NETSCOUT SYSTEMS, INC., a renowned provider of performance management, cybersecurity, and DDoS attack defense solutions, has unveiled Adaptive DDoS Protection for its Arbor® Threat Mitigation System (TMS). This enhancement is set to revolutionize the identification of distributed attacks that exhibit dynamic vector changes and simultaneously target numerous destination IP addresses.
NETSCOUT’s expert security research and DDoS attack mitigation team, ASERT, has observed a notable surge in dynamic Distributed Denial-of-Service (DDoS) attacks employing multiple vectors and tactics. These attacks encompass botnet-driven, direct-path, state exhaustion, and application-layer strategies, deliberately designed to elude traditional static network and cloud-based DDoS defenses. Notably, carpet-bombing attacks have surged by over 110%, posing a formidable challenge to Security Operations Center (SOC) teams due to their broad IP address targeting and the generation of a multitude of alerts per attack.
Patrick Donegan, founder and principal analyst at HardenStance, highlighted the evolving landscape of DDoS attacks, stating, “Direct path attacks are surpassing reflection/amplification as the most prevalent DDoS attack vector, and they are becoming increasingly botnet-powered, multi-faceted, and dynamically adaptable in real-time. NETSCOUT possesses unparalleled expertise in DDoS attacks. ASERT leverages highly curated data from its ATLAS Intelligence Feed (AIF) and deploys machine learning (ML)-based algorithms to recommend adjustments to countermeasures for thwarting DDoS attacks. By automating this functionality within Adaptive DDoS Protection, NETSCOUT’s Arbor TMS becomes even more compelling in countering DDoS attacks.”
Adaptive DDoS Protection carries out real-time traffic analysis and automatically implements threat intelligence-driven countermeasures to thwart evolving DDoS attacks. It offers SOC teams a scalable, always-on, stateless packet processing solution, leveraging extensive visibility into more than 50% of all internet traffic, real-time global DDoS threat intelligence, and decades of DDoS mitigation expertise. This enables the system to automatically identify, adapt to, and mitigate dynamic DDoS attacks.
Combatting Carpet Bombing
Carpet bombing attacks represent some of the most devastating tactics employed by malicious actors, as they target large IP address ranges simultaneously, resulting in thousands of unmanageable attack alerts for SOC teams. Through Adaptive DDoS Protection, NETSCOUT has introduced an innovative approach to comprehend DDoS traffic at the network level across all subnets, identifying and reporting on carpet bombing attacks with a straightforward alert. NETSCOUT’s ML-powered Precise Protection Prefix technology automatically identifies the specific IP ranges under attack and redirects them to Arbor TMS for mitigation, even as the attack shifts across the network to different targets. This capability significantly enhances the detection and mitigation of carpet-bombing attacks.
Scott Iekel-Johnson, AVP, DDoS and Threat Intelligence at NETSCOUT, emphasized the importance of understanding adversaries in network defense, stating, “We have embedded our global threat intelligence and decades of attack mitigation experience into this product. It’s like having an ASERT analyst at your side 24/7. Our Adaptive DDoS Protection uncovers attacks that other solutions miss through dynamic detection and intelligent redirection, enabling Arbor TMS to outperform any other solution on the market in countering DDoS attacks.”
