+971 58 556 5766
Book a demo
Menu
Book a demo
Connect with us to explore our solutions or request a personalized offer

How We Enable an International Pizza Chain to Deliver an Exceptional Customer Experience

06 May, 2026 | 5 min
On-premises Protection Against Carpet Bombing DDoS for a⦁Major ISP
When an international fast-food pizza chain launched a major restructuring of its IT infrastructure, multiple incidents exposed the ineffectiveness of its existing web security.
"Our core business is franchise development, creating IT solutions for business automation, and ultimately, pizza production. These are things we do well. Therefore, our developers handle the key app features. For other services, we try to use third-party IT solutions in which we aren't experts. DDoS and bot protection is exactly that. It needs to be stable and efficient, requiring no additional attention or configuration on our part."

Head of InfoSec, Pizza Chain

Challenge

Stable protection for website, mobile app, kitchen tracker, and API from malicious automation:

  • Protection against application-based DDoS attacks on L7
  • Protection against bonus system fraud through bulk orders
  • Protection against SMS pumping

Ensuring that the mobile app—with web protection enabled—loads and launches within two seconds.

Solution

On-premises implementation of Strictera WAAP that instantly detects all types of automated threats to web applications and learns new malicious traffic patterns.

App load time is a performance metric that directly impacts the pizzeria’s customer experience and, consequently, the chain’s revenue. Users don’t like to wait, so fast app loading is key to customer retention. Slow app loading is a common cause of high customer churn. Ultimately, pizzeria app load time was one of the key factors in choosing an alternative protection solution.
"Load time for the protected pizzeria app is a key user metric we used to compare different providers. Strictera had the best performance—from the moment a user tapped the app icon on the smartphone screen until the pizzeria menu appeared, it took no more than two seconds."

Head of InfoSec, Pizza Chain
One of the issues that arose after enabling protection was the attackers exploiting the API’s SMS sending endpoints. Sending confirmation SMS during authorization is a paid service for business owners. Moreover, sending authorization SMS requests is not the most common request sent by application users.

It’s worth noting that both the pizzeria mobile app API and the website code have built-in protection against SMS pumping fraud. However, the botnet that attacked the pizza chain websites disguised itself as legitimate payloads when sending requests. Furthermore, undetected SMS pumping is dangerous given the exponentially higher costs of SMS.
A botnet adapted to the Strictera WAAP filtering
A botnet adapted to the Strictera WAAP filtering
"When there are thousands of simultaneous SMS requests, they’re easy to detect and block. But when requests from intelligent botnets are few and slow, advanced bot detection tools are required."

Head of InfoSec, Pizza Chain
The SMS pumping attack on a pizza chain was a low-frequency attack that immediately required the close attention from Strictera analysts. They first identified the characteristic features of the malicious SMS requests and then conducted unscheduled additional training to effectively combat the advanced botnet.

After further training, the number of authorization SMS messages returned to normal. Daily fluctuations no longer have abnormal spikes, and all bot traffic is immediately detected and blocked.
Excluding botnet requests from traffic after training the Strictera WAAP filtering system
Excluding botnet requests from traffic after training the Strictera WAAP filtering system
"Due to the popularity and scale of our business, daily vulnerability scanning of our web resources has become the norm for us. But now we are reliably protected. Firstly, we are protected by a rather specific technology stack: most vulnerabilities are simply inapplicable to us due to the specifics of our IT architecture. Secondly, the logic of our application code provides additional protection against some automated threats. And thirdly, Strictera WAAP and the prompt support from your team of analysts help us against complex low-frequency attacks."

Head of InfoSec, Pizza Chain

Results

  1. Stable protection against DDoS attacks and bots for 5 web resources.
  2. Uninterrupted operation of the online pizza ordering service.
  3. Application load time with Strictera protection enabled: less than 2 seconds.
  4. No impact on customers' user experience.
  5. Highly accurate detection and filtering of SMS pumping attacks.
  6. Reduced SMS aggregator costs for authorization messages.
"For us, the ideal web security service is one that works effectively, and the last time we contacted technical support was six months ago. We use Strictera because of its stable protection and mature solutions: you have a streamlined onboarding process, well-established technical support, and advanced training for the filtering system for specific cases. Overall, everything is transparent and competent. Another advantage of Strictera is the ability to directly communicate with your developers and analysts. This is extremely important to us."

Head of InfoSec, Pizza Chain

Book a demo to see Strictera WAAP in action

Book a demo
Strictera
Strictera
Innovative, scalable, and cost-efficient cybersecurity solutions to safeguard your networks, websites, apps, and APIs from evolving threats

Contact us by email:

sales@strictera.com

Call the number:

+971 58 556 5766

Book a demo

Connect with us to explore our solutions or request a personalized offer
Table of contents
    Book a demo

    Connect with us to explore our solutions or request a personalized offer.

    Book a demo