By Shiri Epstein, NoCamels -
Tired of trying to reach websites that were inaccessible due to a frequently used form of cyberattack known as distributed denial-of-service (DDoS), veteran security expert Matthew Andriani decided to take action. He directed his company MazeBolt to find a solution to DDoS attacks that did not involve shutting down a website completely.
DDoS attacks are malicious attempts to disrupt a website by overwhelming it with a flood of manufactured requests for access, leaving it unable to process any requests at all and users unable to even visit the site.
Experts say DDoS is one of the world’s most common cyber attacks, with international performance management firm Netscout reporting more than 13 million of them worldwide in 2022 alone.
The attacks are usually conducted via bots, who all attempt to access the targeted site at the same time. These bots are often managed through botnets – online devices that activate the bots to carry out attacks.
Google even came under the largest-ever DDoS attack in August 2023, saying that at its peak, the company was dealing with 398 million requests per second.
It took MazeBolt four years, but eventually Adriani and his Ramat Gan-based company created the RADAR detector, which constantly searches websites for any vulnerabilities to DDoS attacks and alerts the company to them.
The RADAR system can be installed on a company’s servers either through the cloud or network, and allows MazeBolt to send simulated attacks in order to understand which are able to get through a website’s protections and which are stopped.
“We can show you the depth of how an attack penetrates various security layers,” Andriani tells NoCamels.
He explains that unlike other anti-DDoS services, MazeBolt’s RADAR system acquires information about such vulnerabilities in a non-disruptive manner, allowing it to constantly monitor a company’s online presence without actually triggering a complete shutdown of the website.
When activated, the MazeBolt platform sends simulated DDoS attacks in increasing increments every few seconds. If a vulnerability is detected, a sensor embedded within the platform ends the attack at once – before it brings down the website in question.
“There’s no false positives with our technology,” Andriani says. “We go according to actual data: could it bypass the protection or couldn’t it?”
A report on any vulnerabilities identified by the security system is delivered to a third party security company to handle.
Once a vulnerability that could have led to a successful DDoS attack is fixed, the system carries out another mock attack in order to ensure that the necessary changes have been made, and the website can indeed now deflect that cyberstrike.
And although any such security company is suitable, MazeBolt itself works with the Tel Aviv branch of US technology firm F5 Networks, which specializes in API, network and web app security.
“[F5] spent almost 18 months realigning their procedures internally to deal with our data and to close those vulnerabilities in a more streamlined way,” says Andriani.
Experience, Adriani says, has taught MazeBolt to make doubly sure that the weaknesses are indeed taken care of by the third party security company.
Because RADAR is the only solution that does not require a website to shut down for hours in order to test for DDoS vulnerabilities, Adriani explains, companies often delay such checks for months at a time, leaving them exposed.
He says that on average, an initial test of a website’s system security shows that 40 percent of DDoS attacks are not blocked. After a second test, when those initial vulnerabilities have been dealt with, Andriani states, 98 percent of attacks are blocked.
MazeBolt is funded by private investment and, according to Andriani, it will stay that way for the foreseeable future.
The company is currently partnered with tech firms in Europe, and is in the process of expanding to the US. In Israel, it is working with the government and world-leading payment processing company Payoneer.
The next steps for the company include further expanding its reach, improving and growing, Andriani says. This will be done with the help of MazeBolt’s latest development, an AI platform to automatically test companies’ exposure to DDoS attacks, which is currently in its beta version.
“To actually achieve good DDoS protection and prevent a damaging attack, you need to know where your vulnerabilities are,” he says. “And these systems are very vulnerable.”