Banking & Finance WAF Bot Management DDoS Protection

Fasset secured a regulated digital-asset platform while shaving 20-30% off load times.

How Brixio secured Fasset's blockchain tokenisation platform with Cloudflare WAF, DDoS protection, bot management, and CDN optimisation, achieving 20-30% faster load times.

United Arab Emirates Tokenisation platform + APIs 4 min read
Fasset
PERFORMANCE20-30%Faster load times via CDN, Polish compression and HTTP/3
BANDWIDTH30-40%Reduction via Cloudflare Polish image compression, no quality loss
DDoS0Volumetric-attack disruptions on the platform after rollout
TELEMETRYS3 / SIEMLogpush exporting security and performance events for proactive monitoring

The challenge

Fasset operates a blockchain-based asset tokenisation platform in the UAE fintech sector. The platform handles high-value digital assets and real-time financial transactions, making security and performance equally critical.

Several specific risks had to be addressed:

  • Sophisticated cyber threats. DDoS attacks, credential stuffing, and automated bot traffic targeted the platform's API endpoints and user-facing interfaces.
  • Global performance requirements. Real-time access to asset information and transactional data demanded low latency across a geographically distributed user base.
  • High API traffic volume. The platform's API-first architecture required caching strategies that would not interfere with data freshness, plus robust protection for API endpoints.
  • Operational visibility. Continuous logging and monitoring were essential for threat management and regulatory compliance in the fintech sector.

What Brixio deployed

Web Application Firewall (WAF)

  • Managed rulesets tailored to protect financial data from SQL injection, XSS, and known vulnerabilities.
  • Custom rules blocking suspicious activities identified during the security review.

DDoS Protection

  • Enterprise-level DDoS resilience against volumetric attacks.
  • Rate-limiting on login endpoints and API access to prevent brute-force attempts without impacting legitimate users.

Bot Management

  • Machine-learning-based bot detection to mitigate non-human traffic.
  • API endpoints protected from bot-driven abuse while allowing legitimate developer access.

CDN and performance optimisation

  • Content cached across Cloudflare's global network for reduced load times worldwide.
  • Tailored API response caching based on usage patterns and traffic types.
  • Polish image compression reducing bandwidth by 30-40% while preserving quality.
  • HTTP/3 enabled for reduced connection times on high-latency networks.
  • Early Hints and Cloudflare Fonts eliminating third-party requests.

SSL/TLS and security headers

  • Full HTTPS proxying with Cloudflare certificates.
  • Origin server firewall restricted to Cloudflare IP ranges on port 443.
  • Content Security Policy (CSP) and HSTS implemented.

Logging and monitoring

  • Logpush configured to export logs to S3 bucket for SIEM integration.
  • Real-time visibility into security events and system performance.
  • Custom branded error and challenge pages.

Architecture

User, API and bot traffic converge on a single Cloudflare edge plane before reaching the tokenisation platform.

End users Global, real-time
API clients Programmatic
Bot traffic Discovery + abuse
Cloudflare edge
WAFDDoSBOT MGMTCDN
Tokenisation platform Web + UI
Public APIs Cached + rate-limited
SIEM Logpush → S3

Results

After rollout, the platform was hardened against DDoS, bots and credential-stuffing while shedding 20-30% of load time and 30-40% of bandwidth, with full security telemetry exported to SIEM.

Faster load times20-30% reduction via CDN distribution, Polish image compression and HTTP/3 protocol optimisation.
DDoS-resilient platformEnterprise-level DDoS mitigation kept the platform available with zero impact from volumetric attacks.
Automated abuse neutralisedBot management and custom rate limiting blocked credential stuffing and bot-driven API abuse.
Centralised security telemetryLogpush exports security and performance logs to S3 for SIEM ingestion and proactive threat management.
Sector perspective

Fintechs handling digital assets need security and performance treated as one stack.

Fintech platforms handling digital assets face a unique threat profile: high-value targets, API-heavy architectures, and regulatory scrutiny. This deployment demonstrates that application security and performance optimisation are not trade-offs. The combination of WAF, bot management, DDoS protection and CDN on a single platform is what VARA in the UAE and DFSA, alongside DORA and PCI-DSS for European-facing services, increasingly require for financial services.

VARA UAE DFSA PCI-DSS DORA
Application security case studiesBanking and finance
Other client stories

More Brixio × Cloudflare deployments

Banking & Finance WAF API Shield

WAF, API Shield and Bot Management on a regulated crypto platform

WAF, API Shield, Bot Management and DDoS on a regulated digital-asset platform.

Read the case study
Banking & Finance WAF DDoS Protection

Cloudflare WAF and DDoS in production in under six weeks

Cloudflare WAF and DDoS protection onboarded into production for a bank in under six weeks.

Read the case study
Entertainment WAF Bot Management

Zero-downtime WAF migration with KSA data residency

Zero-downtime WAF migration across 80+ hostnames and 5 TLDs, meeting Saudi data sovereignty requirements.

Read the case study
Your Cloudflare environment, audited

Find out where your application security stands today.

Run a free Snapshot to map your current edge exposure, identify gaps in WAF, bot management and DDoS protection, and get a prioritised roadmap from a Cloudflare ASDP partner.

Get a free Cloudflare audit Talk to a specialist