With unprecedented large-scale work-from-home policies being enforced, the VPN gateway has become a crucial, but weak link in the chain of communication from home/remote users to corporate resources. A DDoS attack poses a major threat to the availability of the VPN gateway. Running at or near capacity, even a small DDoS attack can impact the performance or bring down a VPN gateway.
The result? Business essentially stops for the remote/home user.
There are two types of DDoS attacks that are designed to impact a VPN gateway:
TCP State Exhaustion Attack
A TCP State Exhaustion attack is specifically designed to fill the TCP state table with bogus TCP connections. When this occurs in the VPN gateway, legitimate users cannot traverse through the gateway to the corporate resources behind it.
Network Layer Flooding Attack
A VPN gateway interface will typically be smaller in size than its upstream internet circuit size, so a DDoS attack doesn’t have to be as large - only large enough to saturate the VPN gateway’s network interfaces. From the user’s perspective, the corporate resources are down.
When a VPN gateway is performing poorly or is down, it can manifest itself as a network problem. As such, it can be challenging to determine the cause of the problem using traditional network management and troubleshooting tools. What’s required is smart visibility into network traffic coming into the VPN gateway that can detect traffic anomalies that are indicative of a DDoS attack.
NETSCOUT’s Arbor Edge Defense (AED) is such a solution. AED is an inline security appliance (or virtual device) deployed at the network perimeter, in between the internet router and VPN Gateway/ firewall. Because AED uses highly scalable, stateless packet processing technology, it is not susceptible to TCP state exhaustion attacks and others that can impact a VPN gateway.
Detecting a DDoS attack is not enough. Stopping it before it impacts the availability of the VPN gateway is what’s required to maintain remote worker productivity. In addition to blocking the attack, AED provides real-time and post attacks details such as attack type, size, rate, protocols, and more, enabling the user to interact with and modify mitigation countermeasures as required.
AED’s on-premise location, stateless packet processing technology, automatic detection, and mitigation of DDoS attacks are the best practice in defense of VPN gateways and to maintain remote/home user access to corporate resources.
Resources
Global Logistics Company Prevents DDoS Attacks While Ensuring Worldwide Package Delivery, Despite Pandemic Onslaught
One of the largest logistics companies in the world historically used multiple service providers to protect their global datacenters. NETSCOUT helped them simplify their DDoS mitigation infrastructure by replacing the different service providers with one single provider-agnostic service that could also cover all global locations.
European Power Company Increases DDoS Attack Management to Ensure Coverage of VPN Traffic Overload Due to Pandemic
NETSCOUT’s flexibility in licensing, global presence and ability to react swiftly enabled the customer to meet their crisis goals quickly and efficiently.
Market Leading Global Personal Insurer Meets Government Security Regulations Despite Increased VPN Traffic Due to Global Pandemic
With employees at this market-leading personal insurer now working from home, existing VPN capacity was overwhelmed. NETSCOUT responded quickly to ensure network availability and address compliance needs.
Billion-Dollar Consulting Firm Increases DDoS Attack Management to Ensure Amplified Employee VPN Traffic Coverage Due to Coronavirus
A US based global professional services firm uses Arbor Edge Defense in data centers to provide DDoS protection. The initial push for the AED devices was to provide protection for the VPN gateways so work-from-home employees productivity would not be affected.
Global Financial Services Leader Maximizes Security on VPNs Used by Employees As They Work-From-Home Due to Global Pandemic
This global financial services leader takes security protection seriously. They are protecting their inbound traffic and in-house applications with Arbor Cloud and Arbor Edge Defense for employees working from home through VPNs due to the Coronavirus.
European Central Bank Increases DDoS Attack Management to Mirror Internet Traffic Surge Due to Global Pandemic
This European System central bank implemented a number of AED’s for threat management on their business networks, including employee VPN access. The AED devices protect locally until the Internet bandwidth is consumed and then automatically sends the higher levels of traffic to their ISP for mitigation.