Challenges
- Battling sophisticated bad bot traffic, especially during flash sales
- Experiencing unwanted web scraping, carding attacks, and gift card fraud
- Poor end-customer experience due to slow site and server crashes
- Limited visibility into which requests were malicious vs. real customers
Results
- 100x increase in legitimate web traffic
- Mitigated vulnerabilities, stopping automated attacks and fraud
- Protected customer data and experience, improving brand loyalty and reputation
- Gained visibility into their traffic with actionable threat intelligence
Customer background
Crocs is one of the world’s top non-athletic footwear brands. With over 100 million pairs of shoes sold per year and annual sales surpassing $3 billion, delivering an exceptional customer experience is paramount.
Scott Deitz, the Senior Director of eCommerce Technical Operations, oversees various critical responsibilities, including managing back-end integrations, transactional site operations, and order management system development for Crocs’ global eCommerce sites.
Challenge: Battling automated traffic and fraud
As Crocs intensified its flash sales and collaborated with celebrities like Post Malone and Justin Bieber, the company encountered an unforeseen surge in automated traffic and fraudulent activities.
Scott recalls, “We weren’t expecting the amount of bots and the automated attacks. They got into our APIs before we launched our events. Bots were getting in and placing orders before the products went live. That was a shock to us.”
These incidents disrupted the seamless customer experience that Crocs aimed to provide, prompting Scott and his team to seek a more robust bot defense solution.
Previous infrastructure limitations
Using a rudimentary WAF and an embedded CDN, the team was limited by their tools’ static nature and lack of visibility.

