Automated, real-time traffic analysis and ML-based mitigation

Issue 6 2023 Infrastructure, Products & Solutions

NetScout Systems has launched Adaptive DDoS Protection for its Arbor Threat Mitigation System (TMS) to dramatically improve the detection of distributed attacks that dynamically change vectors and target numerous destination IP addresses at once.

NetScout ASERT, the company’s security research and DDoS attack mitigation team, has documented a significant increase in dynamic Distributed Denial-of-Service (DDoS) attacks using multiple vectors and techniques to launch botnet-based, direct-path, state exhaustion, and application-layer attacks designed to evade conventional static network and cloud-only-based DDoS defences.

Carpet-bombing attacks have risen by more than 110%. They are particularly challenging for SOC teams to mitigate using conventional means as these attacks target large swaths of IP addresses versus a single host, and generate hundreds or thousands of alerts per attack.

“Direct path attacks are overtaking reflection/amplification as the most popular DDoS attack vector, and they are increasingly botnet-driven, multi-vector, and dynamically adjusted in real time,” said Patrick Donegan, Founder and Principal Analyst, HardenStance. “ASERT analyses highly curated data from its ATLAS Intelligence Feed (AIF) and uses ML-based algorithms to recommend changes to attack countermeasures to stop DDoS attacks. Automating this functionality to bring intelligence into its Adaptive DDoS Protection functionality makes Arbor TMS even more compelling in mitigating DDoS attacks.”

Adaptive DDoS Protection analyses traffic in real time and automatically implements threat intelligence-driven mitigations and countermeasures to block dynamic DDoS attacks as they evolve. Adaptive DDoS Protection gives SOC teams a scalable, always-on, stateless packet processing solution that uses unmatched visibility into more than 50% of all Internet traffic, real-time global DDoS attack threat intelligence, and decades of DDoS mitigation experience to automatically detect, adapt to, and mitigate dynamic DDoS attacks.

Defending against carpet bombing

Carpet bombing attacks are one of the most devastating distributed attacks bad actors can initiate since they target large ranges of IP addresses simultaneously, generating thousands of attack alerts that are impossible for SOC teams to manage. Through Adaptive DDoS Protection, NetScout has introduced a new way to understand DDoS traffic at the network level across all subnets; to detect and report on carpet bombing attacks in one, easy-to-understand alert.

NetScout’s ML-based Precise Protection Prefix technology automatically determines the specific IP ranges targeted by the attack. It then automatically redirects those to Arbor TMS for mitigation, even as the attack moves around the network to different targets. This Adaptive DDoS Protection capability dramatically improves the detection and mitigation of carpet-bombing attacks.

“Defending a network requires as much knowledge about your adversary as possible,” said Scott Lekel-Johnson, AVP, DDoS and Threat Intelligence at NetScout. “We have embedded our global threat intelligence and decades of attack mitigation experience into this product. It is like having an ASERT analyst at your side 24/7. Our Adaptive DDoS Protection finds attacks that other solutions miss through dynamic detection and intelligent redirection to enable Arbor TMS to mitigate DDoS attacks better than any other solution on the market.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Enhanced cellular connectivity is critical for farm safety
Infrastructure Agriculture (Industry)
In South Africa, the safety of our rural communities, particularly on farms, is a pressing concern. Nearly 32% of South Africa’s 60 million people live in these areas, where security challenges are constantly in the spotlight.

All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Revolutionising networking technology for the future
Infrastructure IoT & Automation
[Sponsored] In the fast-evolving landscape of networking technology, RUCKUS Networks stands out as a trailblazer, offering innovative solutions that redefine connectivity experiences across various industries.

Effective access control
Flow Systems Access Control & Identity Management Products & Solutions
Flow Systems has introduced its new Extra Heavy Duty Industrial Rising Vehicle Barrier, which provides a high level of protection. It is a traditional-looking control barrier with the benefits of high-level physical protection.

Edge could help transform South Africa’s healthcare
Axis Communications SA Infrastructure
Edge computing has emerged as a game-changing technology for many industries, and the healthcare sector is no exception. In particular, South Africa’s healthcare industry could significantly benefit from the potential of this technology.

Cloud platform for cyber resilience in the hybrid enterprise
The Commvault Cloud brings together data protection, security, intelligence, and recovery on one platform, offering AI capabilities to defeat cyber threats, and includes integration with Microsoft Azure OpenAI Service.

SafeQuip introduces lithium fire extinguishers
Fire & Safety Products & Solutions
With the use of Lithium batteries increasing in many types of portable devices and battery storage solutions, SafeQuip, in partnership with AVD Lithex, is introducing a fire extinguisher aimed at suppressing and extinguishing, and also preventing re-ignition of lithium fires.

New generation of cyber-focused controllers
Gallagher News & Events Access Control & Identity Management Products & Solutions
The C7000 gives users an opportunity to leverage their hardware and firmware to build a platform designed to catapult their organisation into the future, with cybersecurity baked in from inception.

Rapid rise in DNS attacks drives demand for new approach
Infrastructure Risk Management & Resilience
As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

Nextivity CEL-FI ROAM R41 boosts your cell signal
IoT & Automation Products & Solutions
Designed for cars, trucks, and boats, it is the industry’s most powerful cellular coverage solution for on-the-go applications. It features the 4th generation IntelliBoost chip to deliver channelised coverage for mobile network operator (MNO) signals.