The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.
COURSE of the MONTH
13 days, 18 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Is it industry practice for CDN/ISP to do DDoS & Cyber drills or exercises
Posted on 2016-10-12
Both of CDN providers (one of them is Akamai) that offers DDoS protection service told
me they don't offer DDoS drills where we simulate an attack situation & started calling
out relevant parties.
Unless the contact persons in the two CDNs / ISPs gave me the wrong info, I believe
they don't offer such a service.
However, our audit pointed out that if such a regular drills are not being practiced
(say yearly), in the event of such attacks, the escalation & callouts will go haywire,
just like DR (Disaster Recovery) drills. Audit told me this is regulatory requirement
My view is DR is a much more complex situation as during disasters, it's chaotic
& involves massive manpower redeployment. Besides both CDN/ISPs has a call
tree documented.
I'm inclined to believe it's not the industry practice to do such DDoS drills as both
CDN providers don't offer them or am I mistaken? Wud like to know how other
people out there practice it esp in financial/banking, healthcare & stock exchanges
me they don't offer DDoS drills where we simulate an attack situation & started calling
out relevant parties.
Unless the contact persons in the two CDNs / ISPs gave me the wrong info, I believe
they don't offer such a service.
However, our audit pointed out that if such a regular drills are not being practiced
(say yearly), in the event of such attacks, the escalation & callouts will go haywire,
just like DR (Disaster Recovery) drills. Audit told me this is regulatory requirement
My view is DR is a much more complex situation as during disasters, it's chaotic
& involves massive manpower redeployment. Besides both CDN/ISPs has a call
tree documented.
I'm inclined to believe it's not the industry practice to do such DDoS drills as both
CDN providers don't offer them or am I mistaken? Wud like to know how other
people out there practice it esp in financial/banking, healthcare & stock exchanges
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
Active 1 day ago
One of the 2 ISP uses Arbor Peakflow so I'm not sure if this product could
help facilitate drills/exercises.
http://www.bankinfosecurity.com/interviews/simulated-attacks-will-test-responses-i-2063
https://www.corero.com/blog/categories/Banking-DDoS-Protection.html
Above links appear to indicate such drills are crucial but why then the 2 ISPs/CDN do
not offer it?
help facilitate drills/exercises.
http://www.bankinfosecurity.com/interviews/simulated-attacks-will-test-responses-i-2063
https://www.corero.com/blog/categories/Banking-DDoS-Protection.html
Above links appear to indicate such drills are crucial but why then the 2 ISPs/CDN do
not offer it?
Active 1 day ago
These provider need to let customer know the contact and how the severity of the event or attack can be escalated with a stipulated period based on the severity. The drill aspects is not a contractual default unless you asked for it and a formal exercise run through e.g. tabletop or execution based need to be deliberated early before awarding them. By default, these are not in the offering. Ask yourself that if the drill can be realised easily as the high Gbps is not easily generated.
Indeed exercise is required and there s value of it but you need to know the objective for the exercise - is it to exercise the incident handling protocol (exercise the CERT team),
- is it to verify the high Gbps handling capability (exercise the tiering to scale up as attack get worse),
- is it to validate the parties and information sharing timeliness (media and crisis comms involved) or
- is it to have all these mentioned run through for a maturity aspects (level up assessment wrt e.g. basic-standard, measured-up or well-adapted benchmarks).
It can be table top or actual simulation in a contained environment (snapshot) or an actual attack (which is unlikely because you be impacting the internet and other users causing false alarm to ISP and public). The exercise should not be only CDN but it need to be more holistic that can impact your online asset to cover L7 and L3/4 DDoS attack at minimal; and better still have use cases to drill further pertaining to supply chain compromised, malware infested CDN infrastructure, insider threat due to CDN provider/sub-contractor, unauthorised access and data leakage due to lapse of customer or provider oversight etc ...
Do check out the ENISA cyber exercise to get a better understanding what a "drills" should be
https://www.enisa.europa.eu/publications/exercise-survey2012/at_download/fullReport
Indeed exercise is required and there s value of it but you need to know the objective for the exercise - is it to exercise the incident handling protocol (exercise the CERT team),
- is it to verify the high Gbps handling capability (exercise the tiering to scale up as attack get worse),
- is it to validate the parties and information sharing timeliness (media and crisis comms involved) or
- is it to have all these mentioned run through for a maturity aspects (level up assessment wrt e.g. basic-standard, measured-up or well-adapted benchmarks).
It can be table top or actual simulation in a contained environment (snapshot) or an actual attack (which is unlikely because you be impacting the internet and other users causing false alarm to ISP and public). The exercise should not be only CDN but it need to be more holistic that can impact your online asset to cover L7 and L3/4 DDoS attack at minimal; and better still have use cases to drill further pertaining to supply chain compromised, malware infested CDN infrastructure, insider threat due to CDN provider/sub-contractor, unauthorised access and data leakage due to lapse of customer or provider oversight etc ...
Do check out the ENISA cyber exercise to get a better understanding what a "drills" should be
https://www.enisa.europa.eu/publications/exercise-survey2012/at_download/fullReport
Active today
I'm inclined to believe it's not the industry practice to do such DDoS drills as both
CDN providers don't offer them or am I mistaken?
That is correct for the majority of ISPs. My feeling is that there are two reasons:
- The cost. Management views this as an unnecessary cost.
- The embarassment. The first few times this is done, the results will be abysmal, showing every shortcoming and security hole. Everyone in the industry will know about it within 24 hours and trumpet ISP x's failings to their own customers.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message.
In the To field, type your recipient's fax number @efaxsend.com.
You can even send a secure international fax — just include t…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month13 days, 18 hours left to enroll
801 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.