As a cybersecurity professional you always want to assess your risks accurately so you know how to focus your efforts and limited time.
When it comes to Distributed Denial of Service (DDoS), we’ve found that there are three essential questions that need to be asked:
- How can you evaluate your company’s DDoS threat level?
- Which type of DDoS attacks should you be able to withstand?
- How does your current DDoS protection level compare to the protection of other companies in your industry?
The DDoS Resiliency Score (DRS) standard helps answer these questions, so you can better understand the risks, your current level of protection and what security improvements – if any – would be desirable.
The DDoS Resiliency Score: Seven Levels of Attacks
The DDoS Resiliency Score (DRS) is an open standard, which provides an objective yardstick for measuring, comparing and assessing DDoS threat and protection levels at individual companies and across industries.
The DRS defines seven ascending levels of DDoS attacks. Each level introduces an increased threat, with additional types of attacks, more sophisticated attack vectors, and increased traffic volumes.
For example, at level 4 (“sophisticated”), network, web and DNS attacks are carried out at volumes of up to 5 gigabits per second (BPS), 4 million packets per second (TPS), or 200K transactions per second (TPS). Based on our experience mitigating many DDoS attacks, we know that level 4 attacks, and even higher, are quite common in the financial industry.
Your DDoS Risk is Affected by Your Industry
Based on our experience mitigating DDoS attacks targeting companies across multiple sectors, we have determined that different industries face different DDoS threat levels.
Our data indicates, for example, that the finance and gaming industries are prone to the most sophisticated DDoS attacks (except those launched by state-backed actors). This is substantiated by various industry reports, which also note that companies in the financial industry were the most attacked both in America and EMEA during 2022.
How to Identify Your Current Protection Level?
By conducting DDoS simulation testing, you can determine your current protection level with an accurate DRS score.
For example, after a recent simulation test running six different attack vectors, a company in the gaming industry received a DRS score of 4.0. The industry-wide threat level at the time was 6.0.
The security team at the gaming company hardened its DDoS protection in accordance with Red Button recommendations based on the results of the simulation. A second, follow-up simulation was executed, with the observed DRS score increasing to 6.5.
An additional score we provide during simulation testing is the average protection level of other companies in the same industry. This allows you to assess your protection measures in comparison with those of your corporate peers.
Summary
“Knowledge is not power, it is only potential. Applying that knowledge is power. Understanding why and when to apply that knowledge is wisdom.” - Takeda Shingen, powerful 16th century Japanese feudal lord and military leader
Managing cybersecurity may not be quite the same as being a 16th-century warlord, but Shingen’s lesson is well taken, even in the world of IT in 2023. Attack simulations provide the raw knowledge you need to plan DDoS defense for your organization, while the DRS metric and Red Button recommendations give you insight into applying that knowledge with a full understanding of how your protection measures up against real-world threats.
