Security Compass's DDoS Strike Completes "Battle Test" of ZENEDGE DDoS Mitigation Solution

Share Article

DDoS Strike, a division of Security Compass, announces that ZENEDGE’s DDoS mitigation solution has successfully completed its sophisticated distributed denial-of-service attack simulations.

We would feel confident recommending ZENEDGE as one of the solutions that can protect organizations concerned about criminal DDoS attacks - Sahba Kazerooni, head of DDoS Strike

Security Compass, a leading software security and distributed denial-of-service (DDoS) testing provider, announces ZENEDGE’s DDoS mitigation service has successfully completed a full range of “battle tests” conducted by its DDoS Strike unit.

These black-box tests simulated real-world DDoS attacks using a number of advanced techniques, and determined that ZENEDGE’s DDoS mitigation solution successfully withstood these attacks.

“After fully testing ZENEDGE’s DDoS mitigation product, we are convinced that this security solution offers robust and highly effective protection for businesses against a wide range of advanced DDoS attacks,” said Sahba Kazerooni, head of DDoS Strike and managing director of Security Compass. “We would feel confident recommending this as one of the solutions that can protect organizations concerned about criminal DDoS attacks.”

Kazerooni also mentioned that before choosing a DDoS mitigation solution, companies should always check to make sure the solution has undergone proper testing against real-world criminal attack scenarios. One way to achieve this is by looking for a DDoS Strike test.

DDoS Strike is a specialized division within Security Compass that conducts DDoS ‘black-box’ testing services for security vendors, as well as for corporations, and critical infrastructure and government agencies that want to test their readiness for criminal DDoS attacks.

These tests simulate real-world advanced DDoS attacks, ranging from network-based volumetric attacks to more surgical application-layer attacks, as well as anti-detection and anti-mitigation tactics; all in a safe and controlled environment. The tests are highly collaborative, involving the tested organization in every step of the process in order to make sure it is customized and effective.

As part of DDoS Strike’s regular testing service, it recently conducted a complete battle test of ZENEDGE’s DDoS mitigation solution in order to verify the effectiveness of its controls. To do so, Security Compass provisioned a test application and server, which was then protected by ZENEDGE’s solution.

The server was then monitored for availability and server load as well as response time throughout the DDoS Strike black-box testing. The battle test found that all of the controls, as configured in the test environment, functioned as described and were effective in mitigating the targeted DDoS attacks.

“Black-box testing with DDoS Strike is crucial for determining the true effectiveness of DDoS mitigation solutions,” Kazerooni said. “Before signing on with this type of service, companies really need to look at how well the DDoS tools actually perform in real-world attack scenarios. Evidence of testing by DDoS Strike is one way to know for sure.”

An overview of DDoS Strike:

DDoS Strike can simulate attacks in Layers 3-7. Layers 1 (physical layer) and 2 (data link layer) are not included, as they target the base of the network itself and require direct physical/internal access to a company’s network. This makes them less likely to be performed in the wild.

Layer 3 (Network Layer) Attack - BGP hijacking, IP/ICMP fragmentation and ICMP flood.
Layer 4 (Transport Layer) Attack - SYN flood, UDP flood, IPSec flood (IKE/ISAKMP association attempts), as well as long-lived TCP sessions (slow transfer rate), other TCP floods (varying state flags) and other connection flood/exhaustion.
Layer 5 (Session Layer) Attack - SSL exhaustion and DNS query/NXDOMAIN floods are also used, as well as long-lived TCP sessions (slow transfer rate) and other connection flood/exhaustion.
Layer 6 (Presentation Layer) Attack - Includes SSL exhaustion and DNS query/NXDOMAIN floods to cripple the network.
Layer 7 (Application Layer) Attack - Includes Slow Loris, slow POST, slow read, HTTP/S flood, CVE attack vectors, large payload POST requests, database connection pool exhaustion, resource exhaustion, mimicked user browsing and other types of protocol floods (SMTP, DNS, SNMP, FTP, SIP).
DDoS Strike can also disguise malicious traffic to look similar to a regular user and mimic the user’s behavior throughout the site.

DDoS Strike’s simulated attacks are controlled and monitored at all times, ensuring that the test is performed safely and in a very controlled manner. Several technical controls, such as fail safes, an emergency stop button, and the ability to dial up attacks slowly, have been built into the tool to reduce the risk of downtime to client systems during the exercise.

For more information about DDoS Strike, please visit https://securitycompass.com/dds/

###

ABOUT SECURITY COMPASS
Headquartered in Toronto, Security Compass is a leading information security firm specializing in web and mobile application security for Fortune 10s-500s, large financial institutions, energy firms, technology/software providers, media companies, retailers and other businesses. Security Compass guides teams in building customized security blueprints based on the industry, software development lifecycle, and business needs to cost-effectively mitigate risks. Its secure application lifecycle management tool, SD Elements, was selected for Ovum's 2014 On the Radar report and recognized by Gartner's 2014 Cool Vendors in Application and Endpoint Security report.

For more information, visit http://www.securitycompass.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Christine MacDonald
Visit website