MazeBolt RADAR is the only solution that conducts nondisruptive, continuous DDoS attack simulation – successfully identifying vulnerabilities in DDoS protection solutions to help you mitigate the risk of damaging DDoS downtime. This year, we developed and incorporated many new product features, which added extensive capabilities both to our DDoS attack simulation coverage and large-scale deployment capabilities.
Highlights of developments that were added this year include:
New DDoS Attack Simulations
RADAR’s scope of attack coverage was expanded to over 150 attack vectors. Some of the new attack simulations include:
SMTP “HELO” Flood
This is a Layer 7 DDoS attack in which multitudes of “HELO” commands are sent to an SMTP server target, which results in overwhelming the target server and causing email services to not process or deliver legitimate emails. This attack tests the mitigation solution in its ability to differentiate between SMTP HELO flood traffic and standard SMTP traffic.
Read more: SMTP HELO Flood
SIP UDP “OPTIONS” Flood
This is a Layer 7 flood attack that aims to consume targeted SIP user agent (UA) resources by continuously sending OPTIONS requests to a SIP UA over UDP. This ultimately causes the SIP service to be unable to handle new connections.
Read more: SIP UDP OPTIONS FLOOD
UDP Small Packets Flood
This is a Layer 4 attack conducted by sending a rapid succession of small-sized UDP datagrams (50 bytes in size) with spoofed IPs to a server in the network using various ports, forcing the server to respond with ICMP traffic. This behavior can cause network bandwidth saturation in both the ingress and egress direction.
UDP Flood has a high packet rate that can be generated per attacking machine due to the size of the packets. Identifying this type of flood is relatively easy because it tends to stand out from normal network communications.
Read more: UDP Small Packets Flood
Cloudscraper HTTP/S-PATCH Flood
This is a Layer 7 flood attack that can be used over HTTP or HTTPS and is designed to overwhelm web servers’ resources by continuously requesting a chosen URL from many attack nodes. This flood is an HTTP-based attack designed to bypass the CDN’s anti-bot protection by implementing different parameters inside each request. It can usually pass web-based challenges successfully. This ultimately causes the CDN service to deliver the attack traffic to the back-end origin server as “dynamic” requests. The Cloudscraper is a tough vector to mitigate, and we recommend proactively testing your protection level against it and remediating accordingly.
Read more: Cloudscraper HTTP/S-PATCH Flood
HTTP Reflection
The HTTP Reflection attack is a TCP attack that abuses middleboxes on the internet, causing them to send HTTP responses to the victim target. First, the attacker sends HTTP requests to restricted sites using spoofed source addresses. Second, the middlebox hijacks the packets and sends a response to the spoofed address. This recently discovered attack has what is possibly the largest known amplification factor; a spoofed request can trigger a response amplified by up to 80,000.
Performance Improvements
2024 saw several new performance improvements in RADAR:
Multi-processing
RADAR now supports multi-processing in its core module, significantly enhancing performance for complex, large-scale deployments. This update enables seamless support for up to 8 detectors and 4 mirror ports, managing over 32 tapping points. This capability is particularly significant for enterprise customers with extensive, distributed, global infrastructures. By optimizing resource allocation and improving throughput, our multi-processing capabilities empower large-scale operations to achieve unprecedented efficiency and reliability.
Higher Traffic Rate Environments
Our latest update introduced advanced optimizations to handle extreme traffic rates, reaching hundreds of Gbps. RADAR now supports large-scale telco and MSSP environments seamlessly, with built-in capabilities designed for high-throughput reliability and distributed operations.
Debian 12
RADAR migrated to Debian 12, which provides enhanced security, performance, and improved hardware support.
UI/UX Improvements
We implemented a number of significant UI/UX improvements in 2024, including:
New Bulk Actions
A new bulk action feature is available both on the Simulation Results page and on the Targets page, making it easier for users to select multiple items and apply updates efficiently. This enhancement is aimed at improving the user experience, by making it more intuitive and efficient to manage bulk actions.
Implementing Success Notification for Setting Changes
This feature provides immediate feedback when changes are saved successfully. Each time a user’s changes are saved, a notification appears, so users can ensure their changes have been recorded.
Events Scheduler (Upgrade)
We’ve redesigned the Events Scheduler to make it more intuitive, even for less advanced users. The new Events Scheduler introduces new capabilities such as selecting specific attack vectors and advanced periodic scheduling options.
Tooltips
We’ve broadened the tooltips coverage across the system to enhance usability.
Detectors List
The Detectors list has been redesigned as a drop-down menu to create a more consistent and intuitive user interface.
Remediation Tracking
In 2024, we enhanced how vulnerabilities are tracked and resolved within RADAR. Our improved remediation tracking helps customers obtain smarter insights, which enables them to prioritize vulnerabilities faster and more effectively. This insights-based approach empowers customers to achieve faster remediation cycles while ensuring their environments remain secure and resilient.
Microsoft Azure Support
RADAR now provides seamless support for Microsoft Azure environments. Microsoft Azure customers can use RADAR to continuously validate their external attack surface without disrupting production.
Nondisruptive DDoS attacks can be simulated on Azure-hosted public IPs, directly from the RADAR platform. The simulations help ensure that Azure DDoS protections are optimally configured, vulnerabilities are identified and mitigated, and endpoints are revalidated for ongoing assurance. This continuous process automatically tests new attack vectors against all Azure endpoints, ensuring robust security for Azure deployments.
Continuously Validate Your DDoS Attack Surface
MazeBolt RADAR takes DDoS Vulnerability Management to a new level by running continuous attack simulations. RADAR uncovers the DDoS vulnerabilities that can cause damaging DDoS attacks and interrupt business continuity.
Interested in learning more about how RADAR can help you mitigate the risk of damaging DDoS downtime? Speak with an expert!
