Let’s face it. There is no peace time.
DDoS attacks are nothing new in the sphere of cyber threats. However, we are recently witnessing extremely large-scale DDoS attacks reaching Tbps levels with increased strength, frequency and complexity. It has become common practice to utilize IoT devices in such attacks – triggering them from any location and aiming at any target anywhere in the world.
Saying that, DDoS threats are not the only malicious activities we have to contend with as more and more security problems are caused by Advanced Persistent Threat (APT) attacks, ransomware, phishing attacks, campaign threats…
In order to protect organizations from various evolving threats discovered on a daily basis, existing security stack has become bigger and more complex, while unfortunately still not fulfilling its primary function as often as it should. Teams of security specialists need a high-quality solution that can detect and stop all types of cyber threats – both inbound threats and outbound malicious communication initiated by infected internal devices within the organization. However, these solutions must also be able to integrate into an organization’s existing security stack and consolidate various functionalities to reduce cost, complexity and risk.
This year, NETSCOUT has released a new product called Arbor Edge Defense. As can be guessed from the title of this article, this is a “Beyond DDoS protection” solution. Arbor Edge Defense – AED – leverages its unique position in the network to essentially act as the first and last line of defense against any inbound and outbound threats.
We need more than protection from DDoS attacks
AED is especially focused on protecting against new Internet-based threats. As network architecture is constantly evolving, so is the level of complexity and sophistication of attack techniques. Today’s attack campaigns target a wide spectrum of different organizations for various reasons and to achieve different purposes. Attackers are honing their skills and attack techniques by integrating worm modules with traditional malware to proliferate malicious software as fast and efficiently as possible. If we look back at the “NoPetya” security event where the backdoor was embedded in a popular Ukrainian accounting software; malware quickly spread from its main target – Ukraine – all over the world.
AED protects existing security solutions
Traditional security devices deployed on the network edge, such as Next-Gen firewalls, Intrusion Prevention Solutions or load balancers, are exposed to state-exhaustion attacks, with research showing that 52% of enterprise organizations had firewalls that unfortunately experienced a failure due to DDoS attacks.
AED is deployed in front of such firewall or IPS solutions, protecting them against DDoS attacks. AED uses a stateless packet processing engine that detects and mitigates a large majority of DDoS attacks without tracking any session state. In cases where session tracking is required, AED stores only minimum required session information for a short period of time. Due to this, AED can withstand targeted attacks that flood the session state table in other security products, compromising their availability.
AED blocks inbound and outbound threats
We’ve already mentioned the unique location of AED inside a network environment and the additional security it provides by protecting existing firewall and IPS/IDS solutions. AED also adds the ability to block communications to known suspicious destinations via reputation lists. Security solutions such as AED leverage stateless packet processing to best utilize functionalities such as reputation lists.
ATLAS Intelligence Feed (za Arbor Availability Protection System i NETSCOUT Arbor Edge Defense)
AED leverages global threat intelligence of ATLAS – developed by NETSCOUT engineers – to provide comprehensive threat protection to any security stack. AIF includes geolocation data and identifies attacks by known botnets and malware while ensuring regular and automated AED threat database updates via secure SSL connections.
Efficient protection together with the threat intelligence system will not only identify the attack, they will also provide a context to better understand the attack infrastructure, methods and related indicators, enabling security professionals to make faster and safer decisions. This method of attack reporting not only links the IoC (Indicators of Compromise) with known threats, but also provides data that associates seemingly unrelated inbound/outbound communication and reveals targeted campaigns. This gives security professionals a wider picture and ability to quickly associate inbound malicious traffic with outbound communication to detect and terminate attacks much faster, before they cause irreparable damage to their organization.
First and Last Line of Defense
Finally, we would like to emphasize the 4 key features that distinguish AED from other similar products on the market, enabling best of breed detection and protection from a wide spectrum of inbound and outbound threats:
- Unique location at the network perimeter
- Stateless packet processing
- ATLAS Global Threat Intelligence
- Unique Threat Report with all contextual information
Have any questions? Would you like to schedule a demonstration, presentation or meeting? Contact us!