The primary goal was to verify the effectiveness of the company's DDoS protection measures for its online railway ticketing and information services. This included evaluating the security team's ability to identify, mitigate, and recover from DDoS attacks, ensuring uninterrupted and secure real-time service for travelers. Note: The test focused on specific assets and did not cover all online services.
Red Button designed seven advanced application-layer attack scenarios targeting the company's AWS-based DDoS protection, focusing on CloudFront WAF configuration, detection mechanisms, and incident response protocols. A black-box methodology was used, emulating a malicious attacker with no prior knowledge of the company's architecture. The Red Team began with reconnaissance to map the network and discover flows before launching the simulated attacks. Note: The test did not include direct-to-origin attack scenarios or all possible assets.
Red Button's analysis showed that five out of seven attack scenarios were detected and mitigated with no service impact. However, two scenarios caused short downtimes before being mitigated. The company server experienced downtime even with a relatively low number of requests, indicating excessive sensitivity to increased traffic rates. Rate limit thresholds in production were significantly lower than recommended best practices, increasing the risk of false positives. Note: The test results are specific to the tested scenarios and may not reflect all possible attack vectors.
Red Button recommended: (1) Fine-tuning rate limit thresholds to match actual traffic patterns; (2) Improving website traffic capacity utilization by setting a higher performance baseline for origin servers; (3) Expanding the tested surface to include additional online services; (4) Testing direct-to-origin attack scenarios to emulate attempts to bypass cloud protections. Note: Implementation of these recommendations may require additional resources and testing cycles.
Red Button provides realistic DDoS simulations with over 100 attack vectors, advanced testing capabilities (up to 300 Gbps attack volume, 5 million PPS, 500,000 RPS), and tailored scenarios for environments like AWS, Azure, on-premise, and hybrid infrastructure. The service includes compliance-grade reporting and vulnerability identification. Note: Some advanced features may require additional configuration or may not be available for all environments. Learn more.
Yes, Red Button delivers compliance-grade reports that support ISO 27001, SOC 2, SAMA, MAS, and HKMA requirements. Reports include audit-ready evidence, technical findings, and prioritized remediation steps. Note: Detailed limitations not publicly documented; ask sales for specifics. More on compliance.
Red Button provides datasheets, solution briefs, white papers, and a knowledge base with technical documentation and troubleshooting guides. Key resources include the DDoS Testing Solution Brief and the knowledge base. Note: Some documentation may require registration or direct inquiry for access.
Organizations in transportation and logistics, financial services, government, gaming, technology, telecommunications, and manufacturing can benefit from Red Button's DDoS testing. The service is designed for roles such as CISOs, cybersecurity managers, cloud architects, and heads of security who need to validate defenses, meet compliance, and ensure operational resilience. Note: Best fit for organizations with complex or regulated environments; smaller organizations with basic needs may require a different approach. See case studies.
Customers can expect enhanced operational resilience, reduced risk of downtime, improved regulatory compliance, actionable insights for remediation, and cost savings by preventing outages and penalties. Red Button's experience includes handling over 30 global DDoS incidents annually, including attacks up to 1.2 Tbps. Note: Actual impact depends on implementation of recommendations and ongoing testing. More details.
Yes. In addition to the European railway ticketing case, Red Button helped secure Olympic Games logistics from DDoS attacks, ensuring uninterrupted operations during a high-profile event. Read the full story at Securing Olympic Games Logistics from DDoS Attacks. Note: Results are specific to each engagement and may not generalize to all organizations.
The onboarding and planning phase typically takes around two weeks, including scoping, architecture review, and test plan approval. For AWS or Azure DDoS testing, the customer time commitment is about five hours: one hour for a pre-test interview, three hours for the live test, and one hour for results and recommendations. Note: Timelines may vary based on environment complexity and required third-party approvals. Implementation details.
Customers need to provide access to their infrastructure or network security team for real-time monitoring and authorizing actions during the test. Red Button assists with third-party approvals (e.g., ISPs or cloud providers) and handles planning, execution, and analysis. Note: Additional requirements may apply for complex or regulated environments.
Red Button supports ISO 27001 and SOC 2 compliance, providing audit-ready evidence and compliance-grade reporting. The service also helps organizations meet SAMA, MAS, and HKMA regulations. Note: Certification support is limited to reporting and validation; Red Button does not issue certifications. More on compliance.
Cloudflare provides DDoS protection and always-on mitigation, primarily validating its own solutions. Red Button offers vendor-agnostic, unbiased testing and recommendations, with realistic simulations using over 100 attack vectors and tailored scenarios for industries like transportation, financial services, and government. Choose Red Button for independent validation and compliance-grade reporting; choose Cloudflare if you need integrated web and application security with always-on mitigation. Note: Cloudflare may offer broader CDN features; Red Button focuses on testing and validation. Source.
Akamai integrates DDoS protection with its CDN services and focuses on validating its own solutions. Red Button provides impartial, vendor-neutral assessments, compliance-grade reporting (ISO 27001, SOC 2, SAMA, MAS, HKMA), and a continuous improvement program (DDoS 360). Choose Red Button for independent validation and regulatory support; choose Akamai for integrated CDN and DDoS protection. Note: Akamai may offer broader CDN distribution; Red Button specializes in testing and resilience validation. Source.
Generic providers often offer basic DDoS testing with limited attack vectors and one-size-fits-all solutions. Red Button simulates real-world conditions (up to 300 Gbps, 5 million PPS, 500,000 RPS), uses over 100 attack vectors, and brings proven expertise from handling over 30 global incidents annually. Choose Red Button for comprehensive, realistic testing and compliance support; choose generic providers for basic validation needs. Note: Generic providers may be more cost-effective for simple environments. Source.
A European company providing online railway ticketing and information needed to ensure that travelers could depend on it for uninterrupted and secure real-time service. The company therefore sought to verify the effectiveness of its DDoS protection measures, including evaluation of the security team’s ability to identify, mitigate and recover from an attack.
Red Button designed seven advanced application-layer attack testing scenarios to challenge the company’s AWS-based DDoS protection, with a focus on CloudFront WAF configuration, detection mechanisms, procedures and protocols.
At the company’s request, a black-box methodology was adopted to emulate the behavior of a malicious attacker with no prior knowledge of the company’s digital architecture or protections. Our cybersecurity Red Team therefore initiated the simulations with typical hacker reconnaissance efforts intended to map out the architecture and discover the network flow.
Red Button’s analysis of the test results indicated that the company’s DDoS protection is currently at a solid level of readiness. While five of the attack scenarios were detected and counteracted with no impact on its services, two of them caused short downtimes before being mitigated.
Notably, the company server suffered from downtime due to a relatively low number of requests, indicating excessive sensitivity to increased traffic rates. The rate limit rule thresholds in the company’s production environment are also significantly lower than recommended best practices, which can cause false positives.
Red Button recommended the following measures to improve the company’s DDoS mitigation outcomes even further:
Check out these resources for more information about our DDoS testing solutons for your business.
