Game launches attract the kind of attention you want and the kind you don't, at the same minute. The job of a launch-day DDoS plan is to make both kinds invisible to the player.
Here is the runbook we use with game studios in the two weeks before a launch.
Two weeks out
Capacity audit. We confirm reserved scrubbing capacity in the regions where the player base actually lives — not where the marketing team launches the website.
Profile setup. UDP, query and login-port profiles are pre-configured for the specific game engine. Rules that worked for a different title rarely transfer cleanly.
Smoke tests. We synthesize legitimate traffic patterns to confirm latency budgets hold under load.
Launch day
Engineers stay in a shared channel with the studio's ops team. The shared rule: anyone can escalate without permission.
Mitigation runs in monitor mode for the first 30 minutes — enough to learn the real traffic shape — then flips to enforce. False-positive risk is highest at the start, when legitimate traffic looks unusual.
After launch
We tune rules based on the real attack patterns we observed, and write them into the persistent profile so the next launch starts smarter.