Prolexic Technologies recently announced having a mitigation “playbook” helped six of its global financial services clients minimize the impact of Distributed Denial of Service (DDoS) attacks during Q1 2012.
“Because these companies had worked with us to develop and test a mitigation playbook in advance, the usual panic that can grip an organization during a DDoS attack was avoided,” said Neal Quinn, Prolexic’s vice president of Operations. “In addition, Prolexic was able to deploy its mitigation services faster and more efficiently. DDoS attacks are deliberate, targeted events – happening on a daily basis – that demand a preparedness plan much like homeowners preparing for hurricane season. When the hurricane inevitably hits, they don’t panic because they knew what to expect and what steps to take to protect their investment.”
The scope of a playbook revolves around having a rehearsed and tested plan that clearly states the responsibilities and role of the person in charge during a DDoS attack. It also defines a detailed communications strategy.
To help organizations prepare against DDoS eventualities, Prolexic said they should work with their DDoS mitigation service provider in rehearsing simulated DDoS attacks so that both internal and external communications can be optimized during an actual attack.
To enhance their communications strategies, Prolexic recommends organizations focus on managing communications so there is no confusion over who’s in charge during a DDoS attack. Organizations should ensure their incident response teams use a single point of contact for communicating within the organization.
Organizations should also be aware of key persons who need to be contacted during a DDoS attack, to avoid unnecessary panic across the organization. Thirdly, organizations must guarantee information, such as names and phone numbers of key contacts, is organized for easy and fast access.
Procedures and policies governing teleconference bridges should include a mitigation bridge allowing engineers to coordinate and monitor mitigation activities, while a troubleshooting bridge enables engineers and application owners to examine issues that arise during the on-ramping process.
A Security Emergency Response Team (SERT) bridge should also be set up with security and forensics persons.
“When everyone in an organization, not just IT staff understands what it is really like to be under a DDoS attack before one actually occurs, they will be able to face the actual event with more confidence, control and calm,” added Quinn. “As a result, the DDoS mitigation process will go more smoothly for a faster return to business as usual. That is why Prolexic advises all of our customers to prepare themselves for the real thing with a simulated DDoS incident and to incorporate DDoS into their incident response plan.”
Edited by Braden Becker