Frequently Asked Questions

Incident Response & Case Study Details

How did Red Button help a Latin American bank respond to a ransom-driven DDoS attack?

Red Button's Incident Response team was engaged after a Latin American bank received a ransom email and suffered a 60 Gbps UDP reflection DDoS attack. The team coordinated with the bank's IT and security staff to review the DDoS protection architecture, ran a controlled DDoS simulation to uncover vulnerabilities, and recommended fixes. After remediation, subsequent attacks were fully mitigated with zero service disruption. The process included multiple simulations and configuration improvements to the Imperva Incapsula system. Note: Red Button's approach requires collaboration with in-house teams and may not be suitable for organizations unable to allocate technical resources during incidents. Download the full case study.

What were the main findings and recommendations after the DDoS ransom attack incident?

Red Button's post-incident analysis for the Latin American bank included recommendations to run periodic DDoS simulations (including application protections), add or harden application protections, implement an external managed DNS service, and configure automatic traffic diversion to reduce time-to-mitigation. These steps were based on vulnerabilities uncovered during simulations and real attacks. Note: Recommendations are tailored to each client; organizations with unique architectures may require additional measures.

Features & Capabilities

What DDoS testing and simulation capabilities does Red Button offer?

Red Button provides realistic DDoS simulations with over 100 attack vectors, including volumetric, protocol, and application-layer attacks. The platform can simulate attack volumes up to 300 Gbps, 5 million packets per second (PPS), and 500,000 HTTP requests per second (RPS). These capabilities enable comprehensive validation of defenses under real-world conditions. Note: Simulations require coordination with customer IT teams and may not be suitable for organizations unable to authorize controlled testing. Learn more about DDoS testing.

What compliance and security standards does Red Button support?

Red Button supports ISO 27001 and SOC 2 compliance by providing audit-ready evidence, technical reports, and compliance-grade documentation. The platform also helps organizations meet regulatory requirements for SAMA, MAS, and HKMA. Customers receive formal reports and remediation steps for any vulnerabilities found. Note: Detailed limitations not publicly documented; ask sales for specifics regarding compliance in highly specialized regulatory environments. See compliance details.

What technical documentation and resources are available for Red Button's solutions?

Red Button provides datasheets, white papers, a knowledge base, and a resource library with technical documentation, troubleshooting guides, and case studies. Notable resources include the Incident Response Solution Brief, DDoS 360 Solution Brief, and DDoS Hardening Solution Brief. These materials help prospects understand solution capabilities and implementation. Note: Some resources may require registration or direct inquiry for access. Browse the resource library.

Use Cases & Benefits

What types of organizations benefit from Red Button's DDoS testing and incident response?

Red Button's solutions are designed for financial institutions, government agencies, gaming companies, telecom/ISPs, technology firms, logistics, manufacturing, and multinational corporations. Typical roles include CISOs, cybersecurity managers, cloud architects, and heads of security. The platform is especially valuable for organizations facing regulatory compliance requirements or operational risk from DDoS attacks. Note: Organizations without dedicated IT/security teams may require additional support to implement recommendations. See industry case studies.

What business impact can customers expect from using Red Button's solutions?

Customers can expect enhanced operational resilience, reduced risk of downtime, improved regulatory compliance, and actionable insights for remediation. Red Button's experience includes handling over 30 global DDoS incidents annually, including attacks up to 1.2 Tbps. Cost savings are realized by preventing outages and compliance penalties. Note: Actual impact depends on customer engagement and implementation of recommendations. Learn more about business impact.

Implementation & Process

How long does it take to implement Red Button's DDoS testing or incident response services?

Onboarding and planning typically take about two weeks, including scoping, architecture review, and test plan approval. For cloud DDoS testing (e.g., AWS, Azure), the customer time commitment is approximately five hours: one hour for a pre-test interview, three hours for the live test, and one hour for results and recommendations. Red Button assists with third-party approvals and handles planning, execution, and analysis. Note: Timelines may vary for complex environments or if additional approvals are required. See implementation details.

Competition & Comparison

How does Red Button compare to Cloudflare for DDoS defense and testing?

Cloudflare provides always-on DDoS mitigation, web application firewalls, and CDN-based solutions, primarily validating its own stack. Red Button offers vendor-agnostic recommendations, realistic DDoS simulations with over 100 attack vectors, and industry-specific solutions for financial services, gaming, telecom, and government. Choose Red Button for independent validation and tailored simulations; choose Cloudflare if you need integrated web security and CDN services. Note: Cloudflare's always-on mitigation may be preferable for organizations seeking a bundled approach. See comparison details.

How does Red Button differ from Akamai for DDoS protection?

Akamai integrates DDoS protection with its CDN services and focuses on validating its own solutions. Red Button provides impartial, vendor-neutral assessments, compliance-grade reporting for ISO 27001, SOC 2, SAMA, MAS, and HKMA, and a DDoS 360 program for continuous improvement. Choose Red Button for independent validation and compliance support; choose Akamai for integrated CDN and DDoS protection. Note: Akamai's CDN integration may be advantageous for organizations prioritizing content delivery. See comparison details.

What advantages does Red Button offer over generic DDoS testing providers?

Generic providers often offer basic DDoS testing with limited attack vectors and lack real-world simulation capabilities. Red Button simulates up to 300 Gbps attacks, 5 million PPS, and 500,000 RPS, with over 100 attack vectors and proven expertise handling 30+ global incidents annually. Choose Red Button for advanced, realistic testing; generic providers may suffice for basic validation needs. Note: Red Button's advanced simulations may require more planning and coordination than basic providers. See comparison details.

Customer Proof & Success Stories

Can you share other case studies or success stories involving Red Button?

Yes. Examples include the European Central Bank identifying gaps in its DDoS protection stack, a business intelligence company uncovering network vulnerabilities, a European government agency validating DDoS resilience, and securing Olympic Games logistics from DDoS attacks. Each case study details the challenges, solutions, and outcomes. Note: Results vary by organization and engagement scope. Browse all case studies.

Case Study: FINANCIAL SERVICES

DDoS Ransom Attack on a Latin American Bank

Download case study
DDoS Ransom Attack on a Latin American Bank

Background

A Latin American conglomerate, which includes a bank and several financial companies, received an extortionary email threatening to carry out a DDoS attack. The hacker group demanded Bitcoin payment and warned they would attack in one week if money was not received.

Nevertheless, the first DDoS attack started the same day that the threatening email arrived. Afterwards, the company engaged Red Button’s Incident Response team to prepare for and mitigate further attacks.

Attack Timeline

ddos-timeline

Threat mail and attack #1

The first DDoS attack was 60 Gbps, launched the same day the extortion message was received, using a UDP reflection attack vector. The company’s internal security and IT teams activated mitigation measures, which involved diverting traffic to the DDoS Mitigation provider Imperva Incapsula. A few network segments that were initially unprotected were the source of a 15-minute disruption of service due to pipe saturation. However, once the traffic was diverted, all services returned to their normal state.

Incident response and DDoS test #1

Following the first attack, the company engaged Red Button’s Incident Response team. Our personnel met with all the company’s relevant in-house teams to review their DDoS protection architecture. Several hours later, we ran a controlled DDoS network attack simulation to detect and fix vulnerabilities. The simulation uncovered multiple problems with infrastructure protection and the routing of traffic to Imperva Incapsula. The IT team was then tasked with fixing the identified issues.

Test #2

The next day, our team repeated the simulation and ran another controlled network DDoS attack. The routing problems were all fixed and the simulated attack was stopped successfully.

DDoS attack #2

The attackers launched a second attack. While the company’s team and its protection measures were fully prepared for a larger, more extensive assault, the second incident was almost identical to the first – a 60Gbps volumetric attack lasting 24 hours. Thanks to the testing and fixes implemented earlier, as well as the collaboration between the company’s IT team and our Incident Response experts, the attack was fully mitigated, with zero service disruptions.

Test #3

After the deadline set by the hackers had passed and no additional attacks were identified, our team ran another simulation. This was intended to test the mitigation of application-level DDoS attacks. Our team identified configuration gaps in the Imperva web protection system and helped the company’s IT team to close them.

Conclusion and Recommendations

Following the incident response and mitigation activities, our team provided the company with a detailed report containing conclusions and recommendations, including:

  • Run periodic DDoS simulations (including application protections).
  • Add or harden application protections.
  • Add an external managed DNS service.
  • Configure automatic traffic diversion to reduce the time-to-mitigation.

Read Other Case Studies

Check out these resources for more information about our DDoS testing solutons for your business.

FINANCIAL SERVICES, GOVERNMENT

European Central Bank Identifies Gaps in Its DDoS Protection Stack

Read More

FINANCIAL SERVICES

Big 4 Accounting Firm Tests its DDoS Mitigation on Azure

Read More

FINANCIAL SERVICES

Strengthening a Bank’s Protection on AWS

Read More