DDoS mitigation is an ever-evolving art. Architectures change, attackers get more creative, and keeping your team and tools ahead of the curve is a constant battle. So why not make DDoS preparedness fun, as well as practical? We’ll share our experiences with DDoS war games as a means of keeping your team’s skillset polished, their tools in top shape, and their spirits and confidence high.
Companies operating in the critical path of internet traffic are constantly exposed to DDoS attacks of all types and scales. While Mirai-scale attacks generate the biggest headlines, most attacks are much smaller. Ideally, in most at-scale systems, the smaller and more mundane attacks are mitigated automatically. But because scale can vary, and attacks can progress dynamically as attackers get creative, operations teams need to be ready to respond.
Certainly, ops teams need the tools and visibility required to mitigate attacks available at their fingertips. But they also need the institutional knowledge and the “headspace locality” required to dive into the fray to successfully and quickly mitigate new attack patterns under intense pressure.
So, how can you keep engineers from becoming complacent between major attacks? How can you introduce DDoS identification and mitigation skills and tools to new engineers, and build the reflex-level familiarity necessary to succeed under pressure? And how can you continually test your tools and your engineers to ensure they’ll be ready to go when you need them?
The answer is simple: attack your own platform!
“War Game” DDoS mitigation exercises have helped our engineers keep the rust off, exercised our tools, uncovered and forced us to address architectural and software constraints, and built trust and camaraderie among our team. In this presentation we’ll discuss what we’ve learned along the way: how to run “live fire” war game drills safely, using real data and realistic scenarios; tools we’ve used to generate attack traffic; best practices for operating live fire drills and getting the most out of them; and some of the benefits we have seen by pursuing this approach.
View MHVLUG in a larger map