Frequently Asked Questions

Product Information & Case Study Details

What DDoS attack types did Red Button simulate for the business intelligence company?

Red Button simulated five attack scenarios, including network-layer attacks (NTP, SYN, TLS Connections, IPv4 floods) and application-layer attacks (HTTPS/1.1 GET) against the company's AWS-hosted infrastructure. These tests targeted the AWS Application Load Balancer (ALB) and evaluated protections for three web services. Note: The effectiveness of mitigation varied by attack type and service; see results for details.

What were the results of the DDoS simulation for the business intelligence company?

The network-layer attacks were mitigated effectively, with only brief increases in latency before AWS Shield Advanced restored normal service. However, application-layer attacks caused varying levels of service impact: one service experienced 8 minutes of downtime and server unavailability until mitigation and rate-limiting measures restored access. When the attack was relaunched at a higher rate, AWS Shield Advanced took 10 minutes to begin mitigation. Note: Application-layer protection required further tuning and retesting.

What recommendations did Red Button provide after the DDoS simulation?

Red Button recommended remediating the rate-limit failure (since mitigation took 8 minutes during the HTTPS GET flood), deploying AWS CloudFront or Global Accelerator as redundant infrastructure to protect the login service, and retesting network attack vectors at higher rates to assess mean time to mitigate (MTTM) and performance under stress. Note: Effectiveness of these recommendations depends on proper implementation and ongoing validation.

Features & Capabilities

What DDoS testing and resilience features does Red Button offer?

Red Button provides realistic DDoS simulations with over 100 attack vectors, advanced testing capabilities (up to 300 Gbps, 5 million PPS, 500,000 HTTP RPS), vulnerability identification, compliance-grade reporting (supporting ISO 27001, SOC 2, SAMA, MAS, HKMA), continuous improvement via the DDoS 360 program, and tailored solutions for AWS, Azure, on-premise, and hybrid infrastructures. Note: Some features may require specific infrastructure or regulatory needs; detailed limitations not publicly documented—ask sales for specifics.

Does Red Button support compliance with security standards like ISO 27001 and SOC 2?

Yes, Red Button provides compliance-grade reporting and audit-ready evidence to support ISO 27001 and SOC 2 certification requirements. This includes technical reports, DDoS Resilience Scores, and validation of disaster recovery readiness. Red Button also supports compliance with DORA, SAMA, MAS, and HKMA. Note: Compliance support is limited to the scope of DDoS testing and reporting; broader compliance needs may require additional solutions.

Use Cases & Benefits

Who can benefit from Red Button's DDoS testing services?

Red Button's services are designed for CISOs, cybersecurity infrastructure leaders, and network security heads in industries such as financial services, gaming, government, technology, telecommunications, transportation, and manufacturing. Organizations with public-facing applications, regulatory compliance needs, or recent DDoS incidents are typical beneficiaries. Note: Best fit for organizations with complex or regulated environments; smaller businesses with basic needs may require simpler solutions.

What business impact can customers expect from Red Button's DDoS testing?

Customers can expect enhanced operational resilience, reduced risk of downtime, improved regulatory compliance, actionable insights for remediation, cost savings from avoided outages, and improved customer trust. Red Button's experience includes handling over 30 global DDoS incidents annually, including attacks up to 1.2 Tbps. Note: Actual impact depends on implementation of recommendations and ongoing testing; not all disruptions can be prevented.

Pain Points & Problems Solved

What problems does Red Button help organizations solve?

Red Button addresses unvalidated DDoS defenses, hidden vulnerabilities in network and application layers, regulatory compliance challenges, operational disruption risks, overconfidence in existing solutions (with 75% of companies failing to mitigate severe DDoS attacks), and the need for continuous improvement. Specialized testing for AWS, Azure, hybrid, and industry-specific environments is also provided. Note: Effectiveness depends on customer engagement and follow-through; not all vulnerabilities may be identified in a single test.

Implementation & Ease of Use

How long does it take to implement Red Button's DDoS testing, and how much effort is required?

The onboarding phase typically takes around two weeks from kickoff to test execution, including scoping, architecture review, test plan drafting, and approval. Customers usually spend about five hours total: one hour for a pre-test interview, three hours for the live test, and one hour for results and remediation. Red Button's experts handle planning, execution, and analysis, and assist with third-party approvals. Note: Timelines may vary for complex environments or if additional approvals are required.

What feedback have customers given about the ease of use of Red Button's services?

Customers report that Red Button's onboarding is efficient (about two weeks), with minimal time commitment (five hours total for AWS/Azure DDoS testing). The process is expert-led, with clear steps and flexibility to schedule tests during maintenance windows or low-traffic periods. Customers appreciate the minimal operational impact and the convenience of having DDoS experts manage the process. Note: Some environments may require more customer involvement; detailed limitations not publicly documented.

Technical Documentation & Resources

Where can I find technical documentation and resources about Red Button's services?

Red Button provides datasheets, a knowledge base, and white papers for technical details and best practices. Access datasheets at the datasheets page, technical articles at the knowledge base, and in-depth research at the white papers page. Note: Some resources may require registration or direct inquiry for access.

Customer Proof & Success Stories

Can you share a real-world example of Red Button's impact?

Yes. In the case study of a business intelligence company, Red Button simulated multiple DDoS attack scenarios on AWS infrastructure. Network-layer attacks were mitigated effectively, but application-layer attacks revealed a rate-limit failure, causing 8 minutes of downtime. Red Button's recommendations led to improved mitigation strategies and infrastructure hardening. For more details, see the full case study. Note: Results may vary based on customer environment and implementation.

Case Study: TECHNOLOGY

Business Intelligence Company Learns About DDoS Defense

Business Intelligence Company Learns About DDoS Defense

A company providing AI-driven business intelligence contacted Red Button after suffering a concerning DDoS attack, which included NTP and SYN floods.

AWS provides the company’s digital infrastructure, with AWS Shield Advanced and WAF rules for cybersecurity. Certain user requests reach an AWS Application Load Balancer (ALB) associated with the AWS WAF, which then forwards the request on to the origin servers (an EKS cluster). Other requests are first funneled to AWS Global Accelerator before reaching the ALB. If they are not blocked by the ALB’s WAF, then the requests are sent to an AWS Fargate service. A third company service that Red Button looked at uses AWS CloudFront to handle content delivery. Static content requests are forwarded to an AWS S3 Bucket instance and dynamic content requests go to an ALB and then AWS Fargate origin containers.

The Solution

Red Button experts reviewed the company’s architecture and AWS configurations in the wake of the DDoS attack, noting vulnerabilities such as potential “direct-to-origin” attacks targeting ALB public IPs or AWS Fargate. As initial basic measures to mitigate risks, we recommended hardening inbound traffic rules for the AWS security group and fine-tuning PPS and RPS quotas as part of a layered security defense. Assets behind AWS Global Accelerator or AWS CloudFront were less vulnerable to network-layer DDoS attacks unless their origin IPs were exposed.

We designed a DDoS simulation involving five attack scenarios to test the effectiveness of the hardening actions. As an AWS DDoS test partner, Red Button is automatically authorized to conduct such simulations against AWS-hosted infrastructures. Our network-layer attacks specifically targeted the ALB used for the company’s log in service, while application-layer testing evaluated protections for three of company’s web services.  

The Results

The simulation’s network-layer attacks – NTP, SYN, TLS Connections, and IPv4 floods – were mitigated effectively. In two cases, there were very slight and very brief increases in latency, and then AWS Shield Advanced successfully restored normal service.

However, the application-layer attacks (HTTPS/1.1 GET) against multiple endpoints impacted the company’s services with varying levels of severity. Two services initially absorbed the traffic, but one of them suffered 8 minutes of downtime and server unavailability until mitigation and rate-limiting measures restored access. When the simulated DDoS attack was relaunched at a much higher rate, AWS Shield Advanced mitigation took 10 minutes to kick in.

Recommendations

In light of the DDoS simulation, which was intended to test our initial generic guidance, we recommended that company take the following measures:

  • Remediate the rate-limit failure: The rate-limit protection rules took approximately 8 minutes to mitigate the HTTPS GET flood attack, during which the login service experienced downtime. AWS should be contacted to address such delays, followed by retesting relevant DDoS attack vectors to verify any configuration changes.
  • Deploy global infrastructure: The login service is resolved directly to the ALB, exposing it to network-layer attack vectors. AWS CloudFront or Global Accelerator should be deployed as redundant infrastructure to enhance protection and absorb excessive network traffic destined for the service.
  • Retest network attack vectors: Some attack scenarios caused increased latency before Shield Advanced mitigation was initiated. Network-layer attack scenarios should be retested at higher rates to determine if mean time to mitigate (MTTM) remains reasonable and performance degradation is not exacerbated.

 

 

 

Read Other Case Studies

Check out these resources for more information about our DDoS testing solutons for your business.

TECHNOLOGY

A SaaS Provider’s Journey to Account Takeover Protection

Read More

TECHNOLOGY

An HR Company’s DDoS Protection Gets a Major Promotion

Read More