How does Toulouse metropole cope with DDoS attacks?

How did Toulouse Métropole deal with the DDoS attacks?

Today, distributed denial of service attacks are becoming increasingly frequent, and all the more effective when the cyber-attacker's target is unprotected. These attacks can have a major impact on a company's image and finances.

It is therefore essential to anticipate this threat and put in place technical and organizational measures to guard against it.

After 25 years with the French Ministry of the Armed Forces, where he held several positions of responsibility in information systems management and cybersecurity, Grégory Bouet joined Toulouse Métropole as a CISO. with a specialization course at the ANSSI (Agence nationale de la sécurité des systèmes d'information) training center, Grégory Bouet joined Toulouse Métropole as RSSI. He started out on his own, then quickly surrounded himself with several colleagues and NFrance as his cybersecurity partner, as part of the hosting contract for the Local authority's institutional sites.

A project manager has recently been assigned to RGS (General Security Repository) certifications. He has since been joined by an expert analyst and 6 operational cybersecurity consultants.

Toulouse Métropole has suffered two successive attacks this year, and some periods are more vulnerable than others. Indeed, depending on the high points of a Local authority or activity, but also during the vacations, cybercriminals are much more active.

Certain periods are more propitious, notably when staff numbers are low around the festive season, and during the summer months (school vacations, long weekends, etc.). We are also more attentive during election periods (municipal, regional, cantonal, etc.). These are extremely critical periods when we need to be extra vigilant.

It is therefore necessary to against these DDoS attacks attacks to ensure the availability of your digital Services.

How do you set up effective anti-DDoS protection?

How to manage a cyber attack?

We have suffered 2 major attacks in recent months, for which NFrance was able to react very effectively. One of the DDoS attacks required the intervention and mobilization of NFrance teams, who worked through the night to reduce the impact on our activities. The largest of these was 9 gigabits/second for over 3 hours, which is an exceptionally long time.

For example, in 2010 Wikileaks suffered a denial-of-service attack measured at 10 gigabits per second.

Initially, Toulouse Métropole received a report of the cyber attack.

We quickly obtained the initial technical details of the attack from the NFrance teams. NFrance had been able to react quickly and identify ad hoc solutions to initially contain the attack and maintain activities, before stabilizing the situation and eliminating any risk.

If your computer system is damaged, it's important to determine the cause of the incident. It could be linked to a routing failure, a peak in traffic, a DNS malfunction, etc.. NFrance performs a diagnosis in real time to determine the origin of the incident.

Internally, Toulouse Métropole has also set up: "a crisis management system to deal with attacks and ensure continuity of Services. For example, we set up a secondary institutional site, i.e. a back-up site with a suitable infrastructure, and then reinforced our defenses".

How to prevent and combat DDoS attacks?

To limit attacks and their impact, it's important to work upstream to prevent DDoS attacks. Indeed, to guarantee the accessibility of a serverinfrastructure and services, NFrance offers an anti-DDoS defense strategy based primarily on a enhanced network network security. This ensures your company's cybersecurity and the availability of your Services. So you can maintain performanceof your web resources.

NFrance provides us with long-term support, with regular reports on the progress of problems and resolutions.

In addition, Toulouse Métropole uses a range of tools to reduce the risk of attacks: anti-spam for mailboxes, anti-bot, anti-virus, EDR and, last but not least, in-house on-call duty to ensure business continuity. They can also count on NFrance to support them:

NFrance is involved in our crisis management team. It is a privileged contact for safety issues.