“DDoS mitigation without DDoS Testing is like software without QA”
Can Your Defense-Lines Stand a DDoS Attack?
Can you estimate how long it will take from the moment an attack is launched until you can detect it and begin resolving it? Strategy and planning are critical. Yet, to really ensure that your mitigation provides the right protection, you must test it under a realistic DDoS attack. Our DDoS testing platform is the answer.
Red-Button’s DDoS Testing service
Our service enhances your DDoS readiness by simulating attacks in a secured, controlled manner. Using proprietary cloud technology, our DDoS test simulation specialists generate multi-vector DDoS attacks and try to breach your defense systems.
With our DDoS Penetration Testing Service, You Can:
- Realistically assess your DDoS protection readiness, prior to a real attack
- Identify weakness points and improve your protection level
- Increase your confidence level for the day of a real attack
- Drill your engineering teams and managers
Types of Attacks Generated
Building on our expertise protecting against hundreds of DDoS attacks, we generate realistic attacks simulating the most recent attack trends. Your system will be tested for the following attack categories:
Volumetric DDOS attacks:
Our platform can generate a multi-gigabit attack traffic from multiple global locations. By doing that, we can test your ability to withstand extreme and sustained throughput, connection, and packet loads. We apply the same load patterns as attackers, such as large UDP packets and SYN flooding.
Application layer DDOS attacks:
We use our DDoS testing platform to overwhelm your web server tier. We generate excessive HTTP/S GET or POST requests to selected URLs, in order to test your resistance to resource exhaustion.
Attackers can create extremely effective attacks using very low resources, such as DNS, SMTP, or NTP amplification/reflection attacks. Our DDOS penetration testing plans include similar test scenarios. This fact allows us to verify that your infrastructure is protected against such unexpected vulnerabilities.
How We Perform Attacks
Our simulated DDoS attacks are both legal and safe. All attacks require customer consent in writing and are performed based on planning session goals and an agreed-upon schedule. To perform an attack, we use dedicated co-located servers (with absolutely no compromised hosts) and agents distributed globally. We use our management console to control the attack; if necessary, an emergency Stop button can instantly kill a simulated attack.
During this phase, we meet with your team to understand the structure of your system, assemble technical details, and define clear goals and the exact schedule of the test.
CONTROLLED DDOS ATTACKS
Based on the defined goals, we launch multi-vector DDoS attacks. The attacks can include any combination of volumetric attacks, application -layer attacks, and low-and-slow attacks. The test lasts between 2 and 6 hours.
SUMMARY & RECOMMENDATION
The summary phrase includes an f2f meeting and a written report summary. The report outlines the effectiveness of your existing DDoS mitigation solution. In addition, it points out vulnerabilities within your infrastructure and provides recommendations for amending them.
Attack Vectors Perspective
Our DDoS simulation covers the following attack vectors: Based on the defined goals, we launch multi-vector DDoS attacks that can include any combination of volumetric attacks, application-layer attacks, and low-and-slow attacks.
Several companies and security consultants offer DDoS simulation services; however, Red Button is so focused on DDoS that our advantage is clear.
Other services' providers
|Total DDoS Service.|
The DDoS simulation will reveal, to many organizations, that they have gaps to cover. Red Button does not stop there; it offers all the tools and services to close these gaps. By doing that, we continue with the customer throughout the entire DDoS cycle. This includes architecture, vendor selection, training, and more.
For many providers, DDoS is not their main focus. These providers also do vulnerability assessment and phishing simulation. Hence, they will not provide consulting, training, and DDoS fully managed services. As a result, and after the test, you are basically on your own.
Red Button uses the DDoS Resiliency Score (DRS), which is an open standard, facilitating an objective result.
Other DDoS providers do not have a test standard at all. Furthermore, they don't use a proprietary closed standard that you or the entire industry can challenge.
|Virtual DDoS Simulation|
You cannot always put all your assets into a DDoS simulation. Therefore, in this case, Red Button offers a unique “virtual” DDoS simulation tool. This tool can tell you where you stand in a white-box “dry” approach.