Welcome!

Web Performance is a Journey, Not a Destination

Mehdi Daoudi

Subscribe to Mehdi Daoudi: eMailAlertsEmail Alerts
Get Mehdi Daoudi via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

Red Team vs. Blue Team – Security and Performance

When a security breach or DDoS attack occurs, performance and user experience are the first visible victims. 

As the use of cloud services continues to make security more important than ever, conducting internal war games is a great way to understand your weaknesses before a real catastrophe happens.  A common way companies test this is by using a red team / blue team approach.  The red team is a group of white-hat or ethical hackers that attack the infrastructure with the goal to identify weaknesses.

These types of tests enable organizations to identify how their infrastructure will respond when under attack, and develop runbooks and playbooks to be used in case a real-life attack occurs.  

Shortly after I wrote about how performance and security share a common trunk, a customer shared how they used Catchpoint public and OnPrem nodes to conduct a security exercise to simulate a DDoS attack and strategize a response to it.

The following scatter plot charts show the connect time, time to first byte, and web page response during the three phases of the exercise.

 

DDoS securityhttp://assetsblogfly1.catchpoint.com/wp-content/uploads/2016/06/DDoS-sec... 300w, http://assetsblogfly1.catchpoint.com/wp-content/uploads/2016/06/DDoS-sec... 768w, http://assetsblogfly1.catchpoint.com/wp-content/uploads/2016/06/DDoS-sec... 624w" sizes="(max-width: 625px) 100vw, 625px" />

The network latency measurement was also conducted from OnPrem nodes to the border routers, measuring how the network suffered during the DDoS (latency and packet loss):

DDoS-security-charthttp://assetsblogfly1.catchpoint.com/wp-content/uploads/2016/06/DDoS-sec... 300w, http://assetsblogfly1.catchpoint.com/wp-content/uploads/2016/06/DDoS-sec... 768w, http://assetsblogfly1.catchpoint.com/wp-content/uploads/2016/06/DDoS-sec... 624w" sizes="(max-width: 625px) 100vw, 625px" />

Congratulations to this company for not only performing this healthy exercise, which I am sure resulted in a ton of telemetry, lessons learned, and updated runbooks and playbooks; but, most importantly, for keeping an eye on end user experience as a key metric.

Mehdi

The post Red Team vs. Blue Team – Security and Performance appeared first on Catchpoint's Blog.

Read the original blog entry...

More Stories By Mehdi Daoudi

Catchpoint radically transforms the way businesses manage, monitor, and test the performance of online applications. Truly understand and improve user experience with clear visibility into complex, distributed online systems.

Founded in 2008 by four DoubleClick / Google executives with a passion for speed, reliability and overall better online experiences, Catchpoint has now become the most innovative provider of web performance testing and monitoring solutions. We are a team with expertise in designing, building, operating, scaling and monitoring highly transactional Internet services used by thousands of companies and impacting the experience of millions of users. Catchpoint is funded by top-tier venture capital firm, Battery Ventures, which has invested in category leaders such as Akamai, Omniture (Adobe Systems), Optimizely, Tealium, BazaarVoice, Marketo and many more.