2015 Making Ddos Mitigation Part of Your Incident Response Plan Best Practices
of 3
-
Upload
rinbra4633 -
Category
Documents
-
view
219 -
download
0
Transcript of 2015 Making Ddos Mitigation Part of Your Incident Response Plan Best Practices
-
7/23/2019 2015 Making Ddos Mitigation Part of Your Incident Response Plan Best Practices
1/3
AKAMAI DDOS MITIGATION
BEST PRACTICES
-
7/23/2019 2015 Making Ddos Mitigation Part of Your Incident Response Plan Best Practices
2/3
Making DDoS Mitigation a Part of Your Incident Response Plan:
Critical Steps and Best Practices White Paper
Planning ahead forDDoS mitigationas part of an incident response plan and testing it in advance make it possible
to respond quickly and calmly to any attack and minimize potential operational and financial damage.
Develop a DDoS mitigation playbook
1. Designate a single point of contact for relaying information during the attack and send out short Twitter-style updates
internally across the organization to keep everyone informed.
2. Run an attack simulation exercise so that key personnel on the mitigation triage team understand their unique role in the DDoS
mitigation process, what changes they need to make to the network, and how they can continue to maintain business-as-usual
even when some resources are unavailable.
3. Make critical information such as names and phone numbers of key contacts easily accessible in a single place to save
valuable time.
Build and maintain a DDoS mitigation plan
4.Think like a DDoS attacker. When you think like an attacker, you will start to plan for all possible types of attacks and understand
all of the mitigation options at your disposal. Are all vulnerabilities in the infrastructure protected against attack? If not, make sure
any vulnerability is addressed ahead of time.
5.Dont rely on your Internet Service Provider (ISP). ISPs are generally not known for their flexibility when providing DDoS protection.
Ask the tough questions: If your network is hit with 10 Gbps of traffic from a reflection attack, how long will it take for the ISP
to block it using an Access Control List (ACL)? How much traffic will the ISP carry before they decide to blackhole it upstream?
6.Dont overestimate your infrastructure capabilities. Determine and ensure that your infrastructure has sufficient balance with
overhead headroom above and beyond what its peak requirements are and has robust networking hardware that can handle
extra traffic if needed.
7. Stay aware of changing DDoS trends and attack sizes. The average size of a DDoS attack was 7 Gbps in early 2015. Confirm that
your infrastructure can still withstand rising attack volumes and new attack vectors as they escalate
and change.
8. Deploy a DDoS solution before you need it. Avoid website and web application downtime in the first place by having an always-on DDoS mitigation solution in place as a part of your incident response plan before any attacks occur.
9. Communicate with your DDoS mitigation service provider. Establish good communication before a DDoS emergency hits and you
will be well prepared to defend your network.
10. Keep the DDoS mitigation playbook up-to-date. Do this on a regular basis, as well as when staff members change departments,
new people come on board, or a new vendor is added or replaced. Consistently review and update information related to your
networks infrastructure, website, and web applications.
11.Maintain tight relationships with other vendors. Incorporate these relationships into your incident response plan so that they
will be ready to calmly respond and know what to do when your emergency call comes in.
12. Test and validate your DDoS mitigation solution at least once a year, preferably twice a year. Validation ensures that your DDoS
solution is continuing to meet the requirements of your incident response plan. Plus, validation enables quality assurance testingto verify that no systems or applications are being adversely affected while traffic routes over the mitigation infrastructure.
Learn about some of Akamais Cloud Security Solutions:
Kona Site Defender:Website protection service to protect brand-critical, revenue-generating and performance-sensitivewebsites against DDoS and web-application attacks.
Prolexic Routed:Dedicated DDoS protection service to protect your entire network and data center infrastructure against large,sustained and sophisticated DDoS attacks.
Fast DNS:Cloud-based DNS service to protect against DDoS attacks targeting your dns infrastructure.
https://www.akamai.com/us/en/resources/ddos-mitigation.jsphttps://www.stateoftheinternet.com/security-cybersecurity-attack-trends-and-statistics.htmlhttps://www.akamai.com/us/en/solutions/products/cloud-security/kona-site-defender.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/kona-site-defender.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/prolexic-routed.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/prolexic-routed.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/fast-dns.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/fast-dns.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/fast-dns.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/prolexic-routed.jsphttps://www.akamai.com/us/en/solutions/products/cloud-security/kona-site-defender.jsphttps://www.stateoftheinternet.com/security-cybersecurity-attack-trends-and-statistics.htmlhttps://www.akamai.com/us/en/resources/ddos-mitigation.jsp -
7/23/2019 2015 Making Ddos Mitigation Part of Your Incident Response Plan Best Practices
3/3
