In his 2004 book, The Paradox of Choice, American psychologist Barry Schwartz explains how we get overwhelmed when we have “too many options.”
To cope, we narrow our choices automatically, based on previous experience, or we consciously eliminate certain items and create a self-defined, smaller set of options.
How does this relate to cyber security?
As a cybersecurity expert, you, too, are presented with an overwhelming number of “many options.” Consider what goes on in a SOC team before and after the appropriate technology – which also must be chosen - is in place.
The SOC paradox of choice extends in two directions:
The first “many options” problem – Selecting the right technology
- The choice among the myriad technical solutions need to be addressed.
- Your team doesn’t have the time to examine all the potential SOC system choices on the market.
- You need to depend on internal and external experts to determine the right technologies to streamline decision making.
Second “many options” problem - Tuning the selected technology
- Once an effective combination of technologies is installed, it has to analyze thousands of alerts per day, eliminating false positives and prioritizing alerts for the team to take action on.
Applying these concepts to DDoS Testing
DDoS testing vendors offer different DDoS testing menus, listing many types of DDoS attacks you can run with their platform. Many options are available — thousands of DDoS tests exist, with more variations than you can count.
Cybersecurity teams are already being tasked to do more with less. With resources already spread thin, finding the time to get up to speed on which of the many DDoS tests are most effective just isn’t possible; for example, this Layer 4 vs that Layer 4 attack or which Layer 7 attack would validate my environment etc.
In this case, the paradox of choice is overwhelming, too “many options”!
Another pitfall is getting lost in the cycle of testing myriad solutions, where the selection process almost becomes an end in itself.
You don’t have the time or the resources to decide which tests are most meaningful. You know the tests need to be effective, but you may not have the skillset to determine which ones are most effective – as in, each test needs to give you a clear picture about where and whether your system is working and identify the specific points of failure.
You also have a limited timeframe on when to run DDoS attacks against your environment; you may only have a 3-to-6-hour maintenance period annually or bi annually.
Manage the paradox of choice with managed services
Reduce your paradox of choice. As you did with choosing your SOC technology, turn to the experts for your DDoS testing.
You want to use a DDoS testing methodology that’s managed and refined from thousands of hours of testing all major mitigation systems and validating their effectiveness.
It’s not about testing the many but rather about using the tests that will most efficiently and quickly identify weakness in your DDoS mitigation system. A DDoS-testing managed service provider will do just that.