August 6, 2018
Nexusguard has built a DDoS simulation platform to enable CSP partners to find out if their networks are scalable and resilient enough to respond to unexpected surges in traffic
The continued evolution of the notorious Mirai malware is a solid proof that zero-day vulnerabilities remain an imminent threat as attackers find new ways to cripple or penetrate your network. In such a threat-riddled cyberworld, are you really sure that your network is resilient enough to combat against DDoS attackers and intruders? If you say YES, how can you be so sure?
While you may have deployed on-premise hardware or subscribed to a cloud-based cybersecurity service, odds are you don’t know if you are sufficiently protected from the latest threats, such as Satori. Other intimidating names such as “Teardrop” and “Nuke” are popularly known, but they are not fought against in our day to day battles.
If anything can go wrong, it will
From our observation as a DDoS attack defender, the datasheets of most anti-DDoS hardware devices on the market focus only on the operational metrics during peacetime instead of a DDoS attack. For instance, a famous router manufacturer claims that their devices have a maximum throughput of 65Mpps (packet per second). But when in use, once traffic surges to 1.2Mpps, a CPU error occurs, causing the router to stall and reboot as a result. In other words, when it comes to a large volumetric attack, the device itself can easily be overwhelmed and turns out to be the traffic bottleneck to your infrastructure.
In theory, it is possible for hardware vendors to deliver patches to fix a new vulnerability every time it has been found and exploited, it would be always a catch-up game in practice; whether or not your anti-DDoS device can defend large and zero-day attacks at all times is a big uncertainty.
Test your network for vulnerability to DDoS attack
Ideally speaking, running regular network health checks to find out weaknesses and fix vulnerabilities, if any, is the security practice all enterprises should carry out. Testing your network resilience against traffic spike should also be made part of your security best practices, especially if you rely on the infrastructure to deliver mission-critical services.
Such test results enable you to reveal hidden bottlenecks across the infrastructure, review the configuration and effectiveness of existing network devices, and take necessary preventive or remedial measures, such as by ensuring that latest patches and updates are applied.
Nexusguard helps CSP partners prevent and prepare for the worst
Nexusguard’s CSP partners can now benefit from our high-security DDoS simulation platform to test the resilience of their networks against a comprehensive, constantly updated library of simulated attacks sourced from our mitigation records, research team and other threat intelligence.
As our partner, you can test the network by replaying a predefined set of attack patterns or scenarios you specify to help you find out zero-day vulnerabilities within the network. Our professional service team can further advise you on developing scenarios to simulate the most likely threats your industry faces.