DDoS Mitigation Best Practices For A Rapidly Changing Threat Landscape

May 31, 2013

Download Given the extraordinary and rapid changes in the DDoS terrain, traditional DDoS mitigation tactics such as bandwidth overprovisioning, firewalls and intrusion prevention system (IPS) devices are no longer sufficient to protect an organization's networks, applications, and services. Verisign has successfully defended its global DNS infrastructure against DDoS and other attacks for more than 12 years and has maintained 99.99 percent availability of its critical infrastructure during that time.

In addition, Verisign has maintained 100 percent availability of its .net and .com infrastructure and resolves more than 60 billion DNS transactions per day. Drawing on this success and hands-on engagements with customers in a range of industries, Verisign has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations. This paper describes these practices.