Downtime And the DDoS Vulnerability Gap

There is a vulnerability gap every DDoS mitigation system has. If you operate online, you’re vulnerable. - which could mean downtime and a loss of buisness continuity.

Has your organization ever experienced DOWNTIME?

Has this ever been displayed on the screen when customers tried to access services?

What Causes Downtime?

  • System design errors or bugs. These are internal to the organization and can only be addressed by their design or DevOps teams.
  • DoS (Denial of Services) or DDoS (Distributed Denial of Service) attacks are malicious in their intent. Preventative measures must be taken to ensure that downtime doesn’t occur because of DoS or DDoS attacks.

Regardless of the cause, downtime means a loss of revenue and a loss of customers for any organization that operates online.

DoS vs DDoS Attacks

What is a DoS attack?

DoS attacks are where a few compromised systems, are used to target a single internet facing IT system (e.g., servers, devices, services (HTTP/HTTPs), networks, applications), with the intent to make the  services unavailable.

For example: If a banking or e-commerce website experiences a successful DoS attack, it will be unavailable to users. The organization loses revenue and customer trust as a result of downtime. 

What is a DDoS attack?

DDoS attacks are the same concept as DoS attacks, however, attack traffic originates from many different sources – potentially thousands or more.

Since these attacks originate from thousands of sources, they can be difficult to stop. It can also be very difficult to distinguish legitimate user traffic from attack traffic since the traffic is spread out on so many different sources.

How DDoS Attackers Cause Downtime

The Attacker Advantage - A Ever-Expanding DDoS Attack Exposure Surface

There are thousands of potential DDoS vulnerabilities to exploit in any IT infrastructure. These vulnerabilities are referred to as “DDoS vulnerability gaps”.

For example: the graph here shows that if a company has ~100 IP addresses operating online then the attack surface would be 100 (IP addresses) x 100 (vectors) = 10,000.

That means a ~10,000 potential DDoS vulnerability gaps for an attacker to exploit.

Production environments are continuously changing and the DDoS vulnerability gap is continually expanding and contracting, due to:

  • Adding/removing services
  • Updating DDoS mitigation policies
  • New and improved DDoS attack vectors
how-ddos-attackers-cause-downtime-mazebolt-technologies

How to Prevent Downtime from DDoS Attacks

The Proactive Approach

Organizations can continually identify DDoS vulnerability gaps before attackers target them. This can be done either with traditional DDoS testing or MazeBolt RADAR testing - the most accurate DDoS testing standard in the market today. 

 

The Reactive Approach 

Organizations can wait until DDoS attacks are exploited and continually mitigate the vulnerabilities once they are detected after an attack occurs. This is the critical challenge that all DDoS vendors face.

In order to prevent downtime from DDoS attacks, you need to know where the DDoS vulnerability gaps are.

Identifying DDoS Vulnerability Gaps

There are thousands of potential DDoS vulnerability gaps in any organization that operates online.
Any non-mitigated DDoS vulnerability gap means downtime if the organization is attacked by the right DDoS attack vector.

There are currently two options available to identify DDoS vulnerability gaps:

RADAR™ Testing vs. All Other DDoS Testing  

Description
Very high chance of Downtime during attack No Yes
Testing frequency Continously About twice a year
DDoS attack vectors checked per target More than 100 Less than 20
Number of target IP's tested against all attack vectors Complete - Over 1000 IPs Sample only - Under 5 IPs
DDoS vulnerability gap Under 2% 48%
Vulnerability reports Per test No
Attack response Automatic Hours or days
Detection of successful attacks Continous Only relevant for specific testing time
what-is-dos-vs-ddos-attacks

All Other Types of DDoS Testing

Traditional DDoS testing simulates attacks in a controlled manner to test how your organization responds to a successful DDoS attack.

It typically includes a predefined attack surface coverage (maximum 5 IPs) and a maintenance window (i.e. downtime) of at least 3 hours.

As a result of these limitations, organizations limit DDoS tests to a maximum of only twice a year.

ddos-radar™-eliminates-ddos-vulnerabilities

RADAR™ Testing

RADAR™ testing is the only solution that is always-on, constantly testing, and non-disruptive - setting a new standard in DDoS testing that eliminates the DDoS vulnerability gap.

RADAR™ testing's patented technology transforms your DDoS mitigation with complete attack surface coverage (i.e. run tests on thousands of IPs), constant testing to identify vulnerabilities and validate patches, and non-disruptive testing on your production environment.