In two previous blog posts, we discussed the importance of a DDoS response plan and considerations you should keep in mind when choosing a DDoS mitigation service. In this final part of the series, we offer 3 quick tips for gleaning something useful out of an attack.
A DDoS attack offers the opportunity for improvement. If you have a response plan in place, review it and ask yourself some questions regarding its effectiveness in mitigating the attack. Assess what has helped in the past, what hasn't, what wasted time, and what you should add to your plan to make it more effective for future attacks. Along with assessing your plan, evaluate how well specific individuals on the response team worked together. Make adjustments to your plan accordingly.
If you were attacked and did not have a response plan in place, you now have an incentive to do so. You do have the advantage of knowing what to expect during an attack so you can make an effective plan.
Along with assessing your response plan and the personnel who worked on the problem, take a look at your DDoS mitigation service (if you’re using one). Evaluate how well they performed. How was their response time? Did they begin mitigating the attack right away? How long did it take them to mitigate the attack? Were they worth the cost? Be certain that they fulfilled the expectations you had and paid for.
If you didn’t use a DDoS mitigation service, you might want to consider using one.
Lastly, analyze the attack itself. If you used a mitigation service they should be able to provide you with reports and details of the attack. Understand what the traffic profile looked like during the attack. This will help you understand what traffic patterns to look for in the future. If you begin to see spikes in your traffic and the IP addresses or IP ranges are different than normal, you can proactively block them.
DDoS attacks are on the rise. In the Akamai State of the Internet security report, they found a 57% increase in DDoS attacks in the last quarter of 2014 compared to 2013. It’s safe to say that most companies will have to deal with a DDoS attack. Being prepared, getting help from a mitigation service, and constantly refining the methods you use to meet those attacks will greatly lessen the damage to your organization.