Following are the questions and their answers that you should get from your mitigation provider to be sure that they really know how to prevent DDOS.
Since when have you been offering DDOS mitigation?
No matter how much of a brainer this one sounds like you should ask this question considering the rising number of providers entering the market every now and then. Understand that protecting one’s own network is far simpler than fighting against real time threats on multiple networks. Only an experienced campaigner can pull off something like this. A good provider should have the right infrastructure, expertise and experience to carry out the job effectively.
Do You Own SLA agreement for Guaranteed Mitigation Within a timeframe?
SLA stands for Service Level Agreement. This is nothing but a contract between the mitigation provider and yourself, which specifies the kind of protection you can expect from the provider. You need find out the types of attacks the provider fights against and the amount of GBPS your plan would cover. You should also clarify in the agreement about the scenario when then attack exceeds the predefined coverage.
How Much Time Does It Take for Mitigation to Trigger After An Attack?
Before you ask how you do stop a DDOS attack, ask about the response time of the mitigation. Usually every provider puts a system in place, which monitors the quality of traffic going to your website and keeps a watch on IPs and packets. In most of the cases, as soon as an attack is launched the protection system kicks in and starts filtering all the malicious traffic out of the website. This way the attack is blocked and the visitors of the website are allowed to pass through.
Do You Make Sure the Genuine Visitors are not blocked?
Find out if the provider is competent enough to fight against the complicated attacks as these attacks in particular are very difficult to deal with. The problem with these attacks is that they look similar to human traffic and differentiating becomes an issue. The mitigation providers that are not well skilled often mess up here and end up blocking genuine visitors; something that you don’t want to happen to your website; this is why it becomes important to look for the providers that have confident track record.