How Sam Ash Tunes Out DDoS Attacks With AI-Powered Bot Protection

24/7 AI-powered protection

against bad bots

Improved website performance

during peak demand

Easy PCI DSS 4.0 compliance

Bot management Agentic AI Cyberfraud DDoS Payment fraud Retail & e-commerce

Sam Ash, a leading online seller of musical instruments, was experiencing high volumes of bot traffic, putting it at risk of denial of service attacks. The company wanted to reinforce its security posture and was recommended DataDome for its AI-powered, real-time protection. The integration was fast, the impact immediate, and the solution now runs on autopilot, freeing the IT team from manual oversight. Their website performance improved noticeably, and DataDome has become a trusted partner that helps Sam Ash stay secure, compliant, and focused on its customers.

“DataDome gave us confidence we were protected and compliant without having to constantly manage or monitor. It runs in the background and lets us focus on everything else."

Susan Freed

Director of Information Technology at Sam Ash

The challenge: A denial-of-service attack during the peak holiday sales season

In late 2021, just ahead of the busy holiday season, the iconic American music retailer Sam Ash was targeted by a denial-of-service attack. At the time, the company was operating under previous ownership and had recently migrated its e-commerce platform to a new CDN that was supposed to include bot protection.

“We thought we had everything covered,” recalls Susan Freed, Director of Information Technology at Sam Ash. “But when we took a closer look, it became clear there were gaps.”

That situation led Sam Ash to DataDome. The IT team needed a solution that could be deployed quickly, address immediate threats, and restore stability before the peak season. They were also looking for a long-term partner who could adapt to the evolving threats and a tool that didn’t require much oversight.

The solution: Fast deployment & real-time bot mitigation with zero disruption

Integrating DataDome into the company’s infrastructure was very simple. Once deployed, protection was immediately in place and has continued to work for years. This was a relief for the Security team as they approached peak sales season.

“We installed DataDome in November, and honestly, there was a risk that it could have blocked potential sales. Fortunately, everything went smoothly, and even today, the protection works on its own,” says Susan.

In addition to bot detection and mitigation, Sam Ash secured key customer-facing flows like login, checkout, and registration, and ensured they were meeting PCI DSS 4.0 compliance. To address the client-side requirements (6.4.3 and 11.6.1) for script discovery, inventory, documentation, and monitoring, Sam Ash leveraged DataDome’s partnership with Source Defense. This extended their protection against advanced threats such as credential stuffing and carding attacks.

This is precisely why DataDome was the ideal solution for Sam Ash, which was able to not only protect itself from online attacks but also completely offload bot management with the confidence that the job would be done right.

“DataDome is one of those tools we don’t have to think about. It’s doing its job in the background, quietly and effectively,” says Susan.

The results: Enhanced visibility, cleaner traffic, & PCI DSS 4.0 compliance

After deployment, Sam Ash used DataDome to better understand and manage its automated traffic. Susan’s team took full advantage of the platform’s visibility and controls to refine its traffic.

“This exercise gave us both clarity and control,” Susan explains. They audited all bot activity across their domains, distinguishing legitimate traffic (such as compliance scanners and search engines) from unwanted automation.

This cleanup aligned with regulatory needs, but also resulted in a noticeable improvement in website performance. “Performance wasn’t really an issue before,” Susan explains, “but once we cleaned up the bot traffic, we noticed things running better.”

Equally important, the IT team gained peace of mind. DataDome now monitors and protects Sam Ash’s login, payment, and registration flows in real time, automatically blocking threats like credential stuffing, scraping, and carding attempts without impacting the customer experience.

Today, Sam Ash continues to partner with DataDome, and Susan is currently evaluating Account Protect for protection against both bot and human-driven ATO. For her and her team, the relationship is built on trust, responsiveness, and simplicity.

“We haven’t had any issues. When we need support, the team is there. And most of the time, we don’t even have to think about it.” That’s the kind of peace of mind every IT leader wants, especially in a world where bots and fraudsters never stop.

If you want to secure your platform against cyberfraud, test your site now to see how it stacks up against bots.