Prolexic has issued a number of recommendations that organizations can use to validate their DDoS defences, as well as protection services they receive from mitigation providers.
“Making sure a provider can actually deliver on the level of service it promises is a critical step that many organizations overlook,” said Stuart Scholly, president at Prolexic. “Mitigation failure is such a common problem that the majority of Prolexic clients came to us after the DDoS protection they had in place did not work.”
Prolexic recommends that organizations work closely with their DDoS mitigation provider(s) to complete a professional, planned provisioning and service validation. The only way to be sure that DDoS protection will be effective is through proactive validation against different types of attack scenarios.
Prolexic recommends the following best practices for DDoS mitigation service testing and validation:
* With the DDoS mitigation service active, verify that all applications are performing properly.
* Verify that all routing and DNS is working.
* In partnership with your mitigation service provider, generate a few gigabits of controlled traffic to validate the alerting, activation and mitigation features of the service.
* Test small levels of traffic without scrubbing and without any DDoS protection to validate that your on-premise monitoring systems are functioning correctly. This action will also help you identify the stress points on your network.
* Conduct baseline testing and calibrate systems to remediate any network vulnerabilities.
* Schedule validation tests on a regular basis (yearly or quarterly) with your DDoS mitigation service provider to validate that the service configuration is still working correctly – and eliminate the risk of network element failures due to DDoS. If network issues arise during testing, your service provider may need to make modifications based on recent changes to your network, such as modified firewall rules, firmware updates and router reconfiguration.
“Based on the test results, Prolexic also recommends developing a mitigation playbook as part of an incident response plan,” said Scholly. “This helps ensure that everyone in the organization knows what to do and what to expect if an attack strikes.”
Additional DDoS service validation recommendations and guidance on how to develop a DDoS mitigation playbook can be found in Prolexic’s latest white paper, "Planning for and Validating a DDoS Defense."