Blog Post

Red Team vs. Blue Team – Security and Performance

Published
June 27, 2016
#
 mins read
By 
Mehdi Daoudi

in this blog post

Heading 2

When a security breach or DDoS attack occurs, performance and user experience are the first visible victims.

As the use of cloud services continues to make security more important than ever, conducting internal war games is a great way to understand your weaknesses before a real catastrophe happens.  A common way companies test this is by using a red team / blue team approach.  The red team is a group of white-hat or ethical hackers that attack the infrastructure with the goal to identify weaknesses.

These types of tests enable organizations to identify how their infrastructure will respond when under attack, and develop runbooks and playbooks to be used in case a real-life attack occurs.

Shortly after I wrote about how performance and security share a common trunk, a customer shared how they used Catchpoint public and OnPrem nodes to conduct a security exercise to simulate a DDoS attack and strategize a response to it.

The following scatter plot charts show the connect time, time to first byte, and web page response during the three phases of the exercise.

DDoS security

The network latency measurement was also conducted from OnPrem nodes to the border routers, measuring how the network suffered during the DDoS (latency and packet loss):

DDoS-security-chart

Congratulations to this company for not only performing this healthy exercise, which I am sure resulted in a ton of telemetry, lessons learned, and updated runbooks and playbooks; but, most importantly, for keeping an eye on end user experience as a key metric.

Mehdi

When a security breach or DDoS attack occurs, performance and user experience are the first visible victims.

As the use of cloud services continues to make security more important than ever, conducting internal war games is a great way to understand your weaknesses before a real catastrophe happens.  A common way companies test this is by using a red team / blue team approach.  The red team is a group of white-hat or ethical hackers that attack the infrastructure with the goal to identify weaknesses.

These types of tests enable organizations to identify how their infrastructure will respond when under attack, and develop runbooks and playbooks to be used in case a real-life attack occurs.

Shortly after I wrote about how performance and security share a common trunk, a customer shared how they used Catchpoint public and OnPrem nodes to conduct a security exercise to simulate a DDoS attack and strategize a response to it.

The following scatter plot charts show the connect time, time to first byte, and web page response during the three phases of the exercise.

DDoS security

The network latency measurement was also conducted from OnPrem nodes to the border routers, measuring how the network suffered during the DDoS (latency and packet loss):

DDoS-security-chart

Congratulations to this company for not only performing this healthy exercise, which I am sure resulted in a ton of telemetry, lessons learned, and updated runbooks and playbooks; but, most importantly, for keeping an eye on end user experience as a key metric.

Mehdi

Synthetic Monitoring
Network Reachability
This is some text inside of a div block.

You might also like

Blog post

Preparing for the unexpected: Lessons from the AJIO and Jio Outage

Blog post

Learnings from ServiceNow’s Proactive Response to a Network Breakdown

Blog post

DNS misconfiguration can happen to anyone - the question is how fast can you detect it?

Ні 👋 Let's schedule your demo
To begin, tell us a bit about yourself!

We get Catchpoint alerts within seconds when a site is down. And we can, within three minutes, identify exactly where the issue is coming from and inform our customers and work with them.”

Martin Norato Auer
VP, CX Observability Services, SAP
trusted by