DDoS Risk Assessment
"True DDoS attack preparedness is knowing your weaknesses, not blindly implementing a vendor solution."
- Andrew Shoemaker (Founder/CEO)
Organizations frequently implement DDoS attack defenses in an ad-hoc manner based upon vendor recommendations or during the panic following an attack. This approach often resolves the immediate issue but results in gaps in DDoS attack defenses that may go unnoticed until the next attack. The DDoS risk assessment takes a proactive, strategic approach in which a NimbusDDOS expert reviews an organization's infrastructure to identify areas of weakness. This switch from reactive to proactive allows an organization to address DDoS risks on their terms rather than being driven and dictated by the attacker.
// Attacker Reconnaissance: To discover areas of risk the NimbusDDOS engineers step into the role of a fictitious attacker to examine the target environment. Much of the testing is "black box" with no special guidance from the customer. The goal of this investigation is to uncover areas susceptible to DDoS attack that an attacker is likely to discover.
// DDoS Threat Matrix: Each discovered threat is ranked and scored to provide organizations with actionable data to prioritize further testing and corrective action. This scoring is customized according to the specific risk profile of the customer's business.
// Attack Plan: Each DDoS risk assessment includes an attack plan detailing the likely DDoS attacks that an attacker might try based upon the findings of the investigation. The attack plan allows organizations to better understand the gaps in their environment, and understand the strategy of an attacker.
// Not Penetration Testing: Many organizations incorrectly assume that periodic penetration/vulnerability testing will also detect DDoS risk areas. Although approached with a similar mindset, these assessments are not equivalent and a DDoS risk assessment examines a distinct area of information security.
// Data Driven Decision Making: The DDoS risk assessment provides facts, recommendations and actionable data that allow an organization to create a complete DDoS preparedness strategy.
// Dedicated DDoS Expert: Each customer is assigned a dedicated DDoS expert that provides DDoS preparedness advice and guidance tailored to the customer's business.