NETSCOUT Security & Arbor DDoS Solutions lead the market in helping Service Providers and Enterprises detect and mitigate the wide variety of advanced DDoS attacks and cyber threats which can reduce availability, cripple performance, and drain resources across the Internet. All Arbor solutions are backed by the global visibility and threat intelligence from ATLAS™ and Arbor Security Engineering and Research Team (ASERT), bringing insight into the latest trends and threats that our customers face.

While ASERT performs its own research and analysis, the success of Arbor’s visibility and threat intelligence is truly built on our global community of customers sharing information about the threats and attacks individually witnessed with the broader community, via Arbor’s Data Sharing program. The Data Sharing program provides non-personally identifiable information about attacks back to NETSCOUT so we may analyze the incidents and disseminate information back to our community of customers so everybody may benefit.

Why Should I Participate?

The very nature of the kinds of attacks that NETSCOUT solutions protect against means that a new attack methodology or source seen on one side of the globe may be seen on the opposite side of the world within days. The best way to respond to this rapid escalation of threat is via the global community working together to share information via automated means through a trusted provider, creating both speed and scale in the ability to respond.

What Is Being Shared?

NETSCOUT Arbor Edge Defense (AED) Arbor APS Customers

NETSCOUT AED and Arbor APS Customers participating in the data sharing program provides feedback on the Arbor Intelligence Feed (“AIF”), in which AED/APS shares statistics about the traffic that matches the AIF policies. The feedback includes high-level threat data and does not contain any information that identifies your organization, such as IP addresses or payload data. This feedback helps NETSCOUT confirm the effectiveness of the ATLAS threat protection intelligence and continually improve the AIF content. For example, NETSCOUT uses the feedback data to improve the confidence values that it assigns to AIF policies. AED/APS also sends information about its performance and configuration. You can choose to provide the location of your organization and your industry to help further improve the research and analysis of Arbor’s advanced threat protection intelligence.

Data elements shared include: Byte & Packet volumes, volumes of traffic blocked or dropped, policies and blacklists triggered, Source IP of attacks & associated volumes from IPs, AED/APS System health (CPU & Memory consumption), Hosts blocked, Number of connections, webcrawlers encountered

Arbor SP/TMS Customers

Arbor SP/TMS customers participating in the data sharing program share the following information with Arbor: anonymous information about SP deployment size, anonymized SP web UI usage statistics, and anonymized TMS mitigation setting values. SP also shares the following information with NETSCOUT: medium and high severity DoS alerts; top TCP applications, UDP applications, protocols, and packet lengths; and anonymous information about overall network traffic, both incoming and outgoing. You can choose to provide the location of your organization and your provider type.

When you share IP addresses that are associated with the DoS alerts, you can choose the level of anonymization for the IP addresses within your network. You can mask those internal IP addresses or convert them to cryptographic hash values. If you share the IP addresses with no anonymization, NETSCOUT can correlate data between ATLAS participants and with other data sources to helps identify DDoS attack patterns. NETSCOUT has no way to associate the IP addresses in this shared data to the identity of a natural person.

How is the information transmitted?

The data from Arbor products that you choose to share with NETSCOUT is sent over an HTTPS encrypted channel. To reduce the risk of misuse, NETSCOUT hides the data sources by anonymizing and/or aggregating the shared data.  NETSCOUT will not identify you to any third party as the source of such data.

How will NETSCOUT use this information?

NETSCOUT may use your shared data for research and business purposes, including but not limited to research and analysis of network traffic and threat data, deriving statistical, usage data and other data related to the functionality of the software and services, improving the software and the services, developing and making available other products and services, and sharing such data with affiliates, business partners, and may combine or incorporate it with or into other data and information available, derived or obtained from other licensees, users and/or any other sources. Additionally, NETSCOUT reserves the right to employ such data with various NETSCOUT programs and technologies, including but not limited to ATLAS, AED/APS, AED/APS Management Console, SP, TMS, Spectrum, and NSI.

Shared data provided to NETSCOUT, to the extent applicable, will be subject to NETSCOUT’s Privacy Policy which can be accessed here and with NETSCOUT’s GDPR compliance program. For more information about NETSCOUT’s GDPR compliance program, please visit here.

Because NETSCOUT does not control the content of the shared data provided to NETSCOUT, or how customers handle any personal information that may be part of their traffic, NETSCOUT is not responsible for customer’s privacy practices.