Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Developing an effective response to distributed denial-of-service (DDoS) attacks requires taking specific steps for prevention, detection, verification, containment, eradication and recovery. This piece explains how the DDoS threat is evolving and provides
a step-by-step playbook to ensure your organization is protected against DDoS attacks.
A DDoS attack is an attempt by attackers to keep users from accessing a networked system, service, website, application or other resource by flooding the target with packets/requests and slowing down or completely halting its operation. SYN attacks remain
the most popular attack vector used by DDoS attackers, but RST, UDP and DNS amplification attacks are also common.
DDoS attacks come in three forms:
DDoS prevention starts with preparing measures to ensure effective and efficient response to incidents. To recap the recommendations outlined in IANS’ DDoS Protection Checklist, ensure you:
In addition to the aforementioned DDoS prevention steps, create an incident response plan that:
During the planning phase, you should also make sure you understand where single-points-of-failure are located and how you could mitigate threats to them. For high-impact assets, consider employing multiple ISPs.
A DDoS attack is a complex challenge for a business to face, because often, it’s difficult to determine whether a spike in traffic is legitimate or an attack, especially if the proper tools aren’t in place.
Detection can be automatic or manual. Manual detection usually occurs when people or customers complain about slow performance or inability to access resources, but there are also network monitoring tools from Cisco and SolarWinds that can automatically
detect and alert that an attack is under way. Obviously, automatic detection is better because it occurs faster than a manual process ever could.
If you suspect an attack is in process, you can also:
Any of these signs may be indicative of an attack in progress. Once confirmed, it’s time to invoke the incident response plan. The immediate goal is always to mitigate business impact and get systems available again as soon as possible.
Once an attack has been identified, it must be stopped or mitigated. If enough effort has been put into the planning phase, you should have good strategies in place with business systems prioritized. Some strategies for containment, eradication and recovery
are more expensive than others, so be sure to factor in business criticality and impact. Key areas to consider include:
Usually, no single strategy alone will fully mitigate a DDoS attack. It’s important to take a multi-strategy approach based on your business risk. And the more strategies you use, the more important it is to test them to ensure they will work as
expected when a real attack occurs.
Tabletop and other simulated exercises can help test both tools and processes, and verify they perform as expected. It’s also critical to learn from these activities and adjust the plans, as necessary.
DDoS attacks remain an ongoing threat for many companies, but with the right preparation and incident response processes, the business impact of these attacks can be mitigated. To ensure you have the best defenses in place, make sure you:
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
September 21, 2023
By IANS Faculty
Learn why CISOs Need D&O Liability Insurance Coverage now more than ever along with guidance to help minimize potential cyber liability risk.
September 19, 2023
Discover the diversity of IANS Faculty's real-world expertise. Learn how our faculty members can help you solve your most challenging security issues.
September 14, 2023
Learn how to use a three-step approach to defending and managing public and private APIs while avoiding common mistakes.