Most cloud DDoS mitigation services are offered on demand meaning that customers can enable the service when they are the victim of a DDoS attack.

But how can a company find out—quickly—that it is under attack? Sometimes it is difficult to know.

In this three part series, we will examine multiple monitoring tools companies can use to capture DDoS, which can help determine whether you are under a DDoS attack.

Option #1 – Internal server, network and infrastructure monitoring applications

Companies have a lot of monitoring software and applications to choose from, but one of the more popular pieces of software, called Nagios, allows you to monitor internal infrastructure status and performance of applications, services, operating systems, network protocols, system metrics and network infrastructure.

For example, monitoring software can check your HTTP service to ensure that a Website or Web server is functioning properly, and if the service is not functioning, most software includes real-time notification. Because most DDoS attacks target a Web server or application server, monitoring software may show the HTTP service to be experiencing a problem with slowness, high memory/CPU utilization or complete failure. In these situations, something is obviously wrong and it could be a DDoS attack.

While monitoring servers and infrastructure are helpful, there is no guarantee that DDoS is the culprit. Abnormal spikes in traffic and usage do occur for legitimate reasons.

It’s up to the IT administrator to then assess the data and determine whether to enable a DDoS mitigation service.

Stay tuned for the next segment in our three-part series where we discuss external performance monitoring in the cloud.