Major South Korean ecommerce marketplace

Major South Korean ecommerce marketplace protects customers and public applications against sophisticated automated threats using Cloudflare

A leading player in South Korea’s $230 billion ecommerce market — projected to grow to $336 billion by 2027 — this online retail platform serves over 27 million active users and handles 45 million monthly visits

Founded in 2000 as an open-market digital sales platform, the company delivers a wide range of consumer goods, from apparel, beauty, and electronics to fresh food and perishables, with same-day and overnight delivery options. Its focus on both variety and speed reflects shifting consumer expectations and continued growth in South Korea’s ecommerce sector.

Restoring user confidence and stopping bot-driven business disruptions

As one of South Korea’s top digital retail platforms, this ecommerce company operates in a highly competitive market where customers expect fast delivery, reliable performance, and strong data protection. While scaling to meet rising demand across South Korea’s growing ecommerce sector, the company faced increasing pressure from malicious bot traffic, volumetric DDoS attacks, and application-layer threats like SQL injection. With over US $733 million in annual sales, a large user base, and high online visibility, the platform became a prime target for attackers; especially from regional sources. These threats disrupted services, degraded performance, and introduced serious security risks that could compromise both user and platform data

“Attackers were targeting internal information, and the legacy solution couldn’t accurately distinguish malicious traffic,” explains Yonmin An, Managing Director at Bespin Global Korea. “Limited visibility and control made things worse. False positives spiked, legitimate activity was blocked, and customers abandoned purchases — hurting revenue and driving them to competitors.”

To prevent rising customer attrition rates from customer attrition rates from impacting revenue, the company overhauled its approach to securing public-facing websites, APIs, and applications. Looking for a solution to stop the attacks and restore user confidence, the company turned to Bespin Global — a top-level professional services provider and Gartner Magic Quadrant recognized systems integrator since 2017.

The brief was simple — the company wanted a solution that:

• Detected threats accurately while minimizing the false positives and disruption to genuine users
• Delivered protection through a fully cloud-based architecture without additional hardware or administrative overheads
• Ensured low-latency performance via a domestic South Korean point of presence

Bespin Global recommended Cloudflare.

Securing users and public services with Cloudflare WAF and application services

After partnering with Bespin Global to identify pain points and establish clear security objectives, the company launched a comprehensive proof of concept. The objective: find a cloud-native solution that could block sophisticated attacks, close vulnerabilities, maintain uptime, and accelerate the user experience. Cloudflare Application Security & Performance Solutions quickly stood out. During real-world testing, Cloudflare outperformed Akamai and other vendors — mitigating live attacks out of the box without custom tuning.

Following a successful evaluation, the company’s CIO approved the rollout. The security team deployed the Cloudflare Web Application Firewall (WAF) backed by:

• A 100% cloud-based architecture requiring no additional infrastructure
• Global threat intelligence powered by one of the world’s largest networks
• Machine learning–driven detection that adapts to emerging threats
• Dynamic OWASP and managed rulesets that block zero-day exploits, SQL injection, XSS, and account takeover attempts

Securing transactions and eliminating false positives to enhance customer retention with Cloudflare bot management and Turnstile

Integrating seamlessly with the WAF, Cloudflare Bot Management addressed one of the platform’s primary business challenges — the false positives and inaccurate identification of threats that blocked genuine user transactions. Leveraging multiple threat detection methods on the single-vendor Cloudflare solution — including behavioral analysis, JA3 and JA4 fingerprinting, and configurable rules — the company can now accurately identify and block unwanted traffic so their real users can purchase goods and services unhindered.

Like all Cloudflare security solutions, Bot Management and Cloudflare Turnstile are managed through a centralized control plane, making deployment and oversight efficient. Turnstile enhances the experience further by unobtrusively validating traffic without CAPTCHAs, protecting vulnerable touchpoints like login and checkout flows — while respecting user privacy.

“User-friendly Cloudflare protections help the company differentiate between harmful bots and real customer traffic,” says Daemyong Kim, Deputy General Manager at Bespin. “By challenging suspicious traffic and reducing false positives, Cloudflare has helped us enhance the customer experience, improve customer retention, and reduce lost revenue.”

Mitigating DDoS attacks and eliminating latency on the Cloudflare network

Cloudflare DDoS protection provides the final layer of public security, shielding the digital platform against automated threat actors and targeted high-volume hostilities. Using the unmatched capacity of the Cloudflare network — 388 Tbps across 335 global points of presence — to protect applications, networks, and cloud data centers, the company can weather even the largest of denial of service attacks without disruption. With data centers in Seoul and across the Asia-Pacific region, users benefit from sub-50ms latency, ensuring fast and consistent access to the platform, regardless of traffic conditions or attack volume

“By modernizing their application security posture with Cloudflare — including protection against sophisticated and AI-driven threats — the company regained control of the platform and restored user confidence, all without adding hardware or complexity,” An adds.

Switching to Cloudflare, the online marketplace experienced measurable benefits. These include blocking almost 100% of all DDoS attacks and malicious bot activity on the network edge and achieving service and availability gains that reduce application response and page load times by over 50%.

With Bespin Global continuing to provide hands-on technical advice after the rollout — customizing detection logic, and tuning security and WAF policies based on live data and business needs — the company has also reduced the need for manual rule maintenance, improved internal efficiency, and restored trust in the platform’s performance and reliability.

According to An, “The improvements led to a drop in user access-related voice of customer (VOC) complaints and a consistent rise in both revenue and platform traffic.”

Partnering with Cloudflare and Bespin, the company has created a safer and faster online shopping experience. Looking forward, they plan to continue enhancing security and services, further securing the public platform with defensive AI and using Cloudflare’s Zero Trust Network Access and Security Service Edge (SSE) platforms to protect employees, applications, and internal resources in the connectivity cloud.