Distributed denial of service attacks are becoming a common threat on the web. They’ve gotten easier to launch, tougher to stop. Fueled by huge botnets, DDoS attacks have the power to overwhelm servers across the globe, and send them screeching to a halt.
DDoS attacks work by flooding a machine with millions of packets. These information requests choke up bandwidth and put strain on your server. Eventually, and with enough attack strength, your website will go offline. They do not cause lasting damage, but they can damage your brand reliability. DDoS attacks also cost you money for not being online, and more to get your website back up.
If you are faced with a DDoS attack and are looking for a DDoS mitigation company, be sure to ask them these questions:
How long have you been providing DDoS mitigation?
This may seem like a no-brainer, but given the explosive growth of providers entering the market it is essential that you trust your website protection to a company with experience. There is a big difference between being able to protect your own network, and mitigating against real-time attacks across multiple networks at once. A true DDoS mitigation company will not only have solid infrastructure and employ the most advanced mitigation techniques, but will have knowledgeable DDoS specialists available to monitor attacks as they happen and respond accordingly.
Do you have an SLA agreement that guarantees mitigation within in a certain timeframe?
An SLA, or Service Level Agreement, is a contract between you and your DDoS protection provider that outlines the level of protection you can expect to receive. Specifically, you want to know what types of DDoS attacks they can mitigate against, and how many Gbps (gigabytes per second) of protection your plan covers. You also want to clarify what happens in the event a DDoS attack exceeds your coverage. Will my IP be null-routed in the event of a large-scale DDoS attack? Will I be billed for overages? This is something you want to clarify from the beginning. If your plan only offers up to 4Gbps, the moment an attack exceeds your level of DDoS protection your site will be null-routed until the attack subsides or you upgrade your plan. Different providers will handle this situation in a different way. Some will ground your site (null-routing), while others will wait until the attack exceeds your level of protection for a certain duration. Depending upon how important uptime is for your organization, you want to know exactly what you can expect in terms of outcomes in the event of an attack.
How long does it take for a DDoS attack to trigger a mitigation response?
Essentially, all DDoS protection providers have systems or procedures in place that monitor traffic going to your site, analyzing packets and watching IPs. In most cases, once a DDoS attack is launched the system will kick in and begin filtering malicious traffic away from your website, blocking the attack and allowing your visitors to pass through. You want to choose a DDOS protection service that automatically begins mitigating attacks from the on set. Of course, if it turns out to be a complex Layer 7 DDoS attack, or the attacker uses a blended attack strategy, you also want trained experts on hand to make sure that the system is not blocking real visitors.
Should I be worried about false positives? Does your system / techs work to make sure human visitors are not being blocked?
If you are being targeted with sophisticated DDOS attacks you should be aware that these types of DDoS attacks are especially difficult to mitigate against. The reason is that these types of DDoS attacks will mimic human behavior. Less skilled DDoS mitigation providers will likely have way more false positives, which means legitimate site visitors get blocked. This will cost you money, rachet up customer support issues and damage your reputation for reliability. Look for companies that have a good track record.
Do you provide detailed attack reports?
Each DDoS protection provider will do this different; some may have client dashboards that allow you to monitor in real-time, others will send reports after the attack has been mitigated. There are still others who send reports only on request. It’s recommended that you work with a company who will give you insight into the type of attacks you are dealing with. Having this data will help give you a better idea of what you are facing. If DDoS attacks are common in your industry, and your organization gets attacked with DDoS frequently, this data will help you build a timeline of attacks and attack size. Over time, you can use this data to pinpoint what systems are being targeted the most. There are a number of other things you can extrapolate from this data, like annual budgets for protection, trend spotting, etc. In any case, it’s good to have.