MazeBolt’s Quiet Revolution in DDoS Defense
If you have been in the DDoS world long enough, you know the script. Buyers sign big contracts with marquee vendors, turn on an impressive looking stack of scrubbing centers and appliances, and everyone relaxes just enough to be surprised when the next attack quietly slips through and takes a critical service offline.
MazeBolt is the company built around the uncomfortable truth behind that pattern. As CEO Matthew Andriani puts it, their mission is to confront what is really happening inside those defenses, not what the marketing slide says should be happening.
From the start of our conversation, it was clear this is not another “me too” DDoS vendor story.
“We are not a competitor to them,” Andriani said, referring to names every CISO knows: Akamai, Cloudflare, Radware, Imperva, Microsoft, Amazon. “We integrate with all of those companies. We augment those systems.”
The claim is straightforward. In real environments, even with big name providers in place, automated DDoS protection often sits around sixty percent. MazeBolt’s customers, after running the company’s testing and tuning process over time, see that number jump to “over 98 percent automated protection using the data that we generate.”
For CISOs who live and die by uptime and SLA, that delta is not incremental. It is existential.
The painful gap no one wanted to measure
The core of MazeBolt’s story comes from Andriani’s own background. Before founding MazeBolt, he spent years on the sharp end of DDoS attacks at Radware and in other roles.
“My background is from Radware and from Check Point before, but also in image recognition,” he explained. “My last role in the market was in Radware, where I transitioned the research team, which basically very quickly became a DDoS research team, to an emergency response team, because Radware started to generate revenue out of that.”
In other words, he was the one getting called when the glossy security architecture diagrams failed and a customer’s business went dark.
“When the attack penetrated Radware’s technology and they were not mitigated automatically, the customer is down,” he said. “Our job was to restore services to that customer, identify the attack, and why the technology did not apply a solution.”
Over hundreds of incidents, a pattern emerged.
“Every attack I have looked at and seen, the hundreds by then, these could have all been prevented,” he told me. “Everything could have been prevented, but no one has the data, and no one knows what to do. It looks obvious to us, because we are doing this all day, but at a customer, and these are big customers, which have budgets that look like they are unlimited, banks, governments, these are huge customers, major telcos. And how come no one has got this data?”
In a market that loves dashboards and pretty mitigation charts, the most important data set simply did not exist. Nobody was systematically cataloging how attackers were actually bypassing the stack. Everyone was assuming that if you tested a few modules and ran a maintenance window once in a while, you were good.
MazeBolt was founded to turn that blind spot into a measurable, repeatable process.
DDoS protection is not one wall, it is thousands of doors
One of the more useful things Andriani does is blow up the industry’s favorite simplification. Many organizations still think of DDoS in terms of “a few attack vectors” and a big scrubbing center that “blocks them most of the time.” It is a comforting story, and it is dangerously incomplete.
“When you start to look at what is the true attack surface here, and the actual places an attacker can really attack, it started to get into the thousands, tens of thousands, and millions of potential entry points in the DDoS protection,” Andriani said.
He is not being theoretical. During years of red team style DDoS testing and services work, his team kept seeing a frustrating pattern.
“Every time they managed to bypass the protection, it was always a different target with a different attack that we thought should have been covered,” he explained.
The simple approach his team and others used in the early days was to validate individual mitigation engines within a product or service.
“No matter what DDoS protection you look at, there are 10 or 12 modules that actually do the mitigation, signatures, behavioral, challenges, whatever it might be,” he said. “We had a certain amount of attacks that would validate each engine. The theory being, if we validate each engine, everything is going to be great.”
That theory did not survive contact with reality.
“It just was not effective,” he admitted. “I still believe it was okay, but we thought we were doing something that we were not.”
For CISOs, this is probably the most uncomfortable line in the whole story, because it sounds familiar. You have got tests, you have got a red team, you validate some scenarios inside a maintenance window, you feel reasonably safe, and then one day a very real, very different attack takes out a route, a VoIP cluster, or a payment application you assumed was protected.
As Andriani put it, if you are in a VoIP business, “your customers do not care why you are down. As far as they consider, you have got a bad SLA. And if you are a tier one provider, you will become a tier two provider, and then a tier three.”
In other words, every bypass is not a learning opportunity. It is a reputational downgrade.
The engineering problem no one wanted to take on
Recognizing that the industry lacked data was the easy part. The hard part was figuring out how to collect it safely and at scale.
Prior to MazeBolt’s approach, realistic DDoS testing required a maintenance window, with “everyone on standby, the NOC, the SOC, whatever,” as Andriani recalled. You could do it rarely, under strict conditions, and you would probably still irritate the business. That is not a recipe for comprehensive coverage across thousands of real world targets and attack paths.
To break that limitation, MazeBolt set out to build something fundamentally different.
“We patented a method that we can launch an attack against the service, like a VoIP service, but we do not affect the service,” he said.
That is the key technical breakthrough. MazeBolt can generate and aim DDoS style traffic at real services in a way that reliably triggers the customer’s DDoS defenses without degrading the live service itself.
“In order to find that data of how attackers are able to penetrate the defenses, we understood the only practical way to do it is if there was a way to launch an attack, trigger the mitigation, not affect the service, then you can definitively say that this particular protection has been bypassed,” Andriani explained. “That was the patent we formed, developed, and launched in 2021, and since then, that is the only thing we do. We do not do any other services.”
If the classic industry approach is a spot check, MazeBolt is more like a continuous MRI scan of your DDoS posture. The system maps all those thousands of potential entry points, repeatedly probes them, and records where your protections fail in practice, not in theory.
From scrubbing center to deep telemetry
MazeBolt’s platform sits alongside the existing stack, not in its place.
“We show the telemetry for every layer of protection all the way from the scrubbing through the most internal appliance you have,” Andriani said. “And if you are in the cloud, same concept. If you have got Akamai upstream, or just CloudFront, or whatever you have got, we show the telemetry of how deep the attack is penetrating toward your actual online service.”
This is where the company’s big data approach comes in. Rather than nudging CISOs to chase every single failing test one by one, MazeBolt focuses on aggregating and prioritizing.
“We recommend our customers, do not run and fix one by one by one,” he said. “Let us run for a short amount of time, depending on the size of your environment. Then we operate on a big data set to make one change to fix a lot of issues.”
If that sounds like hygiene for DDoS configurations, that is the point.
“If we find that a particular attack vector affects 1,000 targets, we want to start with that attack vector,” he said. “Your report has 1,000 potential entry points. All of a sudden, you are de risking your environment, which is very useful for compliance, various cybersecurity stakeholders on the board, and insurance also. We see a lot of, especially in the payment processing and credit card space, cyber insurance is a big deal there in terms of transaction loss.”
For boards and insurers alike, the ability to point to hard data that shows your automated DDoS protection rising from roughly 60 percent to the high nineties is a very different story from “we trust our vendor.”
The market pain is still here
If you assume that vendors have quietly solved all of this since the early days of scrubbing centers, Andriani would disagree.
“That pain exists still today,” he said.
Before MazeBolt even finished building its first version, Andriani went to some of the largest organizations in the world and asked for a commitment. If he could deliver a technology that would safely test and harden their DDoS defenses at scale, would they run it?
“I went and got commitments from global companies that, if we build this technology, will you deploy and run it, including government,” he recalled. “I got a few commitments that they said yes. So we started to build it. Three years later, we launched version one. It was a very deep tech engineering problem.”
The fact that these organizations signed up in advance tells you something. Large banks, carriers, and government entities already knew that the gap between their paper DDoS posture and their real attack surface was wide enough to keep their teams up at night. They lacked a way to quantify it without risking the business.
MazeBolt’s platform gave them a path to do exactly that.
Why this matters for CISOs right now
What MazeBolt is really attacking is a culture problem in DDoS defense. For years, the industry has behaved as if this were mostly a solved problem, aside from the occasional sensational headline. The reality, as anyone who has sat through a real outage call knows, is far less comforting.
DDoS is one of the few domains where you can be “mostly protected” and still suffer catastrophic impact. Being right 98 percent of the time might look impressive in a slide deck, but if the remaining 2 percent happens to line up with your key payment window or a major product launch, the business impact is absolute.
By systematically probing the full attack surface and documenting every real bypass path, MazeBolt is forcing a more honest conversation. Instead of “do we have a good vendor,” the question becomes “do we know, with evidence, how often our stack actually blocks attacks automatically, and where it fails in the real world.”
If your answer to that second question is vague, you are precisely the audience MazeBolt is speaking to.
A call to action for CISOs
For CISOs and senior security leaders, the practical takeaway from MazeBolt’s approach is simple. You cannot manage what you do not measure, and right now most organizations are not honestly measuring the real effectiveness of their DDoS defenses.
The next steps are concrete.
First, treat DDoS like any other critical control domain. You would not accept a phishing program that only blocked sixty percent of malicious emails or an EDR deployment that only spotted sixty percent of intrusions. Apply the same intolerance to half measured DDoS performance.
Second, push your teams and vendors to produce data, not comfort. Ask for evidence of automated mitigation rates over time, across all major services, including VoIP, APIs, and business critical applications, not just the front door web presence. If your current toolset cannot provide that, it is time to augment it with something that can.
Third, consider running a programmatic DDoS assessment that does not rely solely on occasional maintenance windows and scripted tests. MazeBolt’s model of safely launching real attacks, gathering telemetry across every layer, and then using big data to drive broad configuration improvements is one example of what that can look like in practice.
In a world where your customers, partners, and regulators no longer care why you are down, only that you are down, closing the gap between assumed protection and measured protection is not a “nice to have.” It is table stakes.
Author’s Note
The author sat down with Matthew Andriani of MazeBolt at the 2026 RSAC Conference in San Francisco, held March 23rd to 25th, 2026, to discuss how the company is reshaping DDoS defense by turning real world attacker behavior into actionable hardening for some of the world’s most demanding environments.
For more information, please visit www.mazebolt.com
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company and co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs)”. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
