NETSCOUT Security & Arbor DDoS Solutions lead the market in helping Service Providers and Enterprises detect and mitigate the wide variety of advanced DDoS attacks and cyber threats which can reduce availability, cripple performance, and drain resources across the Internet. All Arbor solutions are backed by the global visibility and threat intelligence from ATLAS™ and the ATLAS Security Engineering and Research Team (ASERT), bringing insight into the latest trends and threats that our customers face.
While ASERT performs its own research and analysis, the success of Arbor’s visibility and threat intelligence is built on our global community of customers sharing information about the threats and attacks individually witnessed with the broader community, via Arbor’s Data-Sharing program. The Data-Sharing program provides information about attacks back to NETSCOUT so we may analyze the incidents and disseminate information back to our community of customers so everybody may benefit. Our customers choose the type of information shared with NETSCOUT using the options provided by our products.
Why should I participate?
The very nature of the kinds of attacks that NETSCOUT solutions protect against means that a new attack methodology or source seen on one side of the globe may be seen on the opposite side of the world within days. The best way to respond to this rapid escalation of threat is via the global community working together to share information via automated means through a trusted provider, creating both speed and scale in the ability to respond.
What information is being shared?
NETSCOUT Arbor Edge Defense (AED) Customers
NETSCOUT Arbor AED customers participating in the Data-Sharing program provide feedback on the Arbor Intelligence Feed (“AIF”), in which AED shares statistics about the traffic that matches the AIF policies. The feedback includes high-level threat data and does not contain any information that identifies your organization, such as IP addresses or payload data. This feedback helps NETSCOUT confirm the effectiveness of the ATLAS threat protection intelligence and continually improves the AIF content. For example, NETSCOUT uses the feedback data to improve the confidence values that it assigns to AIF policies. AED also sends information about its performance and configuration. You can choose to provide the location of your organization and your industry to help further improve the research and analysis of Arbor’s advanced threat protection intelligence.
Data elements shared include byte and packet volumes, volumes of traffic blocked or dropped, policies and blacklists triggered, source IP of attacks and associated volumes from IPs, AED system health (CPU & memory consumption), hosts blocked, number of connections, and webcrawlers encountered.
Arbor Sightline/Threat Mitigation System (TMS) Customers
Arbor Sightline/TMS customers participating in the Data-Sharing program share the following information with NETSCOUT: anonymous information about Sightline deployment size, anonymized Sightline web UI usage statistics, and anonymized TMS mitigation setting values. Sightline also shares the following information with NETSCOUT: medium and high severity DoS alerts; top TCP applications, UDP applications, protocols, and packet lengths; and anonymous information about overall network traffic, both incoming and outgoing. You can also choose to provide the location of your organization and your provider type.
When you share IP addresses that are associated with the DoS alerts, you can choose the level of anonymization for the IP addresses within your network. You can mask those internal IP addresses or convert them to cryptographic hash values. If you share the IP addresses with no anonymization, NETSCOUT can correlate data between ATLAS participants and with other data sources to help identify DDoS attack patterns. NETSCOUT has no way to associate the IP addresses in this shared data to the identity of a natural person.
How is the information transmitted?
The data from Arbor products that you choose to share with NETSCOUT is sent over an HTTPS encrypted channel. To reduce the risk of misuse, NETSCOUT hides the data sources by anonymizing and/or aggregating the shared data. NETSCOUT does not identify you to any third party as the source of such data.
How does NETSCOUT use this information?
NETSCOUT may use your shared data for research and business purposes, including but not limited to, research and analysis of network traffic and threat data, deriving statistical, usage data and other data related to the functionality of the software and services, improving the software and the services, developing and making available other products and services, and sharing such data with affiliates, business partners, and may combine or incorporate it with or into other data and information available, derived or obtained from other licensees, users and/or any other sources. Additionally, NETSCOUT reserves the right to employ such data with various NETSCOUT programs and technologies, including but not limited to ATLAS, AED, Arbor Enterprise Manager, Sightline, and TMS.
Because NETSCOUT does not control the content of the shared data provided to NETSCOUT, or how customers handle any personal information that may be part of their traffic, NETSCOUT is not responsible for customer’s privacy practices.