Actionable Threat Intelligence Is Required to Automatically Stop Zero-Day DDoS Attacks

A Zero-Day distributed denial-of-service (DDoS) attack is an attack that does not have a known solution. It is referred to as a “Zero-Day” threat because once the defect is uncovered, you have zero days to come up with a solution.

Defeating Zero-Day DDoS attacks with Adaptive DDoS Defenses

One of the most challenging aspects of DDoS defense is the fact that attackers can use literally any type of packet to launch DDoS attacks. Constant innovation by adversaries means that organizations must be prepared to defend against Zero-Day DDoS attack vectors that have never been seen before. 

Security is additive in nature; well-known attack vectors never disappear, and attackers are constantly engaged in an arms race to create new, more effective DDoS attack vectors and methodologies. The ubiquity of DDoS extortion and ideologically driven DDoS attack campaigns means that threat actors are highly motivated to perform extensive pre-attack reconnaissance, select attack assets that are topologically adjacent to their targets (offering fewer opportunities for detection and mitigation), and monitor the efficacy of their attacks in real-time, changing vectors and specific targets as they attempt to evade DDoS defenses.

To counter such adaptive DDoS attacks, organizations must implement adaptive DDoS defenses, which combine the continuous evaluation of all internet traffic directed toward critical service delivery elements with curated, operationalized threat intelligence that is directly applicable to making forwarding or drop decisions during an attack, when every second counts. 

NETSCOUT Adaptive DDoS Defense Combines Universal DDoS Protections with Unparalleled DDoS Defense Expertise

NETSCOUT Arbor Sightline/Threat Mitigation System (TMS) and Arbor Edge Defense (AED) make use of enriched anomaly-detection and evaluative countermeasures to distinguish between legitimate internet traffic and DDoS attack traffic. Because they are not predicated on static signatures but rather on a detailed understanding of internet protocol interactions, legitimate source behaviors, and normal internet traffic characteristics, these solutions are able to distinguish between contextually legitimate and illegitimate traffic, including Zero-Day DDoS attack vectors that have never been seen in the wild. 

NETSCOUT’s ASERT team, composed of renowned DDoS defense experts with decades of unmatched hands-on DDoS mitigation experience, continually researches new DDoS attack vectors, performs internet reconnaissance to identify the specific DDoS-capable bots and reflectors/amplifiers that are actively being leveraged to launch attacks, generate threat advisories with accompanying example DDoS mitigation templates, and publishes this curated and operationalized DDoS threat intelligence via the NETSCOUT ATLAS Intelligence Feed (AIF). NETSCOUT Sightline/TMS and AED utilize this AIF threat intelligence in conjunction with their onboard evaluative capabilities to make informed forwarding and drop decisions, incorporating ASERT’s eight-plus decades of combined DDoS defense expertise to mitigate the most sophisticated and challenging DDoS attacks while maximizing availability. 

With visibility into more than 38,000 DDoS attacks per day via the ATLAS system, NETSCOUT ASERT utilizes the broadest and deepest data horizon in the industry to proactively identify new DDoS attack vectors and methodologies, replicate them in the ASERT Virtual Lab, and publish AIF filter lists, AED policies, AIF templates, and ASERT threat advisories that provide direct, in-solution mitigation assistance as well as detailed descriptions of these threats and guidance on defending against them.

In a world where attackers have seemingly endless time and resources at their disposal, incorporating NETSCOUT ASERT’s real-world adaptive DDoS defense into your internet defenses ensures that it is the attackers who are outnumbered, outmatched, and outclassed.

Learn more about NETSCOUT’s Arbor DDoS attack protection system here.