Neustar’s professional DDoS responders (Security Operations Center) are on the frontlines when businesses get attacked. In the 2014 Neustar Annual DDoS Attacks and Impact Report, one team member described common DDoS mitigation scenarios. Below are some excerpts from the report.

* * *

When a business makes a DDoS “911” call to you, what typically happens?

“Many companies still wait to get attacked before deploying protection, so they have to decide on the spot: are we purchasing a solution, and if so from whom? It’s a big decision to have to make on the fly, which compounds the anxiety of being under attack.”

How long does it take to begin DDoS mitigation?

“If you already have an always-on appliance-based solution in place, you’re already mitigating. However, these appliances max out at some point, so if an attack becomes large you might call a provider for cloud failover. If you already have a cloud solution your provider should help launch mitigation in under five minutes. If you have no solution in place, it can easily take four hours to provision your defenses.”

What are the basic “first responder” steps?

“First responders examine any alerts or notifications. Then we analyze your traffic step by step. Once the analysis is clear, we can determine the type of attack and use precise countermeasures. If you’re an existing customer with a protection provider, they have baseline data on your traffic. They’re able to compare attack traffic to everyday traffic, which is extremely useful in crafting the response.”

Any advice for businesses who still want to go it alone?

“It’s smart to ‘know your normal.’ What does your traffic usually look like? Knowing this will help you identify and mitigate attacks faster.”

For more tips and insights on DDoS responses, view the full report.