Since its first release in 2016, the DDoS Resiliency Score (DRS) helped us in a lot of DDoS-Assessments and Stresstest to illustrate the problem of ThreatLevel vs ProtectionLevel and communicate, which steps would be necessary for a client to reach the proposed ThreatLevel for each attack-vector ( volumetric, layer7).
Moving forward to 2021, the DDoS-Threatlandscape hasn't changed much: new vectors popping up every then and there, allowing vendors to fearmonger their client and call unison "The End Is Neigh", DDoS-Extortion is still a problem , and every once in a while a vendor claims to have seen and protected against the biggest DDoS-Attack Evva!
And while we have seen a not-yet-20yrs old trainee performing CarpetBombing with 300 GB/s, we found that the DRS v1.1 was somewhat not flexible enough and needed refreshments and polish, so we kept the established 7-Level-Scale and tried to match attacker-capabilities onto that matrix, based on what we've seen during DFIR-engagements or read in technical articles, allowing a more versatile determination of indidvidual ThreatLevels.
Please find below our proposal for an extended/modified DRS-Scoring, that we want to discuss with the community.
You can reach us on Twitter @zero_B_S as well.
Fragen? Kontakt: firstname.lastname@example.org