Battling Complex Multivector Attacks with Adaptive DDoS Protection

How to defend against attacks designed to evade existing defenses

Would be hacker at computer

Defending your network efficiently requires as much knowledge about your adversary as possible and the ability to operationalize that knowledge to adapt defenses to the attacker’s ever-changing tactics. The NETSCOUT DDoS Threat Intelligence Report’s latest findings indicate that volumetric reflection/amplification attacks are stabilizing because they are well-known and defensible, while more sophisticated direct-path, multivector, application-layer, and carpet-bombing attacks are rising. These attacks can sometimes go unchecked because they appear as service outages or nuisance application downtime and then continually evolve to confuse defenses and security personnel.

The attackers accomplish this by scanning existing target defenses and adapting their attacks to evade those defenses and take advantage of network vulnerabilities. These multivector attacks use state-exhaustion, application-layer, and other attack vectors that are typically smaller in size and duration, making them even more difficult to identify and mitigate, especially for upstream protection. For the administrator or security personnel, it can turn into a frustrating game of whack-a-mole. Any of these situations can lead to the disruption of network and service availability and a drop in productivity, tarnishing brand reputation, customer trust, and revenue.

Multi-Vector Attack Breakdown Report

Adaptive distributed denial-of-service (DDoS) protection for Arbor Edge Defense (AED) is NETSCOUT’s artificial intelligence (AI) and machine learning (ML)-powered innovation to address this challenge specifically. One of the typical drawbacks of employing AI or ML algorithms modeled after large language models (LLMs) is that the data produced cannot be fully trusted and could lead to blocking legitimate traffic. At NETSCOUT, to provide reliable cybersecurity protection, we depend on having deterministic, predictable results from any algorithm used in our solutions without requiring manual human review. Our adaptive DDoS protection approach combines intelligent ML algorithms with dynamically updated actionable DDoS threat intelligence.

NETSCOUT’s adaptive DDoS defenses adapt to changing attack vectors in real time due to both software and human security expertise. This approach helps to detect attacks, identify the nature of the attack, and recommend specific countermeasures or configurations of AED to optimally block only the attack traffic and not legitimate traffic. Once attacks have been identified, adaptive DDoS protection alerts users from within NETSCOUT Arbor Enterprise Manager (AEM) with specific attack details as well as recommendations regarding updating countermeasure configurations to block the newly detected attacks.

The most important part of our on-site real-time traffic analysis technology is the ability to understand the optimal mitigation method that can be used to surgically block newly uncovered attacks. The mitigation countermeasures are presented in the AEM attack analysis workflow. The attack analysis workflow is the management tool for configuring and applying the recommended countermeasures across your full AED deployment.

Because complex multivector dynamic DDoS attacks are becoming the norm, organizations must implement DDoS defenses that can adapt to changing attack characteristics and proactively mitigate attacks. Reactive or static mitigation provides room for costly damage to business productivity and reputation. AED with adaptive DDoS protection is the only solution in the market to address the challenge of dynamic DDoS attacks.

Learn more about adaptive DDoS.