What’s Your DDoS Threat Level?
As a cybersecurity professional, you always want to assess your risks accurately, so you can know how to focus your efforts and limited time.
When it comes to Distributed Denial of Service (DDoS), we’ve found that there are three essential questions that need to be asked:
- How can you evaluate your company’s DDoS threat level?
- Which type of DDoS attacks should you be able to withstand?
- How does your current DDoS protection level compare to the protection of other companies in your industry?
The DDoS Resiliency Score (DRS) standard helps answer these questions, so you can better understand the risks, your current level of protection, and what security improvements – if any – would be desirable.
The DDoS Resiliency Score: 7 Levels of Attacks
The DDoS Resiliency Score (DRS) is an open standard, which provides an objective yardstick for measuring, comparing, and assessing DDoS threat and protection levels at individual companies and across industries.
The DRS defines seven ascending levels of DDoS attacks. Each level introduces an increased threat, with additional types of attacks, more sophisticated attack vectors, and increased traffic volumes. Similarly, the requirements on the defending side increase, with each level requiring a shorter mitigation response time.
Based on our experience mitigating DDoS attacks targeting companies across multiple sectors, we have determined that different industries face different DDoS threat levels.
Our data indicate, for example, that the finance and gaming industries are prone to the most sophisticated DDoS attacks (except those launched by state-backed actors). This is substantiated by various industry reports, which also note that companies in the financial industry were the most attacked both in America and EMEA during 2022.
How to Identify Your Current Protection Level?
By conducting DDoS simulation testing, you can determine your current protection level with an accurate DRS score.
For example, after a recent simulation test running six different attack vectors, a company in the gaming industry received a DRS score of 4.0. The industry-wide threat level at the time was 6.0.
The security team at the gaming company hardened its DDoS protection in accordance with Red Button recommendations based on the results of the simulation. A second, follow-up simulation was executed, with the observed DRS score increasing to 6.5.
An additional score we provide during simulation testing is the average protection level of other companies in the same industry. This allows you to assess your protection measures in comparison with those of your corporate peers.