As an AWS Partner Network (APN) Partner and AWS DDoS Test Partner NCC Group has been pre-approved by AWS to conduct DDoS simulation tests. For more than a decade, NCC Group has been assuring our customers of their protection against DDoS attacks.

NCC Group’s DDoS testing service, tests your people, processes and technologies:

• A range of Network/Application layer attack types

• A Global Cyber Security company and AWS DDoS Test Partner, authorized to conduct DDoS simulation tests on behalf of AWS customers without prior approval from AWS.

• Conducted in a controlled manner under the guidance of a consultant, starting with low volumes of traffic and gradually increasing to enormous bit rates.

• Operated from our central managed security services facilities and fully monitored during active use 24 hours a day.

• Meticulously designed to fail safe with several independent ‘kill switches’ to stop any simulation quickly should it become necessary.

• Highly flexible and able to suit a wide range of customer circumstances from reputationally sensitive brochureware sites to full e-business applications.

• In addition to testing that bad traffic is filtered, we use a cloud-based infrastructure monitoring platform to check that real user traffic is not affected during an attack. This is essential for evaluating the effectiveness of any mitigation service or appliance.

• Concise reporting including an executive summary that provides a high-level overview of the test, as well as technical details for each scenario. A data report also offers a side-by-side, minute-by-minute comparison of botnet activity data and target monitoring statistics.

• Clear risk ratings that help you determine the urgency and prioritisation of improvements such as mitigation technology, your internal team, and internal policies.

The aim of the service is to assess:

• The effectiveness of your DDoS mitigation technologies

• The quality of your policies and processes

• The readiness of your team

It’s essential to test that your mitigation is in fact protecting your critical systems, and you get the return on the investment you expect. In our testing, we've discovered that 70% of the time, we've identified issues in our client's implementation or configuration of their DDoS mitigation.

Why is it critical to test your DDoS defenses?

DDoS attacks are capable of bringing all communication to and from their targets to a halt, and many businesses spend large sums of money on DDoS mitigation – without testing it. Testing your DDoS mitigation strategy will allow you to verify business resilience, ensure that your investment is worth the cost and last, but really-not-least, amend potential gaps in your defenses. You should test all of this in a controlled environment when your business is ready. Because we do find gaps in our client’s DDoS protection.

**What does a DDoS test include? **

Pre Test During the pre-test discussions, the testing team looks to understand your aims of testing. This allows the team to define the required traffic types and volumes, understand the attack surface and develop a custom attack recipe for your business.

**Preparations **

The test team configures the attack scenarios and builds a sophisticated attack based on specific “pinch points” recommended for testing.

**Testing **

As a customer centric business, we work closely with your testing team, and testing is conducted on a conference call. This allows you to give feedback on your experiences and guide traffic levels in real-time. It allows systematic testing of trigger points and the team to view responses from the target, mitigation, and individuals before, during and after they are hit. During testing, NCC Group conducts external monitoring, logs botnet activity, and notes key observations which help finalise the rich reports and identify any gaps in your defense.

Final Stage

The last stage includes feedback and reporting on the test. Reporting includes both executive and technical summaries of the scenarios run, as well as detailed technical breakdowns of scenarios, detailed test narratives, timelines, and monitoring graphs.

NCC Group can also provide a DDoS Advisory service to guide you through your DDoS defence strategy and provide a full readiness review.