Automated, real-time traffic analysis and ML-based mitigation

Issue 6 2023 Infrastructure, Products & Solutions

NetScout Systems has launched Adaptive DDoS Protection for its Arbor Threat Mitigation System (TMS) to dramatically improve the detection of distributed attacks that dynamically change vectors and target numerous destination IP addresses at once.

NetScout ASERT, the company’s security research and DDoS attack mitigation team, has documented a significant increase in dynamic Distributed Denial-of-Service (DDoS) attacks using multiple vectors and techniques to launch botnet-based, direct-path, state exhaustion, and application-layer attacks designed to evade conventional static network and cloud-only-based DDoS defences.

Carpet-bombing attacks have risen by more than 110%. They are particularly challenging for SOC teams to mitigate using conventional means as these attacks target large swaths of IP addresses versus a single host, and generate hundreds or thousands of alerts per attack.

“Direct path attacks are overtaking reflection/amplification as the most popular DDoS attack vector, and they are increasingly botnet-driven, multi-vector, and dynamically adjusted in real time,” said Patrick Donegan, Founder and Principal Analyst, HardenStance. “ASERT analyses highly curated data from its ATLAS Intelligence Feed (AIF) and uses ML-based algorithms to recommend changes to attack countermeasures to stop DDoS attacks. Automating this functionality to bring intelligence into its Adaptive DDoS Protection functionality makes Arbor TMS even more compelling in mitigating DDoS attacks.”

Adaptive DDoS Protection analyses traffic in real time and automatically implements threat intelligence-driven mitigations and countermeasures to block dynamic DDoS attacks as they evolve. Adaptive DDoS Protection gives SOC teams a scalable, always-on, stateless packet processing solution that uses unmatched visibility into more than 50% of all Internet traffic, real-time global DDoS attack threat intelligence, and decades of DDoS mitigation experience to automatically detect, adapt to, and mitigate dynamic DDoS attacks.

Defending against carpet bombing

Carpet bombing attacks are one of the most devastating distributed attacks bad actors can initiate since they target large ranges of IP addresses simultaneously, generating thousands of attack alerts that are impossible for SOC teams to manage. Through Adaptive DDoS Protection, NetScout has introduced a new way to understand DDoS traffic at the network level across all subnets; to detect and report on carpet bombing attacks in one, easy-to-understand alert.

NetScout’s ML-based Precise Protection Prefix technology automatically determines the specific IP ranges targeted by the attack. It then automatically redirects those to Arbor TMS for mitigation, even as the attack moves around the network to different targets. This Adaptive DDoS Protection capability dramatically improves the detection and mitigation of carpet-bombing attacks.

“Defending a network requires as much knowledge about your adversary as possible,” said Scott Lekel-Johnson, AVP, DDoS and Threat Intelligence at NetScout. “We have embedded our global threat intelligence and decades of attack mitigation experience into this product. It is like having an ASERT analyst at your side 24/7. Our Adaptive DDoS Protection finds attacks that other solutions miss through dynamic detection and intelligent redirection to enable Arbor TMS to mitigate DDoS attacks better than any other solution on the market.”




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Local-first data security is South Africa's new digital fortress
Infrastructure Information Security
With many global conversations taking place about data security and privacy, a distinct and powerful message is emerging from South Africa: the critical importance of a 'local first' approach to data security.

Read more...
Software security is a team sport
Information Security Infrastructure
Building and maintaining secure software is not a one-team effort; it requires the collective strength and collaboration of security, engineering, and operations teams.

Read more...
Electrical fire safety in lithium-ion battery rooms
Fire & Safety Residential Estate (Industry) Products & Solutions
Pratliperl is a non-combustible, ultra-lightweight aggregate that can be mixed with cement and applied as a plaster or screed to walls, floors, and ceilings. When applied at just 30 mm thickness, it delivers a two-hour fire rating.

Read more...
The first choice for electric fence management
Stafix Perimeter Security, Alarms & Intruder Detection Residential Estate (Industry) Products & Solutions
In South Africa, over 500 housing estates use JVA Perimeter Patrol, making it a widely used Electric Fence Management providing seamless integration with alarms, CCTV, VMS, access control and control room third-party software.

Read more...
New JVA MBxL energiser range
Stafix Perimeter Security, Alarms & Intruder Detection Residential Estate (Industry) Products & Solutions
The latest MBxL energisers stand out for their simplicity, allowing you to push the “On” button and have the unit tick away, or to configure it through our virtual keypad (VKP).

Read more...
Reliability, innovation and flexibility
Entry Pro Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Through constant innovation and advancement in technology and systems, Entry Pro strives to provide its clients with not only the most suitable, but also the most advanced solution.

Read more...
Smarter security with automated visitor management
LD Africa Access Control & Identity Management Residential Estate (Industry) Products & Solutions
Automated visitor management solutions, like LD Access, are transforming this process by reducing human workload, while enhancing security and efficiency.

Read more...
Stronger cloud protection
Kaspersky Information Security Products & Solutions
Kaspersky has announced the release of an enhanced version of its Kaspersky Cloud Workload Security, delivering advanced protection for hybrid and multi-cloud environments.

Read more...
Data resilience at VeeamON
Technews Publishing SMART Security Solutions Infrastructure Information Security
SMART Security Solutions attended the VeeamON Tour in Johannesburg in August to learn more about data resilience and Veeam’s initiatives to enhance data protection, both on-site and in the cloud.

Read more...
Troye exposes the Entra ID backup blind spot
Information Security Infrastructure
If you trust Microsoft to protect your identity, think again. Many organisations naively believe that Microsoft’s shared responsibility model covers Microsoft Entra?ID – formerly Azure AD – but it does not.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.