With unprecedented large-scale work-from-home policies being enforced, the VPN gateway has become a crucial, but weak link in the chain of communication from home/remote users to corporate resources. A DDoS attack poses a major threat to the availability of the VPN gateway. Running at or near capacity, even a small DDoS attack can impact the performance or bring down a VPN gateway.
The result? Business essentially stops for the remote/home user.
There are two types of DDoS attacks that are designed to impact a VPN gateway:
TCP State Exhaustion Attack
A TCP State Exhaustion attack is specifically designed to fill the TCP state table with bogus TCP connections. When this occurs in the VPN gateway, legitimate users cannot traverse through the gateway to the corporate resources behind it.
Network Layer Flooding Attack
A VPN gateway interface will typically be smaller in size than its upstream internet circuit size, so a DDoS attack doesn’t have to be as large - only large enough to saturate the VPN gateway’s network interfaces. From the user’s perspective, the corporate resources are down.
Global Logistics Company Prevents DDoS Attacks While Ensuring Worldwide Package Delivery, Despite Pandemic Onslaught
One of the largest logistics companies in the world historically used multiple service providers to protect their global datacenters. NETSCOUT helped them simplify their DDoS mitigation infrastructure by replacing the different service providers with one single provider-agnostic service that could also cover all global locations.
European Power Company Increases DDoS Attack Management to Ensure Coverage of VPN Traffic Overload Due to Pandemic
NETSCOUT’s flexibility in licensing, global presence and ability to react swiftly enabled the customer to meet their crisis goals quickly and efficiently.
Market Leading Global Personal Insurer Meets Government Security Regulations Despite Increased VPN Traffic Due to Global Pandemic
With employees at this market-leading personal insurer now working from home, existing VPN capacity was overwhelmed. NETSCOUT responded quickly to ensure network availability and address compliance needs.
Billion-Dollar Consulting Firm Increases DDoS Attack Management to Ensure Amplified Employee VPN Traffic Coverage Due to Coronavirus
A US based global professional services firm uses Arbor Edge Defense in data centers to provide DDoS protection. The initial push for the AED devices was to provide protection for the VPN gateways so work-from-home employees productivity would not be affected.
Global Financial Services Leader Maximizes Security on VPNs Used by Employees As They Work-From-Home Due to Global Pandemic
This global financial services leader takes security protection seriously. They are protecting their inbound traffic and in-house applications with Arbor Cloud and Arbor Edge Defense for employees working from home through VPNs due to the Coronavirus.
European Central Bank Increases DDoS Attack Management to Mirror Internet Traffic Surge Due to Global Pandemic
This European System central bank implemented a number of AED’s for threat management on their business networks, including employee VPN access. The AED devices protect locally until the Internet bandwidth is consumed and then automatically sends the higher levels of traffic to their ISP for mitigation.