DDoS Mitigation - Best Practices for a Rapidly Changing Threat Landscape Whitepaper
Click here to download now
Overview: Although distributed denial of service (DDoS) attacks have become a mainstay of hackersí arsenals, their profile has changed considerably in the past year or so, making them an even greater threat to companies that conduct business online or have significant investments in their online brand and reputation.
DDoS attacks are larger, stealthier, more targeted, and more sophisticated than ever. Increasingly, even amateurs can execute attacks themselves or cheaply rent botnets to do the job for them. Given the extraordinary and rapid changes in the DDoS terrain, traditional DDoS mitigation tactics such as bandwidth over-provisioning, firewalls, and intrusion prevention system (IPS) devices are no longer sufficient to protect an organizationís networks, applications, and services.
VeriSign has successfully defended its global DNS infrastructure against DDoS and other attacks for more than 10 years and has maintained 99.99 percent availability of its critical infrastructure during that time. In addition, VeriSign has maintained 100 percent availability of its .net and .com infrastructure and resolves more than 50 billion DNS transactions per day. Drawing on this success and hands-on engagements with customers in a range of industries, VeriSign has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations.
This paper describes these practices.