During the GISEC event in Dubai, I found myself speaking to cyber security leaders between the main stage sessions. I was part of a discussion that included two CISOs from well-known financial institutions, and a CEO of a large payment company. After the panel, around lunchtime, we chatted about everything we’d heard so far in the conference. I decided to use the opportunity and ask them about their DDoS strategy. My new friends were arguing about the best ways to build a DDoS strategy, and everyone had a different take. But the time came, and they all looked at me, waiting for me to chime in. So, instead of telling them about our solution, RADAR™, I decided to go a different route. “Guys, why don’t we let ChatGPT decide…?” I asked, and to my surprise, they all nodded and smiled. After all, everyone is putting their faith in ChatGPT nowadays, right?
ChatGPT is an AI-powered chatbot designed to help in a wide range of uses, including code writing and debugging. Since ChatGPT was introduced to the public by OpenAI, it has proven to be a successful tool that may be considered a game changer, interacting with users conversationally. Due to its impressive writing and AI capabilities, many people find themselves asking the engine questions and conducting research through it. So, I suggested to my friends that we’ll let ChatGPT decide what they, as CISOs and cyber experts, should do to improve their DDoS resilience. And so, we opened ChatGPT and typed in: “as a CISO, even if I have a DDoS mitigation solution, how can I know if I’m really protected?”.
The results left everyone shocked, to say the least. The answer was detailed and someone who didn’t know what ChatGPT is would be astonished to discover that an AI answered the question. But what was most impressive was the fact that ChatGPT gave the most accurate answer about the necessary steps for CISOs and cyber experts who want to improve their DDoS resilience. First, it suggested that CISOs must conduct regular DDoS tests, that include simulated DDoS attacks to monitor the mitigation’s response. Then, the chatbot suggested monitoring the network’s traffic and looking out for suspicious traffic that might be a DDoS attack. Finally, ChatGPT suggested keeping the mitigation solution up to date because DDoS attacks are constantly evolving, which means conducting ongoing DDoS tests to ensure all the network’s mitigation layers are up to date.
Once reading ChatGPT’s answers, my friends took a moment and then said the same thing. “It’s all nice and impressive,” they said, “but we all know that we cannot perform continuous DDoS tests because they’re disruptive, and will cause downtime”. That was my cue to show them RADAR’s dashboard and tell them that yes, by conducting DDoS tests on a regular basis, organizations can uncover their network’s vulnerabilities and remediate them. “But as we all know”, I continued “intrusive DDoS tests, such as red team tests, disrupt production, and ongoing services, and the disruption causes many organizations to perform their DDoS tests on an annual or bi-annual basis, at best. But RADAR is the only solution available on the market that continuously visualizes and measures every layer of DDoS security, allowing cybersecurity teams to take a proactive approach with zero downtime and zero disruption”. At this point, my friends couldn’t believe my words, and I had to swear that I didn’t program ChatGPT in advance… RADAR indeed performs continuous non-disruptive DDoS testing of more than 150 attack vectors and provides complete attack surface coverage for all targets and all known DDoS attack vectors.
The final article in ChatGPT’s answers was the one I really wanted my friends to understand: the backup plan. As we all know, it only takes one successful DDoS attack to bring down the network, and it doesn’t matter what mitigation solution the organization has implemented. As long as there’s a hidden vulnerability in the mitigation layers, a DDoS attack can penetrate the organization’s defenses and shut down services. When ChatGPT suggests a backup plan, it does not mean having an emergency response team to handle the damage and try to mitigate the attack, because that doesn’t actually matter. The damage has already been done; services were impacted. “Imagine your client’s not being able to access their accounts because of that one DDoS attack,” I told one of my CISO friends, who’s in charge of a multi-billion-dollar institution’s cyber defense. “What good will your emergency response team be if thousands of your clients can’t use your services right now?” He nodded and didn’t say anything.
The real backup plan is to be prepared and continuously test your organization’s protection, in order to properly manage your DDoS attack surface. Implementing the best DDoS mitigation services is just the first step, and the crucial step is to test, evaluate, uncover, remediate, and validate all DDoS vulnerabilities. RADAR closes the DDoS remediation loop from insight to action by working with the mitigation vendors, providing visibility into misconfigurations, and prioritizing a remediation plan and validation efforts.
And with that, our meeting was over, and everyone went back to their schedule. But following that improvised meeting, we continued our discussions in private and started integrating RADAR into each of my friends’ networks. And with all due respect to the most advanced AI around, no one booked these meetings in my calendar but me!
Get resilient against DDoS Attacks
(this article was written by a human being)
One Response
great article!