The Fortress Measure Of Effectiveness - Rackspace Test

The Fortress Measure Of Effectiveness - Rackspace Test

January 2016 by perchadmin
With the launch of Fortress late last year, we were pleased - and somewhat proud - to see our 2-year old project stand on its own two feet and help businesses around the world in preventing brute force attacks.

Our previous blog covers how and why we decided to create Fortress in the first place, if you haven’t already done so, you can read all about it on our website.

If you’ve ever completed, or even attempted, any software development, you’ll know how much testing and development goes on behind the scenes. Before anything can be launched to the public a long line of beta versions are required to test, even then, drilling down through the feedback, data and results can be an arduous task.

Throughout our testing (long before launch), one area of Fortress that we wanted to focus attention on was just how effective it is as a piece of standalone IT software and how capable it is of preventing the types of attack that could put entire IT systems in jeopardy.

The Testing Process

It soon became apparent to us that Fortress really was effective and powerful. Towards the latter stages of final testing, we decided to put the app through its paces and give it a live, real time test. We approached Rackspace and purchased brand new server space to test Fortress on. Being new, there were no files or any data on the servers at all, and we left it to its own devices for a little over two weeks.

Installing Fortress (with no GBL add-on) we were able to confirm how many times a brute force attack occurred in the next 24 hour period. Even with no data available to get to, Fortress recorded a massive 28,779 failed log-in attempts in that time. This figure from 32 unique IP's. Not an overly surprising set of figures, but we were still a little taken aback by the amount.

We then left Fortress running on the server with its standard config and left it alone for a week. As we expected, the collated stats after the week were down, showing a dramatic reduction of failed log-in attempts over the final 24 hour period - down to just 238 from 27 unique IP's.

Our final test was to add the GBL to see how effective it was and whether we could get yet another reduction in attacks. The results stunned us. After a full week of the GBL install, the final 24 hour period saw failed log-ins down to just 6 attempts, from 2 unique IP’s.

The Ongoing Task

These results clearly showed us that Fortress was more than capable of shutting down unauthorised log-in attempts, but the overall reduction was more than we could have anticipated. We worked on getting the reductions down even further for the initial release of Fortress and we’ll continue to develop all areas, along with other features and improvements, on each update.

What these results categorically show however, is that the magnitude of brute force attacks is huge and relentless. Our tests show figures from any one 24 hour period and without Fortress 1.00x installed, you could be looking at anywhere up to 10.5m log-in attempts per year on your private and confidential data.

Read more about Fortress 1.00x on our site and get a full list of features and benefits from our Home page. And, if you haven’t yet installed Fortress, you can download it for free, to give your servers the intelligence they need to guard against brute force attacks, by offering you powerful and dynamic protection.

Until next time, Adam
Subscribe & Follow
Subscribe to our Newsletter and follow us on Twitter to get free email updates of product releases and articles from our blog.