence: Filter traffic by user behavior per region

Why Google Cloud Armor Was a Game-Changer for IndiaMART

IndiaMART moved from reactive to proactive cybersecurity by implementing Google Cloud Armor. It now detects and blocks threats in real time, before they reach its application servers, securing the experience for both buyers and sellers.

Conclusion

As e-commerce scales in India, AI-driven security is no longer optional—it's essential. IndiaMART’s adoption of Google Cloud Armor shows how organizations can leverage cloud-native tools to build resilient systems that perform under attack.

FAQs

What is Google Cloud Armor?

Google Cloud Armor is a cloud-native web application firewall and DDoS protection service that defends apps from threats using ML-driven edge filtering.

How did IndiaMART use Google Cloud Armor?

IndiaMART used Google Cloud Armor to protect against bots, DDoS attacks, and OWASP Top 10 threats by deploying it on multiple subdomains across its platform.

Why did IndiaMART need Cloud Armor?

IndiaMART needed Cloud Armor to mitigate a huge spike in bot traffic that overwhelmed their servers and increased latency for real users.

What types of threats does Cloud Armor protect against?

Cloud Armor protects against SQL injection, XSS, DDoS, bot traffic, geo-based attacks, and other malicious HTTP(S) requests.

How does AI help in Cloud Armor’s security model?

Cloud Armor uses machine learning to detect abnormal traffic patterns and respond to threats in real time at the edge level.

What domains did IndiaMART protect with Cloud Armor?

IndiaMART protected www.indiamart.com, m.indiamart.com, dir.indiamart.com, and more.

How does Cloud Armor detect bad bots?

Cloud Armor uses user-agent analysis, header inspection, rate-limiting, and IP reputation feeds to identify and block bots.

What is the benefit of blocking at the edge?

Blocking at the edge reduces server load, improves latency, and prevents threats from reaching backend systems.

How does rate limiting work in Cloud Armor?

Rate limiting restricts how many requests a user or IP can make over a period, helping mitigate abuse and scraping.

Can IndiaMART block specific countries using Cloud Armor?

Yes, Cloud Armor allows geo-based access control to allow or block traffic from specific countries or regions.

How does Cloud Armor integrate with GCP logs?

It integrates with Cloud Logging and Monitoring, providing real-time analytics and threat visibility.

Did IndiaMART reduce costs with Cloud Armor?

Yes, IndiaMART optimized its subscription and policies, saving up to ₹12 lakhs annually.

What is ASN blocking in Cloud Armor?

ASN (Autonomous System Number) blocking allows the company to block traffic from specific ISPs or data centers.

How does IndiaMART use AI for behavior-based bot detection?

They analyze browsing patterns, frequency, and intent signals to separate real users from bots.

Is Cloud Armor better than traditional WAFs?

Yes, it operates at edge level, scales with traffic, and uses AI to make intelligent decisions faster.

What is the OWASP Top 10?

It’s a list of the most critical web application security risks, including SQLi, XSS, CSRF, etc.

How does Cloud Armor handle XSS and SQLi?

Pre-built WAF rules detect malicious payloads in headers, URLs, or request bodies and block them before execution.

Can Cloud Armor be used with non-Google Cloud apps?

While primarily designed for GCP, it can secure hybrid and multi-cloud apps using HTTP(S) load balancers.

What happens when Cloud Armor blocks a request?

Blocked requests are dropped at the load balancer, preventing them from reaching backend servers.

How does Cloud Armor improve eCommerce performance?

By filtering malicious traffic, it ensures legitimate buyers face no slowdowns or disruptions.

How does IndiaMART monitor traffic anomalies?

They built an internal threat analysis engine that studies request patterns and headers to fine-tune Cloud Armor rules.

Can Cloud Armor be customized?

Yes, it supports custom WAF rules, rate policies, and expression-based conditions.

What is a real-time threat map?

A visualization that shows where threats are originating from geographically, useful for geo-blocking strategies.

What role do user-agent fingerprints play?

They help identify and categorize traffic (e.g., browser, bot, or crawler) for appropriate filtering.

What is behavioral anomaly detection?

It’s the use of AI to detect unusual usage patterns such as high-frequency requests or fake login attempts.

How do you block Yandex bot using Cloud Armor?

Use a custom rule targeting Yandex's user-agent or ASN and apply a deny policy.

What is the difference between preview and enforce mode in Cloud Armor?

Preview mode lets you test policies without affecting traffic; enforce mode blocks traffic in real-time.

How can Cloud Armor improve SEO?

By blocking fake bot traffic, it ensures analytics are accurate and crawl budget is spent on legitimate crawlers.

Is Cloud Armor scalable for large enterprises?

Yes, it's built on Google’s global infrastructure and handles billions of requests per day.

Does Cloud Armor support API protection?

Yes, it secures REST APIs against abusive requests and rate-based threats.

How does Cloud Armor affect latency?

Minimal latency impact due to edge-level filtering close to users.

Join Our Upcoming Class!

Tags