Rarely a week goes by without reports of a large and damaging DDoS attack against a major business. As a DDoS testing provider, it’s our job to break through a company’s mitigation defences and bring down their systems - albeit within a controlled, safe environment. Our experience evidences a staggering 85% of organisations are fully unable to mitigate a DDoS attack, even with enterprise-level mitigation in place.
DDoS attack techniques are changing rapidly, and the customer’s increasing dependency on public cloud, or 3rd party networks outside the corporate perimeter may be increasing the overall risks associated with DDoS attacks. Moreover, DDoS attack tools are now regularly being used by cybercriminals to distract companies from data theft or other security attacks. Regular DDoS testing should be used alongside penetration tests and vulnerability assessments to allow a company to identify where detection and mitigation systems need tuning to improve security posture and prevent a real attack.
This technical paper addresses many of the issues associated with testing a company’s DDoS protection service including:
- The business case for DDoS testing
- How to safely scale a live DDoS attack simulation
- What a DDoS test should include
- The legality and ethics of DDoS testing
- Other important considerations prior to launching a DDoS attack test
