Red Team vs. Blue Team – Security and Performance

When a security breach or DDoS attack occurs, performance and user experience are the first visible victims.

As the use of cloud services continues to make security more important than ever, conducting internal war games is a great way to understand your weaknesses before a real catastrophe happens.  A common way companies test this is by using a red team / blue team approach.  The red team is a group of white-hat or ethical hackers that attack the infrastructure with the goal to identify weaknesses.

These types of tests enable organizations to identify how their infrastructure will respond when under attack, and develop runbooks and playbooks to be used in case a real-life attack occurs.

Shortly after I wrote about how performance and security share a common trunk, a customer shared how they used Catchpoint public and OnPrem nodes to conduct a security exercise to simulate a DDoS attack and strategize a response to it.

The following scatter plot charts show the connect time, time to first byte, and web page response during the three phases of the exercise.

The network latency measurement was also conducted from OnPrem nodes to the border routers, measuring how the network suffered during the DDoS (latency and packet loss):

Congratulations to this company for not only performing this healthy exercise, which I am sure resulted in a ton of telemetry, lessons learned, and updated runbooks and playbooks; but, most importantly, for keeping an eye on end user experience as a key metric.

Mehdi