Case Study National Gallery Australia

Application Security Platform Implementation

The National Gallery website, nga.gov.au, was using an American DDoS/security provider. An unannounced plan change by the provider had compromised both security and performance, leaving the gallery exposed to threats whilst degrading user experience for Australian visitors.

The gallery selected Peakhour's Application Security Platform to provide comprehensive protection for their main website and digital collection. Peakhour worked closely with gallery technical staff to implement a complete security solution, ensuring seamless migration whilst maintaining service availability during the transition.

Government Security Compliance & Threat Protection

When the Australian Government mandated comprehensive security audits for all .gov.au websites, the National Gallery needed to demonstrate robust protection against modern threats. Peakhour implemented a multi-layered security approach including advanced rate limiting to prevent bot attacks, intelligent bot management to distinguish between legitimate visitors and automated threats, and comprehensive DDoS protection with full page caching strategy.

The security platform successfully blocked thousands of malicious bot requests, prevented vulnerability scanning attempts, and mitigated multiple DDoS attacks targeting the gallery's digital infrastructure. Additionally, LLM scraping controls were implemented to protect the gallery's valuable digital art metadata and descriptions from unauthorised data harvesting whilst allowing legitimate research access.

Comprehensive Digital Asset Protection

The National Gallery had developed multiple microsites on different technology stacks over several years, each with varying security profiles:

Knowmyname.nga.gov.au
Tours.nga.gov.au
Publications.nga.gov.au
Searchthecollection.nga.gov.au

Each microsite presented distinct security challenges and potential attack vectors. Peakhour's content mounting feature enabled consolidation of these dispersed digital assets under unified security protection without requiring changes to existing web software or hosting infrastructure. Content from microsites was transparently secured under the main domain, for example:

knowmyname.nga.gov.au

was securely consolidated to

nga.gov.au/knowmyname

This consolidation significantly strengthened the security posture by eliminating multiple potential attack surfaces whilst providing consistent threat protection across all digital gallery assets. The unified approach also improved SEO performance and simplified security management for the IT team.

Secure Digital Art Asset Management

As an art gallery website, nga.gov.au houses significant high-quality digital imagery of Australia's most valuable art collection. The gallery tried to pre-optimise images as much as possible but couldn’t take advantage of the optimal format for the target device due to specific use cases. For example, they supplied super high quality images for media publications. Peakhour implemented intelligent content protection controls that could distinguish between legitimate media requests and potential content scraping attempts. A special API feature enabled the gallery to provide high-quality images for authorised media publications whilst preventing bulk downloading by malicious actors. The security-optimised delivery system achieved a ~48% reduction in file sizes for general visitors whilst maintaining full-resolution access for authenticated users.