The increasing prominence of Distributed Denial-of-Service (DDoS) attacks on organizations has cost them service downtime, lowered productivity, negative brand reputation, decreased stock value and many other serious implications.
The ever-accelerating power and sophistication of these attacks are evolving into something even the best DDoS mitigation controls are unable to identify. This is because most organizations do not implement a testing protocol that is robust enough - or, even have one at all - that can recognize a DDoS threat.
Security Compass’s DDoS Strike delivers controlled and monitored simulated attacks that allow us to identify where an organization is vulnerable and where fine tuning needs to take place, without taking their systems down.
Tried and tested rules of engagement to ensure the customer is included throughout the processExpert Involvement
Controlled and monitored testing conducted by DDoS experts, with advanced knowledge of the latest trends, techniques and attack vectorsSafe and Controlled
Ability to dial up attack intensity slowly, in order to identify the breaking point of a system without actually taking it downComprehensive Reporting
Detailed reporting demonstrates a play by play of the test and a vendor-agnostic action plan to fix any issues discovered
Contacts with the appropriate law enforcement agencies to alert them prior to the testDetailed Reconnaissance
Blackbox reconnaissance on your infrastructure to identify the most susceptible targets and most likely attack vectorsAttack Diversity
An extensible framework capable of launching over 20 DDoS attack types spanning layers 3 to 7 of the OSI stack (see below)Remediation Guidance
Optional deployment of expert resources for detailed remediation guidance
We enumerate and analyze your infrastructure’s attack surface. We identify likely targets and the most relevant attack types for your environment.
Prepare the attack within our distributed solution comprised of nodes situated amongst a variety of cloud providers that generate the DDoS traffic.
The DDoS simulation, we target assets and functionality identified and approved in the Recon phase.
This phase is recommended, but if it is not selected, we will still provide observations and recommendations for improvement.
Following remediation, we will conduct the exercise again, in order to ensure that any fixes have been applied correctly and that the risk has been mitigated.
We've built and designed an extensible framework for creating and launching attacks that span layers 3 to 7* The extensible nature of the framework allows us to simulate any type of attack seen in the wild, as well as create customized attacks, tailored for a client's specific requirements. Below are a list of commonly seen attacks that we can simulate: