Case Study

Global Payment Processor

RedWolf® uses a number of advanced DDoS tactics from their experience performing exercises with a variety of organizations

Background:

The Problem

As one of the largest online payment processors covering online credit, debit, and merchant services, DDoS defense is a mission-critical concern. Over the years numerous technologies, vendors, and high-operating expenses called for a refresh of our defense system strategy. Four cloud vendors and two on premise DDoS appliance vendors were selected for evaluation against what we surmised was a wide range of sophisticated attacks. Multiple vendor proposals were tendered and RedWolf® was the only vendor that could implement 100% of all the attack types requested at the scale requested.

The Solution

RedWolf® created a test plan at three levels of challenge. The basic tests validated the automatic controls of the solutions tested. While all the vendors passed these basic tests they did demonstrate differences in terms of operational usability. The so-called ‘intermediate’ tests, which RedWolf® creates to simulate motivated professional adversaries presented more challenge to the vendors being tested. The ‘advanced’ RedWolf® tests showed the most differentiation and allowed our teams to short-list two vendors for cloud and one on-premise vendor. A final round of testing was performed that increased the number of RedWolf® simulated attackers into the thousands. The tests were designed to test the operational teams of the 3rd party cloud providers and the vendor-representatives that were on-site on their respective local mitigation platforms. Our operations teams observed how these vendors interacted with their own technologies and found some vendors which were consistently superior in blocking the attacks. Through this exercise our teams became confident in which technologies and vendors were superior. The attacks and vectors they launched escalated in complexity and provided real challenge to the vendors being tested.

RedWolf® uses a number of advanced DDoS tactics from their experience performing exercises with a variety of organizations.

The Benefit

Although this was a complex and rigorous evaluation all vendors being tested considered it fair and realistic. Through this exercise the DDoS defense refresh program was able to provide an increase in DDoS defense capability at over 50% operational savings. For an organization of our scale this is measured in the hundreds of thousands of dollars per year. The RedWolf® testing platform remains delightful to use and stands out as the most capable cloud-testing system we are aware of. During this exercise certain unexpected RedWolf® non-DDoS capabilities gave additional insights into the performance of the vendors. Specifically, RedWolf’s ability to perform non-DDoS load-testing and simulations of good user-traffic within automated web browsers was especially insightful.

The Problem

Looking to improve our resilience to DDoS attacks.

The Solution

The creation of a three challenge level test plan.

The Benefit

An increase in DDoS defense capability at over 50% savings.

Meet RedWolf at RSA Conference 2019

Sharjil Khan, Principal Consultant at Redwolf Security Inc will be giving a presentation ‘How to Design and Operate a DDOS Testing Program’ on March 6th between 1:30pm and 4:30pm.

Click here to learn more