Frequently Asked Questions

MazeBolt RADAR™ Testing

No. RADAR™ testing is based on a revolutionary patented non-disruptive DDoS testing technology that has ZERO impact on ongoing operations. It is an automated solution that runs on live production environments at pre-scheduled time periods.

Yes. RADAR™ testing checks production environments automatically against over 140 different types of DDoS attack vectors, from layers 3, 4 & 7 (Application Layer) attacks.

RADAR™ testing assists organizations in identifying, and continually eliminating their DDoS vulnerability gap to as little as under 2%.

MazeBolt’s professional services are top experts worldwide in the DDoS field. Many of them originally come from various other leading DDoS mitigation companies. MazeBolt’s professional services provide –

  • Very strong support – MazeBolt’s professional services allow our customers to focus on their business, using our experience in DDoS mitigation to assist in liaising with DDoS mitigation vendors. We will make closing vulnerabilities a painless process. We are with you every step of the way.
  • Leading DDoS experts – Our DDoS experts have all come from leading DDoS Mitigation companies and understand both defense and attack. We have worked with over 100 enterprise organizations consulting on vendor remediation, real-time attack analysis, and deep DDoS architecture planning and understanding.
  • The liaison with your mitigation company – Our professional service DDoS experts will guide your remediation efforts with your DDoS mitigation vendors. If required, our professional service can also help plan new architectural changes.
  • Customize attack simulation vectors to add to RADAR™️ Testing – If your organization requires specific attack vectors for proprietary reasons. MazeBolt’s professional services, together with R&D, will design, QA, and implement your required attack vectors, to be an ongoing part of your RADAR™️ testing platform.

MazeBolt RADAR™️ testing runs 50,000 to hundreds of thousands of DDoS attack simulations a year. It can do this comfortably because it is a patented technology that is non-disruptive to IT operations during these DDoS attack simulations.

Every vulnerability discovered by RADAR™️ testing has all the data required to fine-tune the DDoS mitigation policy; for example, the amount of attack simulation sent and attack traffic received, together with other important reporting parameters. This information allows the DDoS mitigation vendor and MazeBolt to coordinate a perfect policy change for each vulnerability discovered. Because the technology is non-disruptive, revalidating can be done in real-time to fine-tune security policies. Each customer has different requirements, and a mutually agreed-upon schedule for simulations and vulnerability reporting, and remediation intervals is designed together with MazeBolt’s professional services. Providing end-to-end full vulnerability identification coverage and vulnerability remediation management.

Continuously & On-demand.
You can generate a report of your DDoS Vulnerabilities (DDoS Mitigation Gaps) at any time from your MazeBolt Account. We called this report a Vendor report, additionally, quarterly customers receive an executive report for high-level risk quantification and reduction understanding.

RADAR™ testing vendor reports include a comprehensive and complete story of what took place during that particular DDoS attack simulation. For example, on a per attack simulation basis, the vendor can see:

  • Duration of DDoS attack simulation
  • Rate of DDoS attack simulation
  • Cumulative attack simulation traffic sent
  • Cumulative attack simulation traffic received
  • Target response monitoring during DDoS attack simulation
  • Graphical illustrations of charting during attack simulation
  • Knowledge base article on attack simulation with PCAP example of an attack

MazeBolt’s SOC team generates an executive summary once a quarter.

Yes. The MazeBolt RADAR testing platform UI has a wealth of information on all DDoS attack simulations.

  • The RADAR™ testing cycles (for each IP address or FQDN) normally run between 4 and 8 hours daily.
  • RADAR™ testing automatically moves on to the next IP or FQDN address until the company’s entire DDoS attack surface has been tested against all currently known DDoS attack vectors.

Generally speaking, DDoS attacks start at a default of 25 Mbps (for Layers 3 & 4) and work their way up to a maximal bandwidth of 500Mbps. This will also take into account any SLA’s you may have with your DDoS mitigation vendor.

RADAR™ testing only reads the metadata generated from RADAR testing nodes, all other traffic is ignored. Customers will receive a full security spec of all metadata collection and other security standards in force and effect.

No. RADAR™ testing does not read PII (Personally identifiable information ).

Yes & No.

Yes – If RADAR™ testing is validating CDN-based protections the RADAR detector will require the ability to read the X-Forward-for header (Or similar).

No – For DDoS protections which do not traverse a CDN E.g. Scrubbing center, ISP protections, CPE,  decryption is not required.

We identify our attack traffic by looking for and filtering our attack traffic’s source IPs only. In a default configuration, we do not even capture any other traffic other than traffic originating from MazeBolt source IPs. However, there is an exception to this rule, and that is for CDN-based traffic, this will turn the RADAR detector into a mode whereby we begin capturing all traffic, identifying the true source IP in the X-Forward-For header, and then using those statistics to send out. It is important to note that we send out ONLY traffic statistics, and NO PII information or any other data other then TCP related data is sent out via our secure API, our API has 2-factor authentication and communicates only with our data center.

If we have any such new features in the future.  Such a feature will first have in place a contractual agreement with the customer prior to any such feature being enabled on the RADAR detector.

  • Yes. We have many considerations we take into account for compliance. Our Data Center is well segmented, and no unnecessary data is stored. MazeBolt is also ISO 27001 compliant and certified (Since 2015). Upon request, this documentation will be provided.
  • MazeBolt undertakes pen-testing on a regular basis through 3rd party contractors.

Yes. The RADAR™ testing can test hybrid DDoS mitigation solutions simultaneously.

  • System users will add the network to be validated by RADAR™ testing. These network IPs are then automatically and continuously verified for DDoS Mitigation Gaps.
  • FQDN names or specific IPs can also be added manually to the system.

RADAR™ testing requires a TAP (Mirror) Port immediately downstream from each of your DDoS Mitigation solutions.

The TAP port needs to be downstream from the DDoS mitigation.

  • The ongoing concurrent traffic rate.
  • Seeing all traffic toward the targets planned to be tested.

Red Team DDoS Testing

Yes, we do, but only for RADAR testing customers. We do not offer Red Team DDoS testing alone.

A DDoS Test runs a very high rate of DDoS attack traffic against your website or network (Online services). This type of testing usually has a lot of disruption to online services, so requires a maintenance window. The test is run with your participation, and will check your response team’s readiness and the procedures you have in place to deal with a successful DDoS attack that takes you down. This type of testing is done mainly for post-attack handling when the damage has already started, to understand how your team can best start recovering from an ongoing DDoS attack.

MazeBolt’s DDoS Testing has three basic stages:

  • Planning & Scheduling – MazeBolt’s professional services team works with you to understand your needs and tailor the DDoS Tests accordingly (i.e. number of tests, type of tests, bandwidth, geo-distribution and more).
  • Testing – MazeBolt’s professional services team runs the tests with you following in real-time via the User Interface. The emergency button allows you to stop the tests at any time.
  • Reporting – Once testing is completed, MazeBolt issues a DDoS Test Report that highlights points of strengths and weaknesses of your DDoS attack handling, and recommendations for further action.


Not only do many Fortune 500 and large organizations regularly use DDoS Test, but in some countries, DDoS Test has become a recommended regulation for validating the organization’s human response and procedural handling to DDoS attacks. However, because of DDoS testing disruptive nature and inability to identify DDoS vulnerabilities across an organization’s entire attack surface, many organizations are now switching to RADAR testing, the most comprehensive, accurate, and non-disruptive DDoS testing available.

Normally between 1 and 3 hours.

MazeBolt’s DDoS Test is customized to the size and complexity of each organization’s IT network, and includes multiple tests for ongoing and iterative improvements.

Yes, we can. However, once you have RADAR testing running in your cloud environment, most customers will not opt-in for such a disruptive Red team DDoS test (There is also little to no need for one). Additionally, unlike RADAR testing, a normal DDoS test will require a more complex approval from your cloud provider.

No, MazeBolt is completely vendor agnostic.
We do not align ourselves with any vendor and commit to providing customers with 100% objective testing results.

DDoS General

A DDoS attack is a more advanced form of a DoS attack – Denial of Service: a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to a network. DoS attacks are accomplished by flooding the targeted machine or resource with superfluous requests to overload systems and prevent some or all legitimate requests from being fulfilled.

A distributed denial-of-service (DDoS) attack refers to a malicious endeavor aimed at disturbing the regular flow of traffic to a specific server, service, or network. This disruption is caused by inundating the target or its connected infrastructure with excessive Internet traffic. DDoS attacks are harnessed by utilizing numerous compromised computer systems as sources of the attacking traffic. These compromised systems can encompass traditional computers and other interconnected resources like Internet of Things (IoT) devices.

At a conceptual level, a DDoS attack bears resemblance to an unanticipated traffic congestion that congests a highway, impeding the regular progression of traffic towards its intended destination.

One of the primary challenges in identifying a DDoS attack lies in the familiarity of its symptoms. Many of these indicators closely resemble the experiences of regular technology users, such as sluggish upload or download speeds, websites becoming temporarily unavailable, intermittent internet connectivity, unusual content or media, or an upsurge in spam. Additionally, the duration and intensity of a DDoS attack can vary significantly, ranging from a few hours to several weeks – this is what is referred to as downtime.

DDoS attacks are executed through networks comprising interconnected Internet-enabled machines. These networks encompass computers and various devices (including Internet of Things devices) that have been compromised by malware, enabling remote control by an attacker. These individual compromised devices are termed “bots” or “zombies,” while a collection of such bots forms a “botnet.” Once a botnet is established, the attacker can orchestrate an assault by issuing remote commands to each bot within the network.

Upon targeting a victim’s server or network, each bot within the botnet sends requests to the target’s specific IP address. This onslaught of requests has the potential to overwhelm the server or network, resulting in a denial of service for legitimate traffic. The intricacy arises from the fact that each bot in the botnet is a genuine internet-connected device. Thus, distinguishing between the malicious attack traffic and the normal traffic becomes a complex task.