Development / Node.JS

Enterprise security enhancing solution for Fortune 2000 companies

Redwolf

RedWolf Security simulates information security threats on corporate computer networks. Being a pioneer in legal DDoS testing, RedWolf has several years of experience in helping the largest global brands improve their resilience to cyber attacks. The company uses proven techniques to secure their clients’ networks and equip them with the most effective solutions against future threats.

Introduction

About project

The main goal of RedWolf is to build a comprehensive and feature-rich security solution available for enterprises. Their product simulates web threats and creates DDoS attacks for the sake of testing the security of clients’ infrastructures, conducting the attacks in a controlled manner.

Our tasks

task icon
Enabling identification of attack source

Developing a system that would correctly identify the attack source for different end users.

task icon
Adjusting the tool to the specific needs of different end users

Enabling the function of sending data to chosen addresses either within the local environment, in one browser, or in a global environment – between different browsers or different servers.

task icon
Increase product security

Building more secure code to contribute to the overall safety of the product.

Challenges

01
side image

1. Creating a better user service

When they approached Neoteric, Redwolf’s product structure required a system that would receive metadata items, match them against subscriptions and send those “messages” (meaning any piece of information sent between different modules, servers or microservices) to subscriber functions. The delivery system was also intended to have the ability to list, add, and delete “subscribers” which are able to receive metadata items.

The Client needed a solution enabling better application user service and the whole cooperation required facing several issues: handling extensive amounts of data in short time, combining various servers to work in a synchronized way and building more secure code to contribute to the overall safety of the product.

2. Scaling the learning curve for end-users

One of the challenges was to provide a distributed message system that is reliable, fast, and platform agnostic. Platform agnostic approach enables unifying the user interface across all devices, meaning it can run both when the environment is a browser or a Node.js server (no need for two separate applications!). It would scale down the learning curve for end users and improve the change deployment process in the future.

The project was awesome! It was quite challenging but it was really nice to see the impact we had on companies' security, helping the largest global brands improve their resilience to cyber attacks.
author image

Przemysław Czekaj, Senior Full-stack Developer at Neoteric

Solutions

02

1. Meeting project requirement using complementing technologies at different stages of project development

Due to a microservices structure and some clients’ apps, some elements were built in complementing technologies (one in AngularJS, other in Angular). Similarly, NodeJS was used for microservices, and the remaining elements were built in NestJS. In order to assure that the product meets all the requirements, we needed to use different technologies at different stages and for different modules.

2. Adjusting the tool to specific needs of different end users

When simulating the attacks, numerous microservices needed to communicate with each other and to provide feedback back to the requester (asynchronously).

We made sure that messages can be sent to chosen addresses (one or more), either within the local environment, in one browser, or in a global environment – between different browsers or different servers.

Thanks to that, the tool can be adjusted to the specific needs of different end users. An additional microservice that is responsible for storing the gathered data let them review and analyze the data anytime they need.

3. The product lacked the intuitiveness necessary for users to achieve their goals.

To correctly identify the source of the simulated attack (and make sure that there is no real attack going on at the same time), the messages sent and received within the system are based on patterns. By recognizing the pattern, the system is able to tell if received messages are only the ones that were previously sent by the user.

To make sure that this solution would work for different companies, we added one more option of customization. While delivering messages by different communication layers, such as WebSockets or Kafka, there are different transport layers from which a user can choose what suits their requirements best.

They can choose different transport layer depending on their priorities such as the overall performance, cost, ability to customize it, etc.

side image

Technology we used

Angular
Axibase
Docker
Kafka
Mongo DB
Nest JS
Node JS
Protractor
Redis
Ruby On Rails
Selenium

Project Results

03
1. Enabling safe data access for users

The development team created a solution similar to a router, similar to the DNS and the network stack. It handles big amounts of data and transfers it back to the storage where the users can access it easily and review. We have provided a library written in TypeScript that allows us to build more secure and more reliable code, supported with tests on our side to remove all possible bugs.

2. Creating a robust cyber-defence system

The library evolves over time and now is used in many internal and external projects to provide a distributed message system, registering microservices, delivering messages to a specific recipient. Thanks to this and other functionalities, in the long run, Redwolf’s product users benefit from an efficient and robust cyber-defense system.

3. Enabling safe and efficient data extraction as well as report generation

The final result of development works was a distributed message delivery system that works in production environments for many end users, including hundreds of Fortune 2000 companies. Along with the Client’s team, we created a solution enabling safe and efficient data extraction and correlation system, managing relations between data and the server, and creating reports for the end users.

Conclusion

We have created a robust cyber security system that end users can easily access, use and generate reports with. The system was adjusted to be used by many users simultaneously for safe and efficient data extraction.

Do you like our work?

Let's talk

about your project!

Download now!

Enter your personal and working information.

Fill out the form below to watch the recording.

Download now!

Enter your personal and working information.

Fill out the form below to watch the recording.

Fill out the form below to watch the recording and download the infopack.

AI in e-commerce - Greg Gwozdz

Fill out the form below to watch the recording.

Webinar on demand

Enter your personal and working information.

Web development outsourcing poland

Download now!

Enter your personal and working information.