May 31, 2013
Given the extraordinary and rapid changes in the DDoS terrain, traditional DDoS
mitigation tactics such as bandwidth overprovisioning, firewalls and intrusion
prevention system (IPS) devices are no longer sufficient to protect an organization's
networks, applications, and services. Verisign has successfully defended its global
DNS infrastructure against DDoS and other attacks for more than 12 years and
has maintained 99.99 percent availability of its critical infrastructure during that
In addition, Verisign has maintained 100 percent availability of its .net and .com infrastructure and resolves more than 60 billion DNS transactions per day. Drawing on this success and hands-on engagements with customers in a range of industries, Verisign has identified a set of best practices that enables organizations to keep pace with DDoS attacks while minimizing impact on business operations. This paper describes these practices.