DDoS Simulation

Background

To organisations that rely on their website for online transactions and customer interface, a Distributed Denial of Service or DDoS attack that denies service for many hours can result in a significant loss of revenue and reputation. As botnets are a commodity that can be rented hourly by criminals for DDoS purposes to inflict damage on websites that even Fortune 500 companies are unable to deal with, such forms of attack are proving to be of significant concern.

Organisations are investing in some cyber defence measures, but most still have no real insight into the potential impact of one of the more straightforward attacks that criminals use against websites and systems – the DDoS.

We can help organisations by simulating a DDoS attack to assess how the systems and organisations responds to such an attack, and then provide solutions to mitigate such a risk in the future.

Aim

Simulate a full-fledged DDoS (Distributed Denial of Service) attack.

Method

Utilizing the power of multiple cloud computing platforms, we provide a unique service, in which multiple cloud computing platform providers are stringed together to launch several kinds of DDoS attacks - from the basic network flood, to the more advanced cryptographically challenging SSL connection flood and even application level attacks that requires higher computing capacity.

Such attacks are fully controlled and coordinated in an out-of-band mechanism, thus allowing us to fine-tune the level of attacks, initiate, pause or completely stop them at will and within seconds.

This kind of real-world simulation enables organisations to find the real bottlenecks in their infrastructure, and invest through a more informed decision making process in the right places that would provide the best value for money when preparing for such threats.

The simulation is often combined with a consulting engagement that is designed to test the overall security measures and preparedness of the customer infrastructure.

Administration

Engaging in such a simulation requires our customers to provide assurances from all the relevant parties involved (usually related ISPs, hosting providers, etc.) and conduct a specific scoping session to assure how communications should be performed with our team in order to fully control the simulation.

The simulation uses white-hat techniques only in order to simulate black-hat activities. This allows us to provide the level of service and control that our customers expect from us without having to deal with untrusted parties to do so, thus keeping all parties in a clear legal stature.

For more information about DDoS simulation and other Blue Team services, contact Dan Solomon at enquiries@optimalrisk.com.