Both of CDN providers (one of them is Akamai) that offers DDoS protection service told
me they don't offer DDoS drills where we simulate an attack situation & started calling
out relevant parties.
Unless the contact persons in the two CDNs / ISPs gave me the wrong info, I believe
they don't offer such a service.
However, our audit pointed out that if such a regular drills are not being practiced
(say yearly), in the event of such attacks, the escalation & callouts will go haywire,
just like DR (Disaster Recovery) drills. Audit told me this is regulatory requirement
My view is DR is a much more complex situation as during disasters, it's chaotic
& involves massive manpower redeployment. Besides both CDN/ISPs has a call
tree documented.
I'm inclined to believe it's not the industry practice to do such DDoS drills as both
CDN providers don't offer them or am I mistaken? Wud like to know how other
people out there practice it esp in financial/banking, healthcare & stock exchanges