RedWolf® uses a number of advanced DDoS tactics from their experience performing exercises with a variety of organizations
As one of the largest online payment processors covering online credit, debit, and merchant services, DDoS defense is a mission-critical concern. Over the years numerous technologies, vendors, and high-operating expenses called for a refresh of our defense system strategy. Four cloud vendors and two on premise DDoS appliance vendors were selected for evaluation against what we surmised was a wide range of sophisticated attacks. Multiple vendor proposals were tendered and RedWolf® was the only vendor that could implement 100% of all the attack types requested at the scale requested.
RedWolf® created a test plan at three levels of challenge. The basic tests validated the automatic controls of the solutions tested. While all the vendors passed these basic tests they did demonstrate differences in terms of operational usability. The so-called ‘intermediate’ tests, which RedWolf® creates to simulate motivated professional adversaries presented more challenge to the vendors being tested. The ‘advanced’ RedWolf® tests showed the most differentiation and allowed our teams to short-list two vendors for cloud and one on-premise vendor. A final round of testing was performed that increased the number of RedWolf® simulated attackers into the thousands. The tests were designed to test the operational teams of the 3rd party cloud providers and the vendor-representatives that were on-site on their respective local mitigation platforms. Our operations teams observed how these vendors interacted with their own technologies and found some vendors which were consistently superior in blocking the attacks. Through this exercise our teams became confident in which technologies and vendors were superior. The attacks and vectors they launched escalated in complexity and provided real challenge to the vendors being tested.
RedWolf® uses a number of advanced DDoS tactics from their experience performing exercises with a variety of organizations.
Although this was a complex and rigorous evaluation all vendors being tested considered it fair and realistic. Through this exercise the DDoS defense refresh program was able to provide an increase in DDoS defense capability at over 50% operational savings. For an organization of our scale this is measured in the hundreds of thousands of dollars per year. The RedWolf® testing platform remains delightful to use and stands out as the most capable cloud-testing system we are aware of. During this exercise certain unexpected RedWolf® non-DDoS capabilities gave additional insights into the performance of the vendors. Specifically, RedWolf’s ability to perform non-DDoS load-testing and simulations of good user-traffic within automated web browsers was especially insightful.
Looking to improve our resilience to DDoS attacks.
The creation of a three challenge level test plan.
An increase in DDoS defense capability at over 50% savings.
Meet RedWolf at RSA Conference 2019
Sharjil Khan, Principal Consultant at Redwolf Security Inc will be giving a presentation ‘How to Design and Operate a DDOS Testing Program’ on March 6th between 1:30pm and 4:30pm.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.