Best Practices for DDoS Mitigation Service Testing and Validation

1. 1
Planning for and Validating a DDoS Defense Strategy
Distributed Denial of Service (DDoS) attacks can target any business on the Internet. Smart
organizations are taking proactive steps to build a defense against this threat as they become
better informed about the damage that site downtime can cause in terms of lost revenue and
customer dissatisfaction.
When an attack hits, panic can prevail. Seconds count in DDoS mitigation and the faster the
mitigation service is deployed, the shorter the site downtime. And if there is no mitigation service
in place, several days of downtime can be expected. Unfortunately, it’s not a matter of if, but
when a website will be hit with a DDoS attack.
Organizations that create a formal DDoS mitigation response plan have been most successful in
eliminating the panic around DDoS. However, a DDoS response plan on paper – or a promise
from a vendor – is not any guarantee that the mitigation service will work as expected.
Unfortunately, the first real test of a company’s DDoS mitigation service is when a distributed
denial of service attack actually occurs.
Best Practices for DDoS Mitigation Service Testing and Validation
With the DDoS mitigation service active, verify that all applications are performing properly
Verify that all routing and DNS is working
Generate a few gigabits of controlled traffic to validate the alerting, activation and mitigation
features of the service
Test small levels of traffic without scrubbing and without any DDoS protection to validate
that your on-premise monitoring systems are functioning correctly. This action will also help
you identify the stress points on your network.
Conduct baseline testing and calibrate systems to remediate vulnerabilities
Schedule validation tests on a regular basis with your DDoS mitigation service provider
Develop a DDoS mitigation playbook to ensure that everyone in the organization knows
what to do and what to expect when a distributed denial of service DDoS attack hits

2. 2
How to Prepare
Winning sports teams don’t ad lib or panic on the field when the opposing team launches a
surprise offensive play. They have a well-rehearsed playbook with defensive moves that have
been developed based on expertise and experience. A similar type of playbook can be essential
to a controlled, streamlined response to a DDoS attack.
IT management should talk to their DDoS mitigation services provider before an attack
happens. Ask questions and discuss all of the possible DDoS scenarios and threats that the
company could experience.
Test and validate your DDoS monitoring and mitigation services, how they affect your network
when activated, and how effective they are against defending against cyber attacks. More
importantly, having a strong operational plan for smooth activation and communication should
be an integral part of an organization’s response plan.
Regularly evaluate the capabilities of your service provider. Any reputable DDoS mitigation
service provider should have the expertise and capacity to serve many clients simultaneously –
an important factor to consider as the daily occurrences of DDoS attacks escalate.
When everyone in the organization – not just IT – understands what is involved with a DDoS
attack, they will be able to respond with more confidence, control and calm, knowing they have
a well-practiced operations plan in place. As a result, the DDoS mitigation process will go more
smoothly for minimized downtime and a faster return to business as usual.
Download our free white paper
Download Planning for and Validating Your DDoS Defense Strategy at www.prolexic.com/planning.
You’ll also read:
Detailed enterprise case studies that show what happened when businesses were not
prepared for a DDoS attack

3. 3
Key information to include in your DDoS mitigation playbook and why
A best-practice case study of DDoS attack readiness
More details on how to validate your DDoS defense
About Prolexic
Prolexic Technologies is the world’s largest, most trusted distributed denial of service (DDoS)
protection and mitigation service provider. Able to absorb the largest and most complex DDoS
attacks ever launched, Prolexic protects and restores within minutes mission-critical Internet-
facing infrastructures for global enterprises and government agencies. Ten of the world’s largest
banks and the leading companies in e-Commerce, SaaS, payment processing, travel,
hospitality, gaming and other industries at risk for DDoS attacks rely on Prolexic for DDoS
protection. Founded in 2003 as the world’s first in-the-cloud DDoS mitigation platform, Prolexic
is headquartered in Hollywood, Florida, and has DDoS scrubbing centers located in the
Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and
protect your business, please visit www.prolexic.com, call +1 (954) 620 6002 or follow
@Prolexic on Twitter.