Case Study

Bank of New York Mellon

Crownpeak, Amazon Web Services

In 2016 Crownpeak and RedWolf to help test and harden their cyber defenses.

Global Payment Processor

Global Payment Processor

Serious DDoS attacks with no way to verify mitigation was a big problem for this Global Payment Processor. Redwolf® provided the ability to easily and quickly test DDoS mitigation using a trusted partner. DDoS maturity moved from being reactive to proactive.


Fortune 500 Global Bank

Looking to improve resilience to DDoS attacks for Fortune 500 Global Bank. Detailing the creation of a three challenge level test plan, leading to an increase in DDoS defense capability at over 50% savings.



DNS Offerings

RedWolf is pleased to announce improvements to its DNS offerings for all customers at no extra cost. The solution includes updated monitoring, enhanced testing and improved visualization of DNS systems while under attack.



If we see an outage, how long does it take to restore services?
How Safe is DDoS Testing?
Can new IP’s be added/removed during an attack?
Can vectors be changed during an attack?
Can targets be changed during an attack?
Can multiple targets be attacked simultaneously?
Can multiple attack vectors be run simultaneously?
Can RedWolf launch attacks using real web browsers?
Do you support IPV6?
What safety limits can you put on a self-serve account?
What is the portal URL?
How is self-serve training delivered?
What on premise technologies have you worked with and what is your level of understanding?
What mitigation providers have you worked with?
What consulting services do you provide in respect to DDoS preparedness? Please include which consulting is part or a normal engagement, or if additional consulting services are required.
How is the test monitored?
What is included in a Managed report at the conclusion of testing?
How many calendar days between each test session?
Can managed testing be scheduled 24/7?
At a high level, how is DDoS testing conducted?
Should I target a production or test environment?
What kind of targets and attack vectors should I try?
How are permissions granted for testing?
How long does it take to schedule a test?
Some attack countermeasures need to be reactive. Please describe how testing scenarios account for the implementation of reactive controls
Do you have the ability to send traffic based on IP rather than URL?
Do you have the ability to customize request headers and cookies?
What attack vectors do you support?
Can a Virtual Machine be provided to be used as a target for the testing?
Can you generate a “war games” scenario where blended or mixed attacks are used, and attacks are changed to address implemented countermeasures?
How do you monitor systems being tested?
How long it does it take to stop the DDoS test traffic?
What is the maximum bandwidth / throughput of the DDoS test in Gbps?
Describe the DDoS vectors that can be run. Do they target layers 3, 4 and 7 of the OSI model? Are there layer 7 tests for HTTP and HTTPS?
How many source addresses are involved in the DDoS testing?
Where can traffic be sourced from?
How safe is DDoS testing?
What should I expect if a system is overloaded?
How can DDoS testing be done safely?
What are the benefits of DDoS testing?
Can I run attacks inside a private LAN (i.e. not internet sourced)?
Can you spoof traffic?
Do you support IPV6?
Can RedWolf launch attacks using real browsers?
Can you attack multiple targets simultaneously?
How long do you store data for?
Does RedWolf monitor targets during a test?
Can RedWolf help design a test plan for us?
Is there a penalty if a test is cancelled?
How much lead time is required to book a test?
Can tests ramp-up smoothly or does traffic just ‘start’ and ‘stop’ abruptly?
How fast can a test attack be stopped?
Are the DDoS tests legal?
How large can your tests be?
What kinds of attacks can you launch?
What types of customers do you serve?
How long has RedWolf Security been running DDoS tests?

Meet RedWolf at RSA Conference 2019

Sharjil Khan, Principal Consultant at Redwolf Security Inc will be giving a presentation ‘How to Design and Operate a DDOS Testing Program’ on March 6th between 1:30pm and 4:30pm.

Click here to learn more