Playbook for DDOS Security Response

(Author : Chandra Prakash Suryawanshi,  SVP- India & APAC at Aujas Networks Pvt. Ltd. )


Information security incident management if often a combination of technical controls, processes, communication strategy, detailed procedure and plan. The objective of  this blog is to look at modern techniques for effective incident detection, modelling of common security threats and preparation of a response to better validate, contain and respond to an information security incident.

We will see how an effective detection strategy leveraging an SIEM solution works, coupled by effective proactive methods to perform threat hunting, followed by a response procedures.

8669808271?profile=original

A security event is any observable occurrence in a system or network. Events include increase in encrypted communication, port and protocol mismatch, large https packet size, increase in file share, and a firewall blocking connection attempts with correlation to other system events. Adverse events are events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution of malicious code that destroys data etc. All the information is generally available in logs from systems, applications, network devices and DBs, but the key is to craft appropriate detection rules, build use cases, reduce false positives, effective analysis and technology capability to provide historical data and analytics. We will first see how an effective detection technologies can be leveraged to identify attack and patterns with SIEM and allied technologies to help.

Let's talk about Threat Hunting. Threat hunting is a proactive way of looking for threats, using internal or external threat intelligence, information mining, reverse malware analysis or by running hypothesis based on risk.

As threat hunting is a data-driven process, it’s critical to collect large amounts of data for analysis. Logs from each of the three major security data domains (network, endpoint, and application) along with authentication logs for operating systems and applications are a good place to start, followed by network transactions, such as HTTP server and proxy logs and net flow records.

Any information security incident where perpetrators are known and/or their motives and objectives are clearly visible can be termed as an attack and once detected we need to craft an effective response procedure.

We will be seeing two critical information security response procedure, one will be DDOS, followed by an APT attack in line with the NIST process and framework

The information security incident response process has three main phases – detection and analysis, response and recovery, and post incident activities. Corresponding sub-stages with brief overview are shown below.

8669815481?profile=original 

 

DDoS:

8669814897?profile=original

8669815081?profile=original

8669815098?profile=original

8669816077?profile=original

 

Here's a tool where you could compare all DDOS solutions. Click here . How does your DDOS handling process vary? Write to us in the comments below.

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (bi-monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO Meetup at BlackHat Las Vegas 2025

  • Description:

    We are excited to welcome you to the CISO Meetup during BlackHat USA 2025 in Las Vegas! Join us for an exclusive networking, meaningful conversations, and community building with top CISOs and cybersecurity leaders from around the globe. 

    Meetup Details:

    Location: Mandalay Bay, Las Vegas …

  • Created by: Biswajit Banerjee
  • Tags: ciso, black hat, black hat 2025, black hat usa

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee