Avatar of sunhux
sunhux

asked on 

Is it industry practice for CDN/ISP to do DDoS & Cyber drills or exercises

Both of CDN providers (one of them is Akamai) that offers DDoS protection service told
me they don't offer DDoS drills where we simulate an attack situation & started calling
out relevant parties.

Unless the contact persons in the two CDNs / ISPs gave me the wrong info, I believe
they don't offer such a service.

However, our audit pointed out that if such a regular drills are not being practiced
(say yearly), in the event of such attacks, the escalation & callouts will go haywire,
just like DR (Disaster Recovery) drills.  Audit told me this is regulatory requirement

My view is DR is a much more complex situation as during disasters, it's chaotic
& involves massive manpower redeployment.  Besides both CDN/ISPs has a call
tree documented.

I'm inclined to believe it's not the industry practice to do such DDoS drills as both
CDN providers don't offer them or am I mistaken?  Wud like to know how other
people out there practice it esp in financial/banking, healthcare & stock exchanges
SecurityNetwork SecurityVulnerabilitiesNetwork ManagementNetwork Operations

Avatar of undefined
Last Comment
Dr. Klahn

8/22/2022 - Mon