Prolexic recommends DDoS playbook
Company says all online enterprises should have a plan if they are faced with a DDoS
Distributed Denial of Service (DDoS) protection services company, Prolexic Technologies, has recommended that all online enterprises should implement a mitigation playbook to minimise the disruption and confusion that results from a DDoS attack.
This is a best practice that Prolexic implements with all clients.
A playbook is a rehearsed and tested plan that outlines in detail who in an organisation needs to be involved in the event of a DDoS attack, their roles and responsibilities, as well as a detailed communications strategy.
"DDoS attacks are deliberate, targeted events - happening on a daily basis - that demand preparedness plan much like homeowners preparing for hurricane season," said Neal Quinn, Prolexic's vice president of Operations. "When the hurricane inevitably hits, they don't panic because they knew what to expect and what steps to take to protect their investment."
Prolexic encourages online businesses to make DDoS mitigation part of their enterprise incident response practices, to maintain business continuity.
According to Prolexic, during the first quarter of 2012, more than six of Prolexic's top global financial services clients received significant DDoS attacks, but because they had worked with the company to develop and test a mitigation playbook in advance, the panic that can grip an organisation during a DDoS attack was avoided.
In addition, Prolexic was able to deploy its mitigation services faster and more efficiently.
Prolexic has recommended that companies work with their DDoS mitigation service provider to create a simulated DDoS attack or dry run that makes no actual changes to the network, to help management see the best way to manage both internal and external communications when confronted with a DDoS attack.
The incident response team can then work through the DDoS attack without doing an actual live test.
To streamline communications and ensure a fast, controlled response to DDoS attacks, Prolexic has recommended that organisations focus on three critical areas of communications; Managing communications, identifying key contact persons, and organising information for easy, fast accessibility.
As part of the playbook, Prolexic has also recommended outlining procedures and policies for setting up teleconference bridges. Typically, these would include:
A Mitigation Bridge - primarily for engineers to coordinate and monitor mitigation efforts
A Troubleshooting Bridge - primarily for engineers and application owners to investigate any problems arising during the on-ramping
A Security Emergency Response Team (SERT) Bridge - primarily for security and forensics participants
"When everyone in an organisation - not just IT staff- understands what it is really like to be under a DDoS attack before one actually occurs, they will be able to face the actual event with more confidence, control and calm," said Quinn. "As a result, the DDoS mitigation process will go more smoothly for a faster return to business as usual. That is why Prolexic advises all of our customers to prepare themselves for the real thing with a simulated DDoS incident and to incorporate DDoS into their incident response plan."
Vote in the Network Middle East 'Bring Your Own Device' poll here.