DDoS and DNS resilience: what IAM teams should watch

TL;DR: Multi-layered DDoS, malformed DNS activity, and continuous automation are putting internet resilience under sustained pressure, according to DigiCert’s RADAR Brief, with availability now functioning as a trust signal rather than a pure uptime metric. The operational lesson is that identity, infrastructure, and response controls have to be coordinated as one resilience system.

NHIMG editorial — based on content published by DigiCert: Hard Data on DDoS, DNS, and the Race for Resilience

Questions worth separating out

Q: How should teams handle DNS failures that affect access and trust workflows?

A: Teams should treat DNS failures as an access continuity problem, not only a network incident.

Q: Why do DDoS attacks matter to IAM and PAM programmes?

A: DDoS matters because IAM and PAM depend on services that must stay reachable to authenticate, validate, and approve access.

Q: What do security teams get wrong about resilience and trust?

A: They often separate infrastructure resilience from identity governance, even though access assurance depends on the same continuity guarantees.

Practitioner guidance

• Map identity dependencies onto availability paths Identify which authentication, federation, certificate, and privileged-access workflows depend on DNS or public internet reachability, then document the failure points when those dependencies degrade.
• Unify DDoS, DNS, and identity telemetry Correlate traffic anomalies, resolver health, and access failure signals in one incident view so teams can distinguish service outage from trust-layer degradation quickly.
• Test resilience under coordinated failure modes Run exercises that combine traffic saturation, DNS anomalies, and access-control dependency loss to verify whether teams can maintain service assurance when layers fail together.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

• Global RADAR Brief findings on DDoS volume, DNS anomalies, and attack composition across DigiCert’s network
• Operational examples of how multi-layer attacks overwhelm separate network, DNS, and application controls
• The article’s explanation of how resilience telemetry can be unified across protection layers
• DigiCert’s own framing of what uninterrupted availability means for digital trust

👉 Read DigiCert's RADAR Brief on DDoS, DNS, and resilience →

DDoS and DNS resilience: what IAM teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →