We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

DDoS Resiliency Made Easy with Red Button's Testing Platform

Ditsa Keren Technology Researcher

Red Button is a security services and consulting company specializing in mitigating and preventing Distributed Denial of Service (DDoS). Towards that purpose, they’ve introduced the DDoS Resiliency Score, an open standard, virtual DDoS testing technology that enables immediate assessment, as well as a range of proven processes and methodologies for SOC/NOC teams. In this article, we interviewed CEO Ziv Gadot to learn more about what the hell is DDoS and how it can be avoided.

I've been in the cyber industry for nearly 20 years, specializing in the DDoS scene. I founded RedButton 4 years ago with the mission to prepare organizations for DDoS attacks.

The way we work is by providing various services that are needed for organizations at different stages of development, to reach the resiliency level they need.

There are about 10 vendors (such as Radware, Akamai, Imperva Incapsula and CloudFlare) that provide a DDoS mitigation software or service, but just enrolling or deploying their service is not enough. In order to be truly protected, you need to perform additional actions. Firstly, to run DDoS attacks in order to verify that protection is working and that your IT is responding as expected.

We believe that DDoS mitigation without testing is like releasing a software without doing QA. DDoS testing is one of our primary services, and we have our own propriety DDoS testing platform.

For some organizations, DDoS testing is a complicated and expensive process. We are aware of that, so we developed a complementary tool we call the DDoS Calculator, which assesses security by collecting information from the organization, and producing a report without firing a single DDoS attack

The real differentiator between Red Button and other testing companies is that once we perform the testing or evaluation, we do not stop there. Any testing is likely to reveal some gaps. To close them, you need to perform a configuration review, hardening, DDoS training and add additional DDoS mitigation layers. Red Button provides all of those services.

What is the discourse of a DDoS attack and how can it be avoided?

DDoS stands for distributed denial of service. It is probably the easiest cyber-attack to generate. The attacker only needs to generate a massive amount of requests to a service. Each request by itself is perfectly legitimate, but the amount of requests overwhelms the service or network, causing it to slow down until reaching complete outage. When that happens, legitimate users are unable to access the service, and hence is the impact of the attack.

These days, it is totally unacceptable for banks, e-commerce sites, payment services and online gaming, who absolutely cannot allow outage to their service.

Experiencing an outage translates to financial losses accruing with every passing second the service remains unavailable, not to mention the detrimental effect it has on their reputation.

What is the DDoS Resiliency score?

The DDoS Resiliency score is a standard that was initiated by Red Button, and has become a preliminary standardizing tool across the industry. It is an open source standard that can be used by anyone at no cost. The main goal is to be a benchmark that allows organizations to do something that was impossible before: to measure their DDoS resiliency and get a score on a scale from 0-7, where 0 means not resilient at all and 7 means the organization is fully prepared for any DDoS attack.

The standard doesn't tell you what to do. Rather, it is used to put theory into practice within the organization.

We strongly encourage organizations to embrace these standards and gain the visibility they need. The standard specifies 7 levels of attacks. Each level has several attack vectors. If you pass them, your score increases, and you can go to the next level. At the end of the process you get a final score, that you can act upon to harden your defenses.

What can you tell us about your "DDoS Day" conference?

DDoS Day is a boutique conference we do every year in different locations. We gather the DDoS community, including organizations, vendors, consultants and integrators, who speak about DDoS attacks and mitigation and provide education on the topic. We had a DDoS Day in Vienna last month.

When it comes to law enforcement, Cyber-attacks generally tend to go un-noticed. How can we expect that to change?

Firstly, there is some law enforcement activity in cybercrime, but of course there's room for improvement. I expect it to happen over the next years.

The main question is, where do we draw the borders? Even in criminal activity unrelated to cyber, there's a shared responsibility between the government, the police and the citizens. I have locks on my door, some of my friends have security cameras, I have insurance, so not everything is under the responsibility of the government.

Specifically for DDoS, from a nation's point of view, the first milestone is that each organization protects itself individually. The nation needs to ensure that there would not be a massive amount of attacks impacting industries, and that public communication infrastructure remains relatively secure.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Ditsa Keren is a cybersecurity expert with a keen interest in technology and digital privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address

Thanks for submitting a comment, %%name%%!

We check all comments within 48 hours to ensure they're real and not offensive. Feel free to share this article in the meantime.