In 2016 RedWolf worked with Amazon and Crownpeak to help test and harden their cyber defenses.
Background:
The Problem
Defending cloud assets and scaling to large attacks
The Solution
Bank of New York Mellon engaged Crownpeak, their website hosting and management provider, who in turn engaged one of their partners, RedWolf, one of the world’s most trusted cloud-attack simulation firms, to help test and harden their cyber defenses.
Crownpeak and RedWolf took a two-step approach:
1. Baseline: Crownpeak and RedWolf needed to know at what point their cyber threat mitigation processes would activate. How much unknown traffic would need to hit the sites before it was established as a potential threat? A baseline was established using simple HTTP GET requests.
2. HULK test: This is where RedWolf’s expertise came to the forefront. An HTTP Unbearable Load King, or HULK test, is the tip of the spear for a DDoS test, and RedWolf’s HULK test obfuscates sources, simulates forgery, transforms URLs—all the things a real DDoS attack does.
During the test attack, 200 concurrent attack vectors were used, at a rate of 200,000 requests sent per second on average (and more than 1 million at its peak). Almost 100Gb of SSL traffic was sent per second, with data sent at a rate of 2.5-3.5Gb per second and data returned at a rate of 35-40Gb. These are significant numbers that accurately simulate an extreme DDoS attack.
As the test attack begins, data showed the back-end CPU usage ramping up, and in short order, the security infrastructure responds, dedicating additional servers to handle the loads. As the networks packet deliveries spike, additional server instances—around 30—come online to handle them.
Initial results show that although the system handled the load well at the start of the test, as the test ramped up users began to experience delays and timeouts. Crownpeak knew that to truly defend itself they would have to harden their security infrastructure -- and test it.
Crownpeak works closely with Amazon Web Services (AWS) on cybersecurity, and knows the ins-and-outs of AWS various features, including AWS Lambda responsive web servers and AWS Web Application Firewall (WAF), which adds a layer of security for software-as-a-service (SaaS) applications.
Crownpeak built a hardened structure using these tools to more effectively route DDoS attack packets, analyzing and responding to them in real time, accepting or denying each request as it comes through.
Read how Crownpeak used RedWolf to test and harden defenses and handled over 1 million HTTPS requests/sec.
The Benefit
A second test with these improvements in place proved their effectiveness. The same HULK test was run, and an additional WAF Overload test was added to try and overwhelm the new security measures.
The AWS WAF solution blocked about 9 million requests per minute, before they even reached the back end. Most importantly from a security perspective, during the second test the responsive server pool threshold was never triggered, even though more than 100 times more data was pushed to the system than the first test.
In all 175 of the 200 attack vectors were neutralized on the front end, and 47 million illegitimate requests were denied per minute—all while allowing 20 million legitimate requests through with no delays.
With the new, hardened infrastructure proven, Crown Peak —and its clients—can rest assured that their assets are safe from any DDoS attack.
Sharjil Khan, Principal Consultant at Redwolf Security Inc will be giving a presentation ‘How to Design and Operate a DDOS Testing Program’ on March 6th between 1:30pm and 4:30pm.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.