I have seen it so many times before. DDoS (Distributed Denial of Service) tests are being commissioned simply to fulfil a “tick-box approach” to network security. Once purchased, those concerned move on to the next project. This is fine for most IT project deployments, but when it comes to maintaining effective DDoS mitigation, it is a different matter.
DDoS attacks are on the rise and, according to a recent survey, an average attack can cost businesses about £30,000 per hour. Let’s look at some statistics from the recently published “Akamai Q3 2016 State of the Internet Security Report“, comparing DDoS attacks during Q3 2016 vs. Q3 2015:
71% increase in total DDoS attacks
77% increase in infrastructure layer (layers 3 & 4) attacks
138% increase in attacks > 100 Gbps
Not good really from a threat landscape view point.
People are only just starting to realise, through painful experience, that their DDoS mitigation solution has failed (if it ever worked), due to lack of care post deployment. DDoS countermeasures need to be viewed in the same way as a fire alarm drill. They need to be tested on a regular basis.
Undertaking a controlled, live DDoS test of your network defences and the people that surround and support this service is critical. Why wait for a real attack to see whether your mitigation has worked? Hoping that your BGP (Border Gateway Protocol) re-configuration has moved the dirty traffic to your DDoS scrubbing provider in the event of an attack is not the best time to be crossing your fingers.
Hope for the best but plan for the worst.
Testing your mitigation thoroughly and regularly will make sure your cyber runbook procedure doesn’t fail when you need it most. Buy and hope are not pragmatic ways to implement this type of solution. Buy the solution and then have peace of mind that it has been tested fully.
Testing allows you to validate response plans, educate staff and optimize your recovery from cyber-attack. It gives answers to some of the following questions:
- How long does it take to confirm a DDoS attack?
- Are the alerts accurate enough and set at the correct threshold?
- Does the cyber response team know the drill when an attack occurs?
- How well does mitigation activation work?
- Do all applications work well with mitigation in place?
- Is your service provider compliant with mitigation SLAs?
activereach has a range of bespoke and off-the-shelf DDoS testing service packs that can be scaled to suit your requirements.