DDoS (distributed denial of service) attacks are a serious and persistent threat to every network. This series highlights the six widely-accepted technologies and architectures that you can employ to protect your assets.
These are:
- Overprovisioning
- DDoS Mitigation Appliances
- ISP Scrubbers
- Third-Party Scrubbing Services
- Cloud Web Application Firewall
- Remotely Triggered Black Hole
For more detailed information, read our whitepaper, Building Better DDoS Mitigation.
My earlier posts covered options in mitigation technologies, including on-premise solutions, ISP Scrubbing Centers, third-party cloud solutions blog, and a remotely triggered black hole blog. This post covers the major considerations in choosing one or more technologies and creating a strategy and plan to deploy them in the event of an attack.
How to evaluate and choose mitigation technologies.
The first step in creating your DDoS mitigation plan is deciding which technologies to employ. Most enterprises create a layered defense using complementary technologies. For example, pairing an overprovisioned infrastructure for small attacks with a third-party scrubber to mitigate larger and more persistent ones.
Among the key considerations to keep in mind as you evaluate technologies to protect your online business:
- The extent and value of the assets you need to protect. Keep in mind that different websites or network segments could merit different mitigation plans.
- Protection levels from current and anticipated DDoS mitigation assets. Include the capabilities of your network and security hardware, as well as any protections in place through ISPs and cloud providers.
- The consequences and costs of a successful attack, and your willingness to absorb them. Consider how long you can afford to have assets unavailable, and what it would mean to your enterprise, your business partners, and your customers in lost business and goodwill.
- The effects of DDoS attacks on the efficacy of other technical controls. DDoS attacks today are increasingly used to overwhelm staff and/or network controls in hopes of creating exploitable vulnerabilities, so potential damages could extend beyond an outage.
- Current attack trends. Determine the size, intensity, and types of attacks targeting your industry over the last year.
Incorporate your chosen technologies in a mitigation plan.
With your mitigation technologies in place, establish clear and specific criteria that will trigger their use, such as attack volume, length, or type. Create and document any procedures that may be required to implement mitigation, such as when and how to change BGP or DNS settings. Make sure they’re readily accessible to your own staff as well as key partners.
Finally, test your controls every six months to ensure that service dependencies and assumptions are still valid. It may seem like a lot, but speed matters in responding to a DDoS attack, and the ability of your team to quickly follow well-defined procedures will limit the impact any attack can have.
If your strategy involves a third-party cloud solution, Vercara has you covered. Both UltraDDoS Protect, our massively scaled DDoS solution, and UltraWAF, our advanced Web Application Firewall, work effectively to provide the highest level of protection, either as an independent solution or combined with other technologies.
We’d be happy to discuss your DDoS strategy and look for solutions that could strengthen your security posture. Contact us today for a consultative discussion of your strategy and options. And for a more complete and detailed discussion of technologies and strategies, see Building Better DDoS Mitigation.