Denial of Service Testing Services (DoS & DDoS)

Denial of Service (DoS) refers to activities or events that prevent legitimate use of a computer or network service. There are different types of denial of service, similarly those which involve multiple compromised systems used together to attack a target is known as a Distributed Denial of Service, or a DDoS attack.

DoS has evolved from simple attacks (e.g. sending overwhelming volumes of email) from a single source, which are now relatively easily detected and defeated. As a result, these attacks now come from thousands of compromised agents (bot-nets) acting on behalf of a cyber-criminal or gang. DDoS attacks, have proven so easy to launch and so difficult to defend against. Consequently, DDoS is now considered a common attack method for which all companies need appropriate response as part of their Cyber Resilience Program.

Growth of DDoS

In recent times, DDoS attacks have continued to gain media attention with a number of high profile organisations coming under attack. These range from globally, regionally and locally as well as across the spectrum of Government, large corporates and also any entity being hosted on cloud platforms. DDoS is now considered, above all, one of the primary threat types facing virtually every industry and business that is exposed to the public Internet. Whilst traditional DDoS attacks have relied upon a single attack method, the pattern across recent attacks demonstrates the escalating use of advanced techniques to maximise disruption, indicating an overall increase in sophistication.

Organisations are susceptible to outages across the stack from web applications to the networks delivering them. As a result, attackers are now using an array of changing attack methods, continually recalibrating attacks dynamically based on responsiveness of target systems and can also launch attacks from a range of sources distributed across the globe. For the motivated attacker and cyber-criminal, DDoS is becoming a common tool in their arsenal, consequently resulting in expensive downtime and disruption to legitimate business.

Furthermore, DDoS attacks are also often employed as diversions to other attack methods. This is due to the fact that they generally redirect organisational focus to the disruption leaving other parts of the environment increasingly exposed and less likely to be monitored.

Why Test Market solutions

A number of technical solutions can be found in the market to assist organisations identify and respond to these types of attacks. Coverage of these solutions can be limited, as a result of being generally expensive offerings with costs increasing for the volume and types of attacks that you need to protect against.

Solutions can include

  • Telco/ISP bundled services
  • Cloud absorption
  • Content Delivery Networks (CDN)
  • On-premise hardware and hybrid models.

No matter what the technological approach is, testing and validating the level of protection you have employed is essential. Therefore our experience indiciates that you cannot rely on vendor promises.

DDoS testing is designed to simulate DDoS attacks against your IT infrastructure in a controlled and planned manner. This is to validate if your DDoS defences work as expected; and to allow you to anticipate how you will respond during a genuine cyber-attack.

Sense of Security have designed a methodology to proactively validate the capability and coverage of your DDoS defence as well as the service provider’s or vendor offerings that you may have employed to mitigate such attacks.

Key Benefits

  • Validate vendor SLA’s
  • Proactively Avoid Downtime
  • Validate DDoS Defences work as expected
  • Detect configuration issues, at Layer 3, 4 & 7
  • Train your team to respond to DDoS attacks

Service Offering

  • Advisory service to assist in target selection, test planning and execution.
  • Over 300 unique DDoS attacks, IPV4/6, HTTP, DNS, SSDP, NTP, IPSEC & More
  • Real-time monitoring of performance of all targets and over 140 metrics collected
  • unlimited sources, unlimited attack sizes, vast array of attack vectors, and real-time control.

Coverage

  • CDN Testing
  • Cloud DNS Testing
  • Cloud DDoS Testing (Routed)
  • Cloud DDoS Testing (Proxy)
  • Cloud WAF Testing
  • Router Testing
  • Firewall Testing
  • IPSEC and SSL VPN Testing
  • DDoS Appliance Testing
  • IDS/IPS Testing
  • Load Balancer Testing
  • SIP and VOIP Testing
  • SMTP Testing
  • WAF Testing
  • DNS Server Testing
  • SSL Offload Testing
  • Web Server Testing & Optimisation
  • Authentication Sub-system Testing
  • Application Feature Benchmarking
  • Application Fuzzing
  • Message Queue Testing

Industry Leaders

Our security testing experts are among the best in Australia, and have performed engagements locally and abroad for many of the world’s leading brands. Furthermore, this is backed by our commitment to staff development, certification, IT Security Research, and the publication of regular IT Security Advisories which set us apart from the competition.

For more information download our DDoS data sheet. To discuss how our specialist security services can help your organisation test your security posture please contact us on 1300 922 923 or complete the enquiry form by pressing the button below.

Contact Us