AKAMAI DDOS MITIGATION

BEST PRACTICES

Making DDoS Mitigation a Part of Your Incident Response Plan:

Critical Steps and Best Practices White Paper
Planning ahead for DDoS mitigation as part of an incident response plan and testing it in advance make it possible
to respond quickly and calmly to any attack and minimize potential operational and financial damage.

Develop a DDoS mitigation playbook

1. D
 esignate a single point of contact for relaying information during the attack and send out short Twitter-style updates
internally across the organization to keep everyone informed.
2. R
 un an attack simulation exercise so that key personnel on the mitigation triage team understand their unique role in the DDoS
mitigation process, what changes they need to make to the network, and how they can continue to maintain business-as-usual
even when some resources are unavailable.
3. M
 ake critical information such as names and phone numbers of key contacts easily accessible in a single place to save
valuable time.

Build and maintain a DDoS mitigation plan

4. Think like a DDoS attacker. When you think like an attacker, you will start to plan for all possible types of attacks and understand
all of the mitigation options at your disposal. Are all vulnerabilities in the infrastructure protected against attack? If not, make sure
any vulnerability is addressed ahead of time.
5. Dont rely on your Internet Service Provider (ISP). ISPs are generally not known for their flexibility when providing DDoS protection.
Ask the tough questions: If your network is hit with 10 Gbps of traffic from a reflection attack, how long will it take for the ISP
to block it using an Access Control List (ACL)? How much traffic will the ISP carry before they decide to blackhole it upstream?
6. Dont overestimate your infrastructure capabilities. Determine and ensure that your infrastructure has sufficient balance with
overhead headroom above and beyond what its peak requirements are and has robust networking hardware that can handle
extra traffic if needed.
7. S tay aware of changing DDoS trends and attack sizes. The average size of a DDoS attack was 7 Gbps in early 2015. Confirm that
your infrastructure can still withstand rising attack volumes and new attack vectors as they escalate
and change.
8. D
 eploy a DDoS solution before you need it. Avoid website and web application downtime in the first place by having an alwayson DDoS mitigation solution in place as a part of your incident response plan before any attacks occur.
9. C
 ommunicate with your DDoS mitigation service provider. Establish good communication before a DDoS emergency hits and you
will be well prepared to defend your network.
10. Keep the DDoS mitigation playbook up-to-date. Do this on a regular basis, as well as when staff members change departments,
new people come on board, or a new vendor is added or replaced. Consistently review and update information related to your
networks infrastructure, website, and web applications.
11. Maintain tight relationships with other vendors. Incorporate these relationships into your incident response plan so that they
will be ready to calmly respond and know what to do when your emergency call comes in.
12. Test and validate your DDoS mitigation solution at least once a year, preferably twice a year. Validation ensures that your DDoS
solution is continuing to meet the requirements of your incident response plan. Plus, validation enables quality assurance testing
to verify that no systems or applications are being adversely affected while traffic routes over the mitigation infrastructure.

Learn about some of Akamais Cloud Security Solutions:

Kona Site Defender: Website protection service to protect brand-critical, revenue-generating and performance-sensitive
websites against DDoS and web-application attacks.

Prolexic Routed: Dedicated DDoS protection service to protect your entire network and data center infrastructure against large,
sustained and sophisticated DDoS attacks.

Fast DNS: Cloud-based DNS service to protect against DDoS attacks targeting your dns infrastructure.

As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The companys advanced web performance,
mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device,
anywhere. To learn how Akamaisolutions and its team of Internet experts are helping businesses movefaster forward, please visitwww.akamai.comor blogs.akamai.com, and
follow @Akamai on Twitter.
2015 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered
trademarks. Other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject
to change without notice. Published 10/15.