Frequently Asked Questions
No. The DDoS RADAR™ is based on a revolutionary non-disruptive DDoS testing technology that has ZERO impact on ongoing operations.
Yes. The DDoS RADAR™ tests environments against over 100 different types of DDoS attack vectors, from layers 3, 4 & 7 (Application Layer) attacks.
RADAR™ assists organizations in achieving, maintaining, and verifying the continuous closing of their DDoS vulnerability gaps. Reducing and maintaining the vulnerability level from an average of 48% to under 2% ongoing.
MazeBolt's professional services are some of the top experts worldwide in the DDoS field. Many of them originally come from various other leading DDoS mitigation companies. MazeBolt Professional Services allows for -
- Strong support - MazeBolt Professional services allow our customers to focus on their business, using us and our experience in DDoS mitigation to assist in liaising with DDoS mitigation vendors. MazeBolt will make closing vulnerabilities a painless process, we are with you every step of the way.
- Professional Services with leading DDoS experts - Our DDoS experts have all come from leading DDoS mitigation companies and understand both defense and attack. We have worked with well over 100 enterprise organizations consulting on vendor remediation, real-time attack analysis, and deep DDoS architecture planning & understanding.
- The liaison with your mitigation company - Our Professional service DDoS experts will guide your remediation efforts with your DDoS mitigation vendors. If required, our professional service can also help plan new architectural changes.
- Customize attack simulation vectors to add to RADAR™️ - If your organization requires specific attack vectors for proprietary reasons. MazeBolt professional services together with R&D will design implement and QA your required attack vectors, to be an ongoing part of your RADAR™️ platform.
RADAR™️ patented technology is non-disruptive to IT operations during DDoS attack simulations. This allows RADAR™️ to comfortably run from 50,000 to 100’s of thousands of DDoS attack simulations a year, against the IT production environment you are protecting against DDoS attacks.
Every vulnerability discovered by RADAR™️ has all the data required to fine tune the DDoS mitigation policy, for example, at a minimum each attack simulation has, the amount of attack simulation sent and attack traffic received, together with other important reporting parameters. This information allows the DDoS mitigation vendor and MazeBolt co-ordinate a perfect policy change for each vulnerability discovered and because the technology is non-disruptive, revalidating can be done in real-time to fine-tune security policies. Each customer has different requirements and a mutually agreed upon schedule for simulations and vulnerability reporting and remediation intervals is designed together with MazeBolt’s professional services. Providing end-to-end full vulnerability identification coverage and vulnerability remediation management.
Continuously & on demand.
You can generate a report of your DDoS Vulnerabilities (DDoS Mitigation Gaps) at any time from your MazeBolt Account. We called this report a Vendor Report.
The DDoS RADAR™ vendor reports include a comprehensive and complete story of what took place during that particular DDoS attack simulation. For example, on a per attack simulation basis, the vendor can see:
- Duration of DDoS attack simulation
- Rate of DDoS attack simulation
- Cumulative attack simulation traffic sent
- Cumulative attack simulation traffic received
- Target response monitoring during DDoS attack simulation
- Graphical illustrations of charting during attack simulation
- Knowledge base article on attack simulation with PCAP example of attack
MazeBolt’s SOC team generates an Executive summary once a quarter.
Yes. The MazeBolt TAP UI has a wealth of information on all DDoS attack simulations.
- The DDoS RADAR™ testing cycle (for each IPs address) starts with the 18 BaseLine DDoS attack vectors that each run for approximately 3-10 Mins.
- The DDoS RADAR™ automatically moves on to the next IP address until the company’s entire DDoS Attack surface has been tested against the 18 BaseLine DDoS attack vectors.
Generally speaking, DDoS attacks start at a default of 10 Mbps (for Layers 3 & 4) and work their way up to a maximal bandwidth of 1Gbps, this will also take into account any SLA’s you may have with your DDoS mitigation vendor.
The DDoS RADAR™ only reads meta data from the DDoS testing it performs.
No. The DDoS RADAR™ does not read PII
No. The DDoS RADAR™ does not decrypt traffic by default and by default it is not required to validate most environments.
We identify our attack traffic by looking for and filtering our attack traffic's source IP's only. In a default configuration we do not even capture any other traffic other than traffic originating from MazeBolt source IP's. However there is an exception to this rule, and that is for CDN based traffic, this will turn the device into a mode whereby we begin capturing all traffic, identifying the true source IP in the X-Forward-For header and then using those statistics to send out. It is important to note that we send out ONLY traffic statistics and NO PII information or any other data other that TCP related data is sent out via our secure API, our API has 2 factor authentication and communicates only with our data center.
If we have any such new feature in the future, this will first have in place a contractual agreement with the customer prior to any such feature being enabled on the device.
- Yes. We have many considerations we take into account for compliance, our Data Center is well segmented, and no unnecessary data is stored. MazeBolt is also ISO 27001 compliant and certified (Since 2015). Upon request this documentation will be provided.
- MazeBolt undertakes through 3rd party contractors pen-testing on a regular basis.
Yes. The DDoS RADAR™ can test hybrid DDoS mitigation solutions by creating a separate profile for each DDoS mitigation solution.
- The user of the system will add the network to be validated by the DDoS RADAR™. These networks IPs are then automatically and continuously verified for DDoS Mitigation Gaps.
- FQDN names or specific IP’s can also be added manually to the system.
The DDoS RADAR™ requires a TAP (Mirror) Port immediately downstream from your DDoS mitigation
The TAP port needs to be downstream from the DDoS mitigation
- The ongoing concurrent traffic rate.
- Seeing all traffic toward the targets planned to be validated.
Red Team DDoS Testing
A DDoS Test simulates a real DDoS attack against your website or network. The test is run with your participation to check the capabilities of your current security posture. This test will check your response teams preparedness and procedures you have in place to deal with a successful DDoS attack.
MazeBolt’s DDoS Testing has three basic stages:
- Planning & Scheduling – MazeBolt’s SOC team works with you to understand your needs and tailor the DDoS Tests accordingly (i.e. number of tests, type of tests, bandwidth, geo-distribution and more).
- Testing – MazeBolt’s SOC team runs the tests with you following in real-time via the User Interface. Your emergency button allows you to stop the tests at any time.
- Reporting – Once testing is completed MazeBolt issues a DDoS Test Report that highlights points of strengths and weakness of your DDoS attack handling with recommendations for further action.
Yes, it’s absolutely legal!
Not only do many Fortune 500 and large organizations regularly use DDoS testing, but in some countries, DDoS Testing has become a recommended regulation for validating the organization’s human response and procedural handling to DDoS attacks.
MazeBolt's DDOS testing is customized to the size and complexity of each organization’s IT network and comprises multiple tests for ongoing and iterative improvements.
Yes, you do.
Penetration testing checks the ability of an attacker to exploit your network and gain access to data. DDoS testing attempts to see how mitigation systems and response teams respond to a DDoS attack. To evaluate DDoS vulnerabilities RADAR® should be used.
Yes, we can. Provided you get approval in writing from the relevant cloud provider.