DDoS Mitigation Needs Continuous Fine Tuning
DDoS mitigation technology is designed to block the most common DDoS attack vectors in the wild, automatically. However, data from over 1,000 BaseLine DDoS tests that MazeBolt conducted indicates that 97% of the companies testing their mitigation for the first time experienced disruption or downtime. This shows that mitigation most often isn't configured correctly.
The most common reason for this disparity is that for mitigation technology to work, its configuration needs to perfectly match the target network it is protecting. Because companies’ network environments are dynamic and constantly changing, they're adding new services and opening new vulnerabilities – these mitigation configuration settings need to be continuously fine-tuned.
The most effective and efficient way to identify mis-configured DDoS mitigation is to test your mitigation with real DDoS testing and allow your vendor to fix the vulnerabilities identified.
Traditional DDoS Penetration Testing (PT) – Disruptive to Ongoing Operations/limited in scope
Up to now, traditional DDoS PT required running DDoS tests that simulated real DDoS attack vectors against a company’s publicly available website. Any disruption to the company’s website indicates the DDoS mitigation isn’t working properly and highlights a vulnerability to the DDoS attack vector tested.
The disruptive nature of traditional DDoS PT means that it can only be run during maintenance window that typically last 3 hours and require “all hands on deck” in case of disruption to ongoing IT services, thus:
- Reduced Diligence - Significantly limiting the frequency of testing to once or twice a year
- Limited Attack Surface Coverage - Small fraction of attack surface verified i.e. up to 5 IPs can only be tested partially.
- Limited Number of vulnerabilities Identified - It takes around 3 hours to run 18 DDoS attack vectors.
- Major Disruption - All staff are required to be on standby at abnormal hours for Traditional DDoS PT.
"97% of Companies have vulnerable DDoS mitigation systems deployed and if attacked will likely face periods of downtime. Testing that mitigation and closing those DDoS Mitigation Gaps is also very disruptive, and also causes downtime with Traditional DDoS Penetration Testing.
That's over now!"
Matthew Andriani, MazeBolt Founder & CEO
The MazeBolt DDoS Radar (DDR) – The only Continuous 24/7 DDoS Mitigation Gap Detection & Non-disruptive Testing Product
MazeBolt’s "DDoS Radar" is based on proprietary revolutionary Non Disruptive DDoS Testing Technology, that allows companies to test their environments against DDoS attack vectors continuously 24/7 without any disruption to ongoing operations.
Because of its non-disruptive technology, DDoS Radar can complete over 50,000 DDoS attack simulations during the year, whereas traditional DDoS PT usually covers only 50 DDoS attack simulations.
The DDoS Radar continuously 3D monitors all of an organisation's IP addresses to establish a big data understanding of their health. The DDoS Radar then in an ongoing manner gradually launches DDoS attack simulations against the organisation's environment, while in real-time measuring attack leakage i.e. Potential DDoS Mitigation Gaps, and if during the testing, any slight degradation in the health of the tested environment occurs, testing halts immediately and reports are provided for post analysis. This allows for ongoing certainty of any IT infrastructure to be quickly secured as new DDoS Mitigation Gaps are identified.
The DDoS Radar perfectly complements all existing DDoS mitigation solutions allowing companies:
- ZERO disruption or impact to ongoing IT systems during DDoS mitigation Gap detection
- Continuous 24/7 DDoS Validation
- Exponentially more DDoS vulnerabilities tested
For more information about the DDoS Radar and a demonstration of the Non-Disruptive DDoS Testing see here.