One of the monthly IT Security metrics in my previous place is
to show # of 'High' DDoS alerts for the month (leaving out the
Med & Low ones), extracted from Arbor Peakflow of cleanpipe.
Attached is how one such extraction looks like: basically we'll
count the # of 'High' alerts.
In new place, question was raised how this data can be useful
as IT Security metric.
My guess is Audit wants to see a trend (of 6-12 months) of the
# of 'High' alerts for DDoS: if it's always about the same, no
alarm but, say for a particular month, it triples, it's a concern?
Anyone has any clue how this data (or any other Peakflows'
data) could be useful for presentation to serve as IT Security
Anyone has any Application DDoS security metrics that could
be useful as IT Security metrics?