Why DDoS Testing is Just Not Enough

Understanding DDoS Testing and its importance in today’s security landscape

DDoS attacks and the ensuing challenges such as downtime, loss of revenue, and customer goodwill, have created a niche for DDoS testing as an exclusive, mandatory security requirement.

The importance of DDoS testing, can be understood in a blog that GitHub put out in 2014 after it suffered a massive DDoS attack that saw incoming traffic at a rate of 1.3 Tbps. The DDoS attack which went on for over 2 hours, made GitHub completely unreachable.

This painful attack, according to GitHub, was mitigated. However, the damage had been done in spite of mitigation postures. This paved the way for transformation, and GitHub investigated ways to simulate attacks in a controlled environment, to test their countermeasures. They invested in testing on a regular basis to build additional confidence in both their mitigation tools and to ensure improved response time going forward. To summarize, GitHub would rely on testing and automation to ensure resilient infrastructure. 

However, in 2018, four years later, GitHub suffered the biggest DDoS attack to date. At its peak, this attack saw incoming traffic at a rate of 1.3 terabytes per second (Tbps), sending packets at a rate of 126.9 million per second.

To understand why DDoS Testing could not prevent further attacks for GitHub requires a basic understanding of how DDoS Testing works. 

DDoS Testing follows four steps:

Scoping: The Test Plan template is designed during this starting phase where all that needs to be protected including 3rd party applications are identified. The template includes necessary information with regard to counter measures and identifies roles and lines of responsibility. The template is circulated to all concerned.

Design: The targets are analyzed from the attacker’ point of view and target profiles are created. This helps to uncover variations in attack format and helps to create the test plan.

Implementation: The tests are created in the testing platform and parameters will be entered and tested at low levels to ensure that all risk factors are considered.

So why is DDoS testing NOT a complete solution to ensure DDoS mitigation effectiveness?

Testing is invariably performed around twice a year. As static tests, it is done on dynamic environments that are constantly changing due to website upgrades, new applications, etc. hence their conclusions are not timely and do not hold good for extended periods of time (generally less than 1-2 months).

Some of the other challenging factors that need to be kept in mind are:

  1. DDoS testing’s capability to detect DDoS risks before attacks is limited
  2. During testing, there will be disruption to ongoing operations
  3. The number of DDoS attack vectors covered is less than 20
  4. Coverage of Web facing IP Addresses is normally limited to around 4.
  5. Vulnerability re-validation is limited to once a year, leaving the organization vulnerable for the rest of the time.
  6. Finally, there is no proactive DDoS security.

Additionally, the key factor before or during an attack is the human factor.  The security engineers, when busy battling an attack, will not be able to monitor other activities creating a `blind spot’ which DDoS actors can exploit to penetrate the organization.

The DDoS Vulnerability GAP

The Gap occurs whenever DDoS traffic bypasses a company’s DDoS mitigation defenses to penetrate the target network causing system disruption and downtime.

MazeBolt’s DDoS Security Platform closes the gap by working as a non-disruptive top layer on any DDoS Mitigation system. Through continuous identification and remediation of the mitigation system’s vulnerabilities and not just the human readiness to an attack. Ultimately avoiding downtime and almost eliminating inline mitigation vulnerabilities before an attack happens and without the need for disruptive maintenance windows.

About DDoS RADAR

DDoS RADARⓇ  is a MazeBolt’s new technology, patented solution, and is part of our overall platform. RADAR provides a top layer to any DDoS mitigation system and validates that attacks can be identified by the underlying DDoS mitigation through performing continuous DDoS threat simulations, without any disruption or need for maintenance windows. Ensuring that companies address DDoS threats before any attack rather than addressing them during an attack in real-time as all current standalone DDoS mitigation systems do. This reduces and maintains the vulnerability level from an average of 48% to under 2%.

Here is a quick reference chart on the differences between Traditional DDoS testing and MazeBolt’s RADAR

01-MB-Table-Design-01

About MazeBolt

MazeBolt is a leading innovative cyber security company, and part of the mitigation space.

Offering full DDoS risk detection and elimination. Working with any mitigation solution  to provide end to end full coverage.

Avoiding downtime and eliminating mitigation vulnerabilities before an attack happens.

 

Picture of Yotam Alon

About Yotam Alon

Yotam is the Dev Lead at MazeBolt and is in charge of all R&D activities, infrastructure and security. With five years in the security industry, Yotam brings fresh perspectives and insights into current technologies and development flows. He holds a BSc. in mathematics and philosophy and enjoys hitting the archery range in his spare time.