Usually what a company does is they have to get in contact with all of their various ISP providers they work with and send reports of the attacks, then they simply have to wait and allow the different teams of each provider to handle the attacks in the ways they do. They don't exactly fully advertize the methods they use to handle these situations because... well that would be kind of the point of having good cyber-security; 'keeping it a well-guarded secret' -which is so freak'n hard.

There is a lot i'm leaving out of this explanation and i'm not really explaining it well either, but the gist of it is there.