DDoS Protection Best Practices

Before an Attack - What to Consider When Implementing a DDoS Protection Solution

1. Recognize that no organization is safe. It’s not about if you will be attacked but when.
2. Identify your risks and security needs. The best DDoS protection solution is a good offense.
3. Implement DDoS detection tools from the same vendor. If you implement detection tools from different vendors, make sure they are able to communicate with one another and share relevant information to ensure optimal detection.
4. Make sure detection tools are optimally located. Remember, you can only protect against what you can detect.
5. Integrate your best DDoS protection and security strategy into your organization’s policies and procedures.
6. Prepare staff and assign them specifically defined roles and responsibilities for preventing DDoS attacks when your organization is faced with a DDoS attack.
7. Perform ongoing tests and evaluations of your systems and of new technologies available in the marketplace. Verify whether your organization can benefit from an out-of-path implementation of some detection tools, and evaluate implementation of a hybrid DDoS protection solution to protect and prevent your organization during DDoS attacks that saturate the Internet pipe.
8. Make sure your staff knows the DDoS attack do’s and don’ts. Create and circulate a list of people to contact when under attack. If a public website is at risk of going down, prepare an explanation and apology for users.

During a DDoS Attack - How to Minimize Damage and Interference to Business

1. Stay calm. Manage the DDoS attack. Take control.
2. Contact the in-house and/or vendor’s Emergency Response Team to make sure the best DDoS protection practices are carried out. If you depend on an ISP vendor, contact them now.
3. Identify the detection point, attack type, and DDoS attack tool used, and then decide on the best DDoS protection and mitigation service.
4. Transfer traffic to the cloud scrubbing center unless you are close to pipe saturation.
5. Document every step of the process.
6. Reassure your customers. Have a spokesperson ready to provide information to your customers during the attack using blog posts, Twitter, press releases, and the like.

After an Attack - What You Can Learn from the DDoS Attack

1. Perform a damage control analysis and review reports and forensics. Learn what went wrong so you can better prepare and prevent DDoS attacks in the future. Leave no stone unturned.
2. Optimize your security architecture to help prevent DDoS attacks in the future. Make sure you analyze and evaluate every aspect of the DDoS attack. Adapt technologies, policies, and solution strategies accordingly.
3. Manage PR. Provide customers and press with relevant details. Consider implementing a marketing campaign to win back the hearts of disappointed customers.
4. Make sure your forensics information and DDoS attack reports are available in case they are needed to support a law enforcement investigation.

Summary of Cyber-Attack and DDoS Prevention Best Practices

• Ensure the deployed solution provides the best DDoS protection available, along with the shortest time to mitigate. Time is of the essence.
• Fill in the holes. DDoS mitigation solutions need to offer wide attack coverage that can detect multi-vector attacks that hit different layers of the infrastructure.
• Use multiple layers. Resolve the issues of single-point solutions with top cloud-based protection that blocks volumetric attacks along with an on-premise solution that blocks other, nonvolumetric attacks.
• Mitigate SSL attacks, which remain a major threat. Deploy SSL-based DoS/DDoS mitigation solutions that do not affect legitimate traffic performance.
• Work with a single point of contact. In the event of an attack, this person can help prevent the DDoS attack by diverting Internet traffic and deploy the right quick-turnaround DDoS mitigation solutions.