Stop Dynamic DDoS Attacks with Intelligence-Driven, Adaptive DDoS Protection

DDoS attacks are evolving. The new preferred method of DDoS attack is a multi-vector dynamic direct path attack that adjusts vectors and methodologies to continually evade existing DDoS defenses. Add to this the ransomware, phishing attempts, and compromised IoT devices and you can see how organizations are under constant risk from all types of advanced cyber threats. To address these evolving threats, security teams need solutions that can dynamically adapt to the changing attacks - both entering or leaving their networks. Just as importantly, these solutions must also be able to integrate into an organization’s existing security stack and/or consolidate functionality to reduce cost, complexity, and risk.

NETSCOUT Arbor Edge Defense (AED) is uniquely positioned on the network edge (i.e., between the internet router and the firewall) to provide an inline, always-on, first and last line of defense. Using stateless packet processing, continuous global threat intelligence, decades of DDoS protection and mitigation expertise, and patented adaptive DDoS defense technology, AED can automatically stop inbound, dynamically changing DDoS attacks and outbound communication from internal compromised devices communicating with threat actor command and control (C2) infrastructure. Arbor Enterprise Manager provides a centralized and scalable single-pane-of-glass console for managing all AEDs.

Network Perimeter Security Benefits

Intelligence Driven, Adaptive DDoS Defense

Protect the availability of critical services from dynamically changing DDoS attacks with actionable, global threat intelligence and automated, adaptable attack analysis and mitigation.  

A Single Solution for Pervasive DDoS Protection

Use a single DDoS attack protection solution to protect services and assets whether deployed on-premises, in a colocation center, or in a public cloud (e.g., AWS).

A First and Last Line of Cyber Threat Defense

Strategically located at the network edge to enable the blocking of inbound DDoS threats and outbound communication from compromised internal hosts to outside command and control infrastructure that all other security tools have missed.

Defense at the Network Edge
Click to enlarge image

Defense at the Network Edge

Deployed in between the firewall and internet router, and using highly scalable stateless packet processing technology, Arbor Edge Defense acts as a network edge threat intelligence enforcement point where it blocks in bulk, inbound cyber threats (e.g. DDoS attacks, IOCs) and outbound malicious communication - essentially acting as the first and last line of cyber threat defense for an organization at the network perimeter.

How to Block Ransomware from Your Network
Video

How to Block Ransomware from Your Network

Arbor Edge Defense can do more than DDoS mitigation. It can detect and block outbound indicators of compromise (IOCs) that go undetected by other tools in your security stack. For example, AED can detect and block malware known to seed ransomware before the decryption occurs.

Arbor Edge Defense can do more than DDoS mitigation

94% of surveyed IT organizations who selected effectively stopping complex DDoS attacks or effectively stopping state-exhaustion DDoS attacks agree that NETSCOUT Arbor Edge Defense and Arbor Cloud DDoS Protection helps solve cybersecurity challenges by detecting and blocking both inbound and outbound IoCs as well as other cyber threats.

- TechValidate survey of 35 users of NETSCOUT Arbor Edge Defense and/or Arbor Cloud

Features

  • Adaptive DDoS Protection

    Effectively detect and mitigate ever-changing DDoS attacks without impacting legitimate services by automatically detecting new attack techniques and providing targeted mitigation. Enabled by dynamic traffic analysis technology, global attack visibility, adaptive intelligence and decades of DDoS domain expertise.

  • Enterprise Scale and Multi-Layer Defense in-Depth

    Centralized and scalable visibility for management of all deployed AEDs from a single pane of glass through Arbor Enterprise Manager. Intelligently integrates with Arbor Cloud for comprehensive, hybrid DDoS attack protection.

  • Protect Assets in AWS

    Deploy virtual AED in AWS to detect and mitigate attacks targeting assets in AWS, both from outside of AWS cloud and inside the cloud between VPCs.

  • First & Last Line of Cyber Threat Defense

    Automatically and surgically block unwanted inbound and outbound malicious traffic including malware, scanning and phishing attempts at the network edge with unparalleled threat intelligence and embedded security analysis expertise.

  • Integration with Existing Security Stack and Process

    NETSCOUT AED's REST API, support for Syslog (CEF, LEEF) and STIX/TAXII, enable NETSCOUT AED to be a fully integrated component of an organization’s existing security stack and process.

Arbor Adaptive DDoS Protection is driven by this simple efficient workflow.
Click to enlarge image

Arbor Adaptive DDoS Protection is driven by this simple efficient workflow.

Adaptive DDoS Protection

Effectively detect and mitigate ever-changing DDoS attacks without impacting legitimate services by automatically detecting new attack techniques and providing targeted mitigation. Enabled by dynamic traffic analysis technology, global attack visibility, adaptive intelligence and decades of DDoS domain expertise.

Enterprise Scale and Multi-Layer Defense in-Depth
Click to enlarge image

You can now see and manage all AEDs in your network from a single management system. This allows you to roll out mitigation recommendations automatically across your Adaptive DDoS protection footprint.

Enterprise Scale and Multi-Layer Defense in-Depth

Centralized and scalable visibility for management of all deployed AEDs from a single pane of glass through Arbor Enterprise Manager. Intelligently integrates with Arbor Cloud for comprehensive, hybrid DDoS attack protection.

AED can now protect your assets in AWS or another public cloud.
Click to enlarge image

AED can now protect your assets in AWS or another public cloud.

Protect Assets in AWS

Deploy virtual AED in AWS to detect and mitigate attacks targeting assets in AWS, both from outside of AWS cloud and inside the cloud between VPCs.

First & Last Line of Defense
Click to enlarge image

Armed with threat intelligence from NETSCOUT’s ATLAS or 3rd parties, NETSCOUT AED can act as a “last line of defense” on the network perimeter to stop outbound IoCs from compromised internal devices before the data breach occurs.

First & Last Line of Cyber Threat Defense

Automatically and surgically block unwanted inbound and outbound malicious traffic including malware, scanning and phishing attempts at the network edge with unparalleled threat intelligence and embedded security analysis expertise.

NETSCOUT AED’s support for common protocols and APIs enable it to easily become part of your security stack and process.
Click to enlarge image

NETSCOUT AED’s support for common protocols and APIs enable it to easily become part of your security stack and process.

Integration with Existing Security Stack and Process

NETSCOUT AED's REST API, support for Syslog (CEF, LEEF) and STIX/TAXII, enable NETSCOUT AED to be a fully integrated component of an organization’s existing security stack and process.

SaaS Provider of Payment Processing Solutions Protects Business from DDoS Attacks with Arbor Edge Defense
Case Study

SaaS Provider of Payment Processing Solutions Protects Business from DDoS Attacks with Arbor Edge Defense

Global SaaS provider with almost a dozen data centers around the world turned to Arbor Edge Defense for increased visibility into both inbound and outbound DDoS attacks.

What to Do If You Are Experiencing a DDoS Attack

Under DDoS Attack? Contact us. NETSCOUT’s industry leading DDoS mitigation experts provide 365/24/7 DDoS Attack Support.  
Call us for immediate assistance at +1-734-794-5099 (Intl.) or +1-844-END-DDoS (North America Toll Free).