Security Compass Launches DDoS BlackBox Testing Service, ‘DDoS Strike,’ to Replicate Layer 3-7 DDoS Attacks

Share Article

Security Compass launches a Blackbox DDoS testing service called DDoS Strike to replicate layer 3-7 attacks in a controlled and safe environment. DDoS Strike is a customizable service which tests not only DDoS mitigation technology but also the people and the process.

Distributed Denial-of-Service (DDoS) attacks are one of the most persistent and growing cyber threats to North American companies - but, until now, there hasn’t been a reliable way to test networks against real world attacks. Security Compass, a leading web and mobile application security firm, today announced the release of “DDoS Strike” - one of the only DDoS testing services that can safely test networks against real-world DDoS attacks, all the way down to Layer 3 infrastructure attacks.

“Denial-of-service attacks continue to pose a significant threat to businesses across the US and Canada,” said Sahba Kazerooni, Managing Director at Security Compass. “At the same time, it’s been difficult for businesses to accurately test against this threat, due to the inability to recreate sophisticated attacks and to do it safely within a company’s IT infrastructure. We developed DDoS Strike with this in mind - and created a tool that can safely stress-test network infrastructure from application-layer DDoS attacks, all the way down to the advanced BGP hijacking, IP/ICMP fragmentation and various types of flood DDoS attacks.”

While denial-of-service has been a popular attack method since the 1990s, it has grown substantially more powerful, sophisticated and dangerous for businesses in the past few years. For one, attackers now have access to criminal botnets that harness the power of tens of thousands to millions of infected computers to expand the size and power of an attack; but, even more significantly, they’ve also evolved their techniques by targeting vulnerable network infrastructure to exponentially increase the impact of these attacks. Many DDoS attacks now reach the 100-400 gigabits per second (Gbps) range, a level that was unheard of just two years ago.

In August 2013, Gartner reported that DDoS attacks were being used to provide cover for fraudulent multi-million dollar wire transfers from multiple US banks. A recent study by Prolexic Technologies found that worldwide DDoS attacks increased 47 percent year over year in Q1 2014 - with a 68 percent increase YOY in Layer 3 and 4 infrastructure attacks. Companies, banks and government organizations need to prepare themselves for the coming wave of sophisticated and dangerous DDoS attacks. As noted in Gartner’s 2013 ‘Payment Switch’ report, DDoS can do more than just disrupt operations - it may also be used as cover by organized crime groups, state-sponsored groups and others to launch other types of attacks, such as data theft or financial fraud. The only way to prepare for these attacks is to test the network regularly against them to ensure the companies DDoS mitigation tools are configured properly. That means recreating the same type of attack criminals could use in a live testing environment against the company’s actual network infrastructure.

Overview of DDoS Strike:

DDoS Strike is a DDoS mitigation testing service designed for Fortune 10s - 500s in the financial services, retail, technology and energy markets. Before DDoS Strike, network defenders only had one option to test their systems against a DDoS attack - an appliance that the company has to host, manage, learn and maintain, which doesn’t accurately recreate real world attacks as it relies on inside information to carry out the attack which no longer tests the process and people – two critical aspects in DDoS mitigation. Now with Security Compass’s new service, corporate IT teams have access to a DDoS testing service that not only tests the technology but the process and the people.

Key product highlights of DDoS Strike:

  •     Simulated attacks are controlled and monitored at all times, ensuring that the test is performed safely and in a very controlled manner.
  •     The customer is included at every step of the DDoS process to ensure the process is interactive and specialized to the company.
  •     Blackbox Recon – Security Compass approaches a company's security infrastructure with the same resources as an attacker.
  •     Security Compass performs behavior-mimicking web attacks which can disguise malicious traffic to look similar to a regular user and mimic the users behavior throughout the site.
  •     Several fail safes have been built into the tool as emergency stop buttons that can halt a simulation at any time.
  •     Security Compass is testing not only the technology but also the people and the process to determine where a company’s vulnerabilities lie.
  •     Once the DDoS attack is completed, Security Compass transitions into a remediation process creating a vendor agnostic action plan to fix any issues that have been found.

DDoS Strike’s testing capabilities:

DDoS strike can create customized attacks for Layers 3-7. Layers 1 (physical layer) and 2 (data link layer) are not included, as they target the base of the network itself and require direct physical/internal access to a company’s network. This makes them less likely to be performed in the wild.

  •     Layer 7 (Application Layer) Attack - Includes Slow Loris, slow POST, slow read, HTTP/S flood, CVE attack vectors, large payload POST requests, database connection pool exhaustion, resource exhaustion, mimicked user browsing and other types of protocol floods (SMTP, DNS, SNMP, FTP, SIP).
  •     Layer 6 (Presentation Layer) Attack - Includes SSL exhaustion and DNS query/NXDOMAIN floods to cripple the network.
  •     Layer 5 (Session Layer) Attack - SSL exhaustion and DNS query/NXDOMAIN floods are also used, as well as long-lived TCP sessions (slow transfer rate) and other connection flood/exhaustion.
  •     Layer 4 (Transport Layer) Attack - SYN flood, UDP flood, IPSec flood (IKE/ISAKMP association attempts), as well as long-lived TCP sessions (slow transfer rate), other TCP floods (varying state flags) and other connection flood/exhaustion.
  •     Layer 3 (Network Layer) Attack - BGP hijacking, IP/ICMP fragmentation and ICMP flood.

About Security Compass:

Headquartered in Toronto, Security Compass is a leading information security firm specializing in web and mobile application security for Fortune 10s-500s, large financial institutions, energy firms, technology/software providers, media companies, retailers and other businesses. Security Compass guides teams in building customized security blueprints based the industry, software development lifecycle, and business needs to cost-effectively mitigate risks. Its secure application lifecycle management tool, SD Elements, was selected for Ovum’s “On the Radar” report in 2014. Website:

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Christine MacDonald
Visit website