DDoS attack protection can become quite complex and require deep expertise. And yet, there are some basic steps you can take to improve your protection – without requiring any professional help. Here are four activities you can take right now.
This is really the most basic and easiest step. Not performing any DDoS testing is like releasing software without any QA. Or, like allowing the attacker to run the testing for you and identify your weaknesses when it is most painful.
Running DDoS testing is a 3-hour effort. You either hire a company to run it for you or go for the cheaper DYI option, where you ‘rent’ a platform for 3 hours and generate controlled attacks. The cost is low, but it always yields great ROI. I can promise surprise findings that can lead you to significant improvements to your DDoS protection.
If you use CDN services (also called web protection), then maximizing your use of caching is the easiest way to reduce your attack surface with a single setting change.
Increasing caching levels means that more data will be saved on the servers of your CDN service provider (like Akamai, Cloudflare, or Imperva Web Protection). In the event of a DDoS attack on one of your assets, such as an e-commerce page, the fact that it is stored on the provider’s network will essentially block the ability to take it down.
Improving caching may be as simple as activating it or increasing the level of caching. In other cases, increasing caching levels may require help from R&D.
By the way, caching as a means of improving DDoS readiness is also applicable if you’re using load balancers. However, in this case, the level of improvement will depend on your load balancers and network gear.
Write down DDoS attack procedures for your SOC/NOC/First responder. This may sound trivial or even odd, but I can assure you that by simply writing down the activities to be carried out during a DDoS attack, you’ll ensure a faster and more effective response during an attack. Here are a few questions to get you started with procedures. How do expect the NOC or SOC team to detect a DDoS attack? Do you have the tools to detect an attack? What are the actions that will be taken once an attack is detected?
Most organizations today use managed DNS services. If a successful DDoS attack will be carried out on your managed DNS service, your own online systems will also become unavailable. By adding a second DNS provider, you’ll have two separate DNS networks running simultaneously and your services will remain available also when one DNS service is down.
While DDoS attacks on DNS service providers are not an everyday event, consider the 2016 DDoS attack on Dyn that affected dozens of companies. Also in the recent Facebook outage, while no DDoS attack was detected, the outage was caused by DNS issues.