Distributed denial of service (DDoS) assaults are becoming more common, increasingly sophisticated and more costly all the time: Incapsula research in fact pegs the cost of DDoS at nearly $40K per hour. Yet organizations continue to rely on the same dated firewall solutions they have always used to protect themselves.
“It's clear they need a new strategy to update their DDoS response plan,” said Incapsula vice president of marketing Tim Matthews, in a blog. “However, developing such a plan can be a difficult proposition, particularly for organizations that have spent years ignoring the possibility of DDoS attacks.”
Many businesses are largely undereducated when it comes to DDoS, despite nominally knowing what they are. Aiming at those unaware of how DDoS has modernized in the past year or so, Incapsula has released a DDoS Response Playbook with guidance on how to prepare for a DDoS attack, what to do if one hits and how to ultimately respond to it.
“For the uninitiated, all the hype surrounding DDoS attacks may seem excessive,” Matthews noted.
The playbook lays out a four-step DDoS preparation process:
Create a response team – Establish who will respond to an attack so as to minimize confusion.
Develop a response plan – Determine who does what post-attack to maximize efficiency and minimize the response time.
Perform a risk assessment – Knowing where the risk is greatest is the first step toward addressing that risk.
Identify single points of entry – Find vulnerable spots in your network in order to protect them.
Creating an effective DDoS response plan requires an understanding of potential solutions as they pertain to detection, time to mitigation, user classification (the plan must include an effective way of differentiating between bad bots and legitimate users), and firewalls (organizations may require a WAF to protect against application-level threats). Incapsula also noted that partnering with an ISP is an integral step in proper DDoS preparedness.
And, once an attack has passed, it’s important to conduct a post-mortem analysis to assess damage and learn what you can do to mitigate future assaults, as well as assess the need for any legal disclosures.
“Preparing for a DDoS attack and creating a response plan is a necessary part of protecting your organization from criminals, activists and even competitors who might benefit from bringing down your web presence,” said Matthews.
Photo copyright © Duc Dao