Plan vs. Panic: Making a DDoS Mitigation Playbook Part of Your Incident Response Plan

A DDoS attack is an attempt to make a computer resource (i.e. website, e-mail, VoIP, or a whole network) unavailable to its intended users. By overwhelming it with data and/or requests, the target system either responds so slowly as to be unusable or crashes completely. The data volumes required to do this are typically achieved by a network of remotely controlled computers known as zombies or bots. These have fallen under the control of an attacker, generally through the use of Trojans.

A DDoS mitigation playbook must be a streamlined response plan, which includes:

• Managing communications – DDoS attacks have an impact not just on IT, but on all users of the company’s services, including non-technical departments
• Identifying the key contact persons – The main goal of the playbook is to eliminate organization-wide panic that can delay the mitigation response when a DDoS attack occurs, so it is vitally important that the right people be notified of the attack immediately
• Organizing information for easy, fast accessibility – Something as simple as keeping all names and phone numbers of key contacts in a single place can save valuable time