"Making sure a provider can actually deliver on the level of service it promises is a critical step that many organizations overlook," said Stuart Scholly, president at Prolexic. "Mitigation failure is such a common problem that the majority of Prolexic clients came to us after the DDoS protection they had in place did not work."
Prolexic recommends that organizations work closely with their DDoS mitigation provider(s) to complete a professional, planned provisioning and service validation. The only way to be sure that DDoS protection will be effective is through proactive validation against different types of attack scenarios.
Prolexic recommends the following best practices for DDoS mitigation service testing and validation:
· With the DDoS mitigation service active, verify that all applications are performing properly.
· Verify that all routing and DNS is working.
· In partnership with your mitigation service provider, generate a few gigabits of controlled traffic to validate the alerting, activation and mitigation features of the service.
· Test small levels of traffic without scrubbing and without any DDoS protection to validate that your on-premise monitoring systems are functioning correctly. This action will also help you identify the stress points on your network.
· Conduct baseline testing and calibrate systems to remediate any network vulnerabilities.
· Schedule validation tests on a regular basis (yearly or quarterly) with your DDoS mitigation service provider to validate that the service configuration is still working correctly – and eliminate the risk of network element failures due to DDoS. If network issues arise during testing, your service provider may need to make modifications based on recent changes to your network, such as modified firewall rules, firmware updates and router reconfiguration.
"Based on the test results, Prolexic also recommends developing a mitigation playbook as part of an incident response plan," said Scholly. "This helps ensure that everyone in the organization knows what to do and what to expect if an attack strikes."
Additional DDoS service validation recommendations and guidance on how to develop a DDoS mitigation playbook can be found in Prolexic's latest white paper, "Planning for and Validating a DDoS Defense," which can be downloaded for a limited time from www.prolexic.com/planning.
Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world's largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first in-the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit www.prolexic.com, follow us on LinkedIn, Facebook, Google+ , YouTube , and @Prolexic on Twitter.