Shifts in DDoS Techniques & Infrastructure Necessitate Automated DDoS Protection
NETSCOUT Security Solutions Director Gary Sockrider recently joined NETSCOUT AVP of Global Services Operations Steve Sviontek on our “NO LATENCY” podcast to discuss the latest in distributed denial-of-service (DDoS) tactics and mitigation techniques. Sockrider is a 20-year cybersecurity veteran with experience on all sides—including manufacturers, vendors, customers, tech support, and more—with the last 11-plus years spent at NETSCOUT, most recently focused on the NETSCOUT Arbor DDoS product line.
In the podcast, Sockrider discusses several topics, including the benefits of the NETSCOUT Arbor DDoS solution. This packet-based DDoS protection solution harnesses the power of deep packet inspection to provide actionable, digestible metadata, making analysis and mitigation easier and expediting the resolution of DDoS attacks. Actionable intelligence helps security teams prevent downtime and block malicious traffic more readily than any other solution on the market. It is powered by NETSCOUT’s Visibility Without Borders platform, which helps shed light on common network blind spots by providing a full network view. NETSCOUT also powers the Arbor solution set with continuous research to ensure protection against the latest and most common DDoS attack methods.
Keeping Up With the Threat Actors
Sockrider goes on to speak about the latest DDoS attack techniques. Threat actors are shifting from using compromised bots such as Internet of Things (IoT) devices, which are easily blocked because they are used time and time again, to creating their infrastructure. To build this infrastructure, they use common cloud platforms including AWS, Google Cloud, and Microsoft Azure. This allows them to control their DDoS attack sources, whereas botted devices can be removed by patches and other security measures. By building their infrastructure, threat actors have complete control over their arsenal. This infrastructure can be used several times. Usage of specific assets can be paused for a time as they are flagged by mitigation providers, such as NETSCOUT, and then booted back up as the notoriety of the IP addresses reduces. This is because DDoS protection solutions cannot block everything all the time, which would lead to healthy traffic being blocked in addition to malicious traffic.
The cutting-edge research at the core of NETSCOUT’s Visibility Without Borders platform is powered by NETSCOUT’s ASERT team, a group of the best DDoS threat intelligence experts in the industry. The group is singularly focused on understanding the current threat landscape to provide the most complete DDoS protection available. It conducts round-the-clock research to gain a deep understanding of the current threat landscape, which is then analyzed to transform knowledge into actionable intelligence. ASERT’s analysis is powered by ATLAS, NETSCOUT’s global sensor network, which processes more than 420 terabits per second of internet data—the most of any DDoS protection provider. ATLAS triangulates metrics to answer the question “What did the most damage most recently and the most often?”
This actionable intelligence is incorporated into the ATLAS Intelligence Feed (AIF), which is directly integrated into Arbor products, to block the most current threats. AIF is updated as often as needed, sometimes hourly, to ensure the most complete protection available. This automated DDoS protection allows NETSCOUT to say, with confidence, that as much as 90 percent of attacks can be blocked before they cause any damage. The remaining attacks that are not blocked by AIF are handled by other mechanisms NETSCOUT Arbor products employ to provide the most robust protection available.
DDoS attacks are different from the typical cyberattack. These adversaries are not going after the “crown jewels,” as Sockrider says, but instead aim to deny the availability of key infrastructure, including applications, network functions, websites, and more. The key is to block just enough suspicious traffic because you cannot block everything but also cannot block too little. This allows for a balance of blocking known malicious traffic sources while allowing legitimate traffic to pass through protection.
More Protection? It’s on Its Way
So what’s next for NETSCOUT Arbor DDoS protection? NETSCOUT aims to integrate additional automated DDoS protection mechanisms into the product line to block even more traffic with little to no work required for security teams. This is done via complex algorithms that aim to mimic what a threat analyst would find, expediting the blocking of current threats and allowing NETSCOUT to evolve and improve the Arbor product line continuously.
NETSCOUT Arbor DDoS protection is the industry standard for detection and mitigation solutions. The continuous improvements and evolutions, powered by a dedicated research and analysis team, allow the products to provide the most complete, up-to-date automated DDoS protection possible.