Over the last year or so, I've frequently been involved in discussions about DDoS botnets and their activities. Many of the security practitioners I talk with have been under pressure to better protect against DDoS threats. And a common question I get is "What else should I be doing that will make a difference?" Which is a valid question considering many already have invested in anti-DDoS capabilities and/or have relationships with mitigation service providers.
My response is that security teams need to shift to a more proactive strategy of defense that is driven by intelligence on the specific DDoS threats that are likely to target their sites. They need detailed information on current attack capabilities and they need the visibility to detect when an attack is coming at them. And they need to apply that intelligence to mitigation layers beforehand where possible.