People have lots of misconceptions regarding Distributed Denial of service attacks. The DDoS attacks are highly crafted attacks and they now range upto 200Gbps of traffic and your standard security appliance like firewall, next generation firewall, IPS and IDS may not be able to prevent you. However such a huge traffic may not come for every organization. DDOS with such a huge traffic is mostly by hacktivists
In general you need to ensure the services offered by your organization have clearly defined throttling policy in terms of number of sessions per IP, number of simultaneous connections, number of unique IP that can connect, strategy to load balance the traffic across multiple servers, using powerful front end reverse proxy like nginx. You may deploy standard Anti-DDOS appliance from security vendors like fortinet, cisco, etc.
Please note there is no clear strategy or solution to prevent any organization from attacks including dos/ddos. But the key is you need to understand your traffic and plan actions based on deviations. Understanding legitimate and illegitimate connections is also a key to success https://esds.co.in/security/vtmscan