DDoS stress test with CERTAINITY

In today’s digitally connected world, DDoS attacks pose a growing threat to organisations of all sizes. The disruption of online services and systems can threaten critical supply chains or a company’s business model. This is a considerable potential for damage. Companies and organisations become vulnerable on the one hand and susceptible to blackmail on the other.

What is a DDoS attack?

A DDoS attack, standing for “distributed denial of service”, is a type of cyber attack in which an attacker attempts to disrupt or render inaccessible an online service, website or network. The target is flooded with an overwhelming amount of requests from multiple sources simultaneously. The purpose of such an attack is to disrupt or completely disable the target’s normal operations.

In contrast to a simple denial of service (DoS), in which only a single attacker or a single source is involved, a DDoS attack uses a large number of networked computers to carry out the attack. These computers are often infected by malware and combined to form a so-called “botnet”. The owners of the infected computers are often unaware that their devices are being misused for such attacks.

DDoS attacks can take various forms, depending on the technology and methods used. The typical attack strategies include

• Volumetric attacks: These aim to overload the victim’s bandwidth with a flood of data.
• Protocol attacks: These attacks overload server or network resources by targeting vulnerabilities in the communication protocols.
• Application-level attacks: These target web applications and attempt to disable the server by exploiting vulnerabilities or overloading application processes.

Defence against DDoS attacks can be complex and often requires a combination of different measures. Building a robust network infrastructure with sufficient capacity, redundancy and scalable resources forms the basis. Building on this, special DoS protection solutions (e.g. web application firewalls, load balancers, …) from various manufacturers can offer a considerable increase in resistance. For optimum protection, there is also the option of working with external service providers and Internet service providers (ISPs) to establish effective attack detection, including effective defence techniques (e.g. redirecting data traffic, etc.).

Reasons for carrying out a DDoS stress test

A DDoS stress test carried out by CERTAINITY simulates a real DDoS attack on your IT infrastructure in a controlled manner. The simulation enables companies to find out how well their systems can withstand an actual attack. There are many reasons for carrying out a DDoS stress test.

The following objectives are achieved:

Effectiveness of the defence measures and mechanisms in place: Expensive measures are often ineffective due to incorrect configuration and inadequate settings under the conditions of a cyber attack. A DDoS stress test under real conditions enables IT security teams to set up and optimise the systems correctly. This is the only way to utilise all features effectively and thus achieve maximum protection.

Proof of performance: The performance of DDoS protection solutions or ISP services can be proven through targeted testing. This can be particularly useful prior to actual procurement during the pilot phase. This allows the promises made by manufacturers and suppliers to be tested in advance.

Measurement and benchmark: Check the resistance of your systems to a real DDoS cyber attack. Compare your level of protection with the individual threat level and visualise potential protection gaps.

Rules and regulation: Directives such as NIS2 and DORA aim to increase the resilience of European companies to cyber attacks. In addition to the implementation of security measures to mitigate cyber risks, this also includes testing the effectiveness of the measures. With regard to DDoS risks, there are no real alternatives to carrying out DDoS stress tests. The exact requirements may vary depending on the sector and size of the organisation.

Detection of vulnerabilities: Vulnerabilities in the configuration and/or single point of failure in the architecture can significantly increase vulnerability to DDoS. Performing a DDoS stress test helps to visualise security problems preventively. Closing the gaps can significantly increase resilience.

Training for the Blue Team: As part of the attack simulation, the responsiveness of the IT security team (Blue Team) is trained and tested under real conditions. The simulation helps, for example, to evaluate emergency processes and checklists. These can then be updated and optimised if necessary.

Assessing the impact: Apart from the systems directly affected by a DDoS attack, other systems can also be affected. The effects on the overall technical infrastructure are often unknown and incalculable. Carrying out a DDoS stress test can help to identify potential interactions.

Our approach and measurement methods?

CERTAINITY uses the internationally recognised metrics of the DDoS Resiliency Score (DRS) to assess resilience. The DRS indicates how well a network or web infrastructure is able to survive or recover from a DDoS attack.

The DRS rating system is divided into seven levels of DDoS attacks. With each level, new forms of attack, more specific attack patterns and a higher volume of data are added. As a result, the challenges for defence grow: each level requires faster response times to contain the damage and more complex measures

The following table provides an overview of the most important characteristics of the individual DDoS attack levels:

Quellen: https://www.ddosresiliencyscore.org/