There's is definitely something fishy here. DDoS attacks don't just 'cause vulnerability' in a system. Either a very important part of the story is being left out or BIPS is making it all up. I don't see how a disconnected or overloaded iSCSI connected SAN can 'cause vulnerability' leaving their system open for hackers?

BIPS please explain.