Our DDoS Testing services help you verify the effectiveness of your DDoS mitigation strategy by simulating real-world DDoS attack scenarios in a controlled environment.
Unlike other testing services, we don’t stop at executing tests and providing results, but rather help you translate results into actionable activities to improve your security posture.
Test Your Preparedness Against All Types of Attacks
Our testing service simulates deep multi-vector DDoS attacks, testing against the following attack categories:
We generate multi-gigabit attack traffic from multiple global locations, testing your ability to withstand extreme and sustained throughput, connection, and packet loads. Our tests apply the same load patterns as attackers, such as large UDP packets and SYN flooding.
Application Layer Attacks
Our testing platform generates traffic to overwhelm your web server tier, such as excessive HTTP/S GET or POST requests to selected URLs that test your mitigation solution's resistance to resource exhaustion.
These attacks, such as SlowLoris, R.U.D.Y., and SSL-Renegotiation are hard to detect because they use low resources. These test scenarios verify that your infrastructure is protected against these types of vulnerabilities.
The most comprehensive and effective threat simulation service.
How is Our DDoS Testing Different?
|mendations||Full gap analysis including actionable recommendations||No gap analysis. A "dry" report with a pass/fail grade for the mitigation of each attack vector.|
|Testing method (learn more)||“White-box” testing. We analyze your entire network architecture and decide on the most relevant attack vectors to perform. This maximizes the value of both the testing and actionable recommendations.||Most vendors use a red-team/blue-team approach (RT/BT). The Red Team are DDoS testers who try to take the site down; and the Blue Team are defenders who try to mitigate attacks. The test is a “black-box”, with minimal to no information about the system being tested.|
|Taking the next step||We offer complementary services, including consulting, DDoS training and incident response to help you improve your readiness.||One-off testing without additional services to help you close any gaps.|
|Test results||Red Button uses the DDoS Resiliency Score (DRS) which is an open standard, facilitating an objective result.||No standard. Typically, do not adhere to a test standard, or alternatively use a proprietary closed standard that cannot be challenged by customers or the industry.|
A Controlled DDoS Testing Process
Our simulated DDoS attacks are both legal and safe. Attacks are securely executed using dedicated servers and are controlled and monitored using our management console, including an emergency Stop button to instantly kill a simulated attack if .
Controlled DDoS Attack
Summary & Recommendations
|Our experts meet with your team to understand your
network architecture, assemble technical details, define clear goals and test schedule. This includes planning the DDoS test scope and targets, attack vectors, and attack rates. The joint planning effort is detailed in the DDoS Test Plan document.
|Based on the defined goals, our team launches multi-vector DDoS attacks that may incorporate any combination of volumetric attacks, application-layer attacks and Low-and-Slow attacks.
The test typically lasts between 3 to 6 hours.
|We provide you with a written DDoS Testing Report outlining
the effectiveness of your existing DDoS mitigation solution.
The report includes an executive summary of the test results,
a complete log of the simulation, a list of vulnerabilities within your infrastructure and recommendations on how to correct them.