Home / Industry

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Neustar's professional DDoS responders (Security Operations Center) are on the frontlines when businesses get attacked. In the 2014 Neustar Annual DDoS Attacks and Impact Report, one team member described common DDoS mitigation scenarios. Below are some excerpts from the report.

* * *

When a business makes a DDoS "911" call to you, what typically happens?

"Many companies still wait to get attacked before deploying protection, so they have to decide on the spot: are we purchasing a solution, and if so from whom? It's a big decision to have to make on the fly, which compounds the anxiety of being under attack."

How long does it take to begin DDoS mitigation?

"If you already have an always-on appliance-based solution in place, you're already mitigating. However, these appliances max out at some point, so if an attack becomes large you might call a provider for cloud failover. If you already have a cloud solution your provider should help launch mitigation in under five minutes. If you have no solution in place, it can easily take four hours to provision your defenses."

What are the basic "first responder" steps?

"First responders examine any alerts or notifications. Then we analyze your traffic step by step. Once the analysis is clear, we can determine the type of attack and use precise countermeasures. If you're an existing customer with a protection provider, they have baseline data on your traffic. They're able to compare attack traffic to everyday traffic, which is extremely useful in crafting the response."

Any advice for businesses who still want to go it alone?

"It's smart to 'know your normal.' What does your traffic usually look like? Knowing this will help you identify and mitigate attacks faster."

For more tips and insights on DDoS responses, view the full report.


About Neustar – Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar isolates certain elements and analyzes, simplifies and edits them to make precise and valuable decisions that drive results. Visit Page

Related topics: Cyberattack, Cybersecurity, DDoS

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet



IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias


Sponsored byVerisign

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias