Artificial Intelligence and Machine Learning Enable Adaptive DDoS Protection

Modern DDoS attacks require advanced detection and mitigation.

Illuminating binary code

NETSCOUT’s Arbor DDoS protection solutions, powered by our ATLAS Threat Intelligence Feed (AIF), are continuously updated by ASERT, our team of security analysts and researchers who are constantly analyzing active distributed denial-of-service (DDoS) attacks across the global internet. Our unique Adaptive DDoS Protection (ADP) is built using machine learning from our rich data lake of known DDoS attack vectors, methods, sources, and behavioral patterns. In addition, preconfigured objects and mitigation templates enable precise, effective isolation and mitigation of attacks. This artificial intelligence allows for the detection and mitigation of attacks that are below most alarm thresholds.

ADP informs tools such as NETSCOUT’s Arbor Sightline, Arbor Threat Mitigation System (TMS), and Arbor Edge Defense (AED) to help focus mitigation on the specific attack campaign in progress. ADP ensures that every mitigation is more effective, both in reducing the attack and in enabling legitimate traffic to continue to pass.

Although ADP is part of AIF, it is also a component of the mitigation. As an attack dynamically changes, ADP can track and detect these changes to adjust its mitigation as it goes.                    

HLifecycle of Attack & Mitigation - Detect, Alert, Update Blocking and Analyze

ADP is enabled by our unrivaled global visibility into the DDoS threat landscape. In partnership with global network operators, we developed our global sensor network over 25 years in the DDoS space. Today we see more than 420 terabits of internet traffic every second. Our visibility spans more than 230 countries and territories, more than 600 industry verticals, more than 31,000 autonomous system numbers (ASNs), and tens of millions of attacks per year. This threat intelligence data lake is part of our ATLAS system, which is managed and monitored by ASERT—a team of security analysts and researchers with decades of experience analyzing the most challenging DDoS attacks and designing mitigations to surgically block them. The ASERT team currently tracks more than 1.3 million bots and 500,000 known abusable reflection and amplification systems that are actively participating in DDoS attacks around the globe. This threat intelligence is continuously fed to each of our devices and solutions via AIF to aid in detecting most DDoS attacks. In fact, our experience has shown that using AIF alone can sometimes block as much as 80 to 90 percent of DDoS attack traffic.

We’ve taken real-world proven mitigation experience from ASERT and embedded this into our Arbor products for automated mitigation. NETSCOUT Arbor DDoS protection solutions with ADP execute real-time traffic analysis and machine learning to inspect and analyze traffic in deeper granularity to detect and classify specific attack vectors dynamically and intelligently. These solutions can detect zero-minute attacks and changes to attack vectors. Once the attack is detected and classified, the solution understands the optimal mitigation method that can be used to surgically block the specific attack. Unlike solutions that employ hard-coded logic, an adaptive DDoS protection approach combines intelligent machine learning algorithms with dynamically updated actionable DDoS threat intelligence. Adaptive DDoS defenses can identify changing attack vectors in real time based on both software and human security expertise. For example, when one of our solutions detects an attack, the traffic is further analyzed in real time to provide additional automated countermeasures. This analysis is continuously updated as characteristics of the attack traffic change.

When defending against DDoS attacks, rapid detection is key to stopping an attack before it can impact services. By leveraging decades of attack mitigation experience, combined with unparalleled visibility and machine learning algorithms, NETSCOUT’s Adaptive DDoS Protection provides the most rapid and effective mitigation available.

To learn more about how NETSCOUT’s Arbor DDoS solutions can protect your organization, reach out to your local account team or contact us here.