You're right, I guess I'm still thinking on a few experiences I had way in the past when the Internet was still early and contacting them was a waste of time: they couldn't understand you nor had the time to do so. It's true they now have many more resources and experts in their departments and, as you say, may at least give some good advice on what to do during the panic stage to try and at least mitigate it. Providing them with logs and proof would have been a good idea too.
Oh my, the attack caused so much wasted time and stress that it's still haunting me and the team, specially when thinking that it may not stop there and the attacker/s is just waiting for the next chance to hit us. The days after the attack the first thing I did after waking up was check the servers to see everything was safe. And our roadmap was severely affected too, prioritizing many security features we had in the backlog.
Things are significantly better now, I can't comment on how good the aid is if you are under attack since we always had a team ready to handle DDoS, however, their follow-up has always been fast.
Regarding security features, if you are on a cloud such as GCP, AWS or Azure things are complicated since you can't easily route the traffic elsewhere(you can have BGP connections to DDoS mitigation inside GRE/L2TP tunnels only when attacks occur and it would be cheap to rent on a monthly/yearly basis). Voxility is an example that comes to mind and they are very affordable in general terms.
HTTP or HTTPs attacks are easier to handle with Cloudflare, however, there are other interesting solutions such as Stackpath.
We were under a DDoS attack about a month ago too, but were lucky that it didn't manage to affect our business. With that in mind, we took it as a (precious) learning experience - how often do you get the chance to learn about DDoS defence 1st hand?
I realize we were lucky that the attacker didn't find any of the soft spots (or at least none that hurt us). We do prioritize security though, always.
I hope all goes well for you and that in time this is just another learning experience. Maybe next time you'll smile when an attack is thwarted because of what you've all learned.
We get attacked several times a month, we rely on Cloudflare & Corero to mitigate attacks.
Cloudflare handles HTTP/s attacks and Corero handles network level attacks.
Both require tweaking and are far from being 1-click setup tools (despite some marketing attempts that try to make it seem that way), however, if you can manage them, they are very powerful and considerably cheaper than other alternatives.
Thank you, I didn't know about Corero, will check them out. CF we use, and as you said, they are a tool. Plenty of ways they could be better, but they are still the best (in moderate price range) we know.
Oh my, the attack caused so much wasted time and stress that it's still haunting me and the team, specially when thinking that it may not stop there and the attacker/s is just waiting for the next chance to hit us. The days after the attack the first thing I did after waking up was check the servers to see everything was safe. And our roadmap was severely affected too, prioritizing many security features we had in the backlog.
Thank you so much.