How JD.com Secures Its 11.11 Shopping Festival: Inside the Fortress

JD.com is likened to a busy metropolis where the 11.11 shopping festival causes a massive surge of users, testing the platform’s security resilience.

Since the 2017 JD Group annual meeting emphasized “technology, technology, technology,” JD Zhilian Cloud has become the technical cornerstone, shouldering increasing responsibilities for protecting the large‑scale promotion.

The security defense is built through four key steps: wall inspection, gate reinforcement, moat construction, and tunnel reinforcement, as illustrated in the diagram below.

Baseline inspection ensures no major gaps in the fundamental layer, avoiding the “bucket effect.” The challenges are guaranteeing comprehensiveness and completing checks quickly.

1) How to ensure full coverage? 2) How to complete the inspection accurately and swiftly?

To achieve full coverage, JD Zhilian Cloud provides a unified asset management platform that centrally manages both physical and virtual assets, allowing cloud tenants to oversee all purchased resources through the native cloud‑native console.

For rapid and accurate inspections, distributed vulnerability scanning targets exposed attack surfaces, focusing on weak passwords, remote command execution, and other high‑impact vulnerabilities, while host security checks address risky configuration items. The combination of vulnerability scanning and host security ensures a solid basic layer.

Tenants can directly use website threat scanning and host security services on the cloud to perform these checks.

Key‑system hardening starts with identifying critical systems—those whose failure could block core business flows. During the promotion, focus is placed on whether scaled resources maintain original standards and whether known risks have been remediated or mitigated.

System changes are recorded in a unified deployment platform, enabling precise tracking of new deployments and verification of security measures, while unresolved risks are mitigated through security products or access‑control policies.

Red‑blue attack‑defense exercises simulate real hacker attacks to validate system hardening, uncover hidden weaknesses, and feed improvement plans.

Tenants can also reinforce critical services using cloud WAF, host security, and security attack‑defense services, conducting their own red‑blue simulations.

DDoS (Distributed Denial‑of‑Service) attacks aim to make services inaccessible, often originating from thousands of devices. With the rise of IoT, attacks grew 30.2% in 2019, and large‑scale (>100 Gbps) incidents have become common.

JD Zhilian Cloud’s high‑defense service can mitigate SYN Flood, UDP Flood, ICMP Flood, and other traffic attacks, offering TB‑level bandwidth protection through ultra‑large‑capacity data centers, near‑source cleaning, traffic throttling, and DNS refresh mechanisms.

Before each promotion, JD Cloud conducts large‑scale DDoS defense drills using its nationwide data centers, confirming the ability to withstand TB‑level attacks.

For ecosystem merchants, JD Cloud provides a modular, layered security solution covering network, application, business, and data layers, allowing merchants to select needed capabilities.

After preparation, the Security Operations Center (SOC) acts as the security brain, aggregating massive data from all security components. Using big‑data correlation and machine‑learning, the SOC enhances threat detection, analysis, and response, providing decision support for security experts.

1) Historical security data from past 618 and 11.11 events. 2) Hundreds of threat models curated by JD security experts. 3) Massive training samples and threat intelligence from JD Cloud’s diverse user scenarios.

The SOC operates 24/7, continuously correlating data from various security products, extracting precise attack signatures, improving product protection, and assisting experts in large‑scale attack investigations and decisions.