Case Study

Bank of New York Mellon, Crownpeak, Amazon Web Services

In 2016 Bank of New York Mellon engaged Crownpeak and RedWolf to help test and harden their cyber defenses.


Global Payment Processor

Serious DDoS attacks with no way to verify mitigation was a big problem for this Global Payment Processor. Redwolf® provided the ability to easily and quickly test DDoS mitigation using a trusted partner. DDoS maturity moved from being reactive to proactive.


Fortune 500 Global Bank

Looking to improve resilience to DDoS attacks for Fortune 500 Global Bank. Detailing the creation of a three challenge level test plan, leading to an increase in DDoS defense capability at over 50% savings.



DNS Offerings

RedWolf is pleased to announce improvements to its DNS offerings for all customers at no extra cost. The solution includes updated monitoring, enhanced testing and improved visualization of DNS systems while under attack.



Some attack countermeasures need to be reactive. Please describe how testing scenarios account for the implementation of reactive controls
Do you have the ability to send traffic based on IP rather than URL?
Do you have the ability to customize request headers and cookies?
What attack vectors do you support?
Can a Virtual Machine be provided to be used as a target for the testing?
Can you generate a “war games” scenario where blended or mixed attacks are used, and attacks are changed to address implemented countermeasures?
How do you monitor systems being tested?
How long it does it take to stop the DDoS test traffic?
What is the maximum bandwidth / throughput of the DDoS test in Gbps?
Describe the DDoS vectors that can be run. Do they target layers 3, 4 and 7 of the OSI model? Are there layer 7 tests for HTTP and HTTPS?
How many source addresses are involved in the DDoS testing?
Where can traffic be sourced from?
How safe is DDoS testing?
What should I expect if a system is overloaded?
How can DDoS testing be done safely?
What are the benefits of DDoS testing?
Can I run attacks inside a private LAN (i.e. not internet sourced)?
Can you spoof traffic?
Do you support IPV6?
Can RedWolf launch attacks using real browsers?
Can you attack multiple targets simultaneously?
How long do you store data for?
Does RedWolf monitor targets during a test?
Can RedWolf help design a test plan for us?
Is there a penalty if a test is cancelled?
How much lead time is required to book a test?
Can tests ramp-up smoothly or does traffic just ‘start’ and ‘stop’ abruptly?
How fast can a test attack be stopped?
Are the DDoS tests legal?
How large can your tests be?
What kinds of attacks can you launch?
What types of customers do you serve?
How long has RedWolf Security been running DDoS tests?