Deterministically Accurate, Actionable Threat Intelligence at a Global Scale

As cyber threats continue to increase in frequency and sophistication, mature security teams will not only rely upon the latest cyber security technology but also highly curated threat intelligence that arms these products. NETSCOUT’s unmatched monitoring of over 50% of all internet traffic, our AI powered analysis processes and the expertise of NETSCOUT’s ASERT Team, have enabled NETSCOUT to produce more deterministically accurate and actionable threat intelligence in real-time. This actionable intelligence is published via the ATLAS Intelligence Feed and automatically arms all NETSCOUT Arbor DDoS attack protection products with the latest DDoS attack tactics and methodologies, known sources of DDoS attacks and Indicators of Compromise so organizations can protect themselves from DDoS attacks and other cyber threats and automatically adapt protections as those attacks change vectors.

Benefits

Automated Threat Intelligence to Enhance Inbound DDoS Attack Mitigation

Protect the availability of networks and services by updating AED with the highly curated threat intelligence that enables it to block inbound DDoS attacks automatically and with accuracy.

Automated Threat Intelligence to Enhance Blocking of Inbound Scanning or Brute Force Attacks

Reduce load on firewalls by automatically offloading monitoring and blocking of inbound scanning activity and brute force password attacks (e.g. SSH, telnet, SMB, etc.) to AED.

Automated Threat Intelligence to Enhance Blocking of Outbound IoCs Missed by Security Stack

AED’s deployment outside the firewall and the automated update of IoCs for the ATLAS Intelligence Feed, enable it to be a last line of defense by blocking outbound traffic from compromised internal devices to external malicious command and control infrastructure that have been missed by the security stack.

Automated Threat Intelligence Improves Adaptive DDoS Protection
Click to enlarge image

Automated Threat Intelligence Improves Adaptive DDoS Protection

Adaptive DDoS Protection or ADP is an added layer of protection that employs an automated artificial intelligence driven analysis process that detects evolving attacks that are not blocked by current countermeasures within Arbor Edge Defense (AED). It then creates recommendations within Arbor Enterprise Manager (AEM) for changes in countermeasures and configurations to block these newly detected attacks. These recommendations can also be set to automatically mitigate these new attacks. This repeating process is driven by the unmatched Threat Intelligence provided by the ATLAS Intelligence Feed.

Unmatched, Artificial Intelligence Backed Threat Intelligence
Video

Unmatched, Artificial Intelligence Backed Threat Intelligence

Defending your network against DDoS attacks requires actionable threat intelligence that automatically adapts defenses to the ever-changing attackers' tactics and techniques. NETSCOUT's advantage is our superior ATLAS global DDoS attack visibility system, which utilizes AI to automatically update the ATLAS Intelligence Feed, equipping AED with the latest DDoS attack protection intelligence.

Features

  • DDoS: Automated DDoS Reputation Blocking
  • DDoS: Automatically Prevent Blocking of Legitimate Services
  • Cyber Threats: Automated Blocking of Inbound Cyber Threats and Malicious Traffic
  • Cyber Threats: Automated Internal Threat Detection and Blocking
DDoS: Automated DDoS Reputation Blocking
Click to enlarge image

By identifying current active attackers from our unique worldwide ATLAS DDoS attack data, and identifying current active hosts that are part of DDoS botnets, AIF is designed to enable our products to detect and block inbound DDoS attacks quickly, automatically, and accurately, without the risk of false positives that can come from non-human curated automation operating in software alone.

DDoS: Automated DDoS Reputation Blocking

By identifying current active attackers from our unique worldwide ATLAS DDoS attack data, and identifying current active hosts that are part of DDoS botnets, AIF is designed to enable our products to detect and block inbound DDoS attacks quickly, automatically, and accurately, without the risk of false positives that can come from non-human curated automation operating in software alone.

Automatically assists in processes to avoid blocking search crawlers and other desirable web content that may trip DDoS countermeasures and be blocked during attack.

Improves accuracy of attack blocking while avoiding blocking legitimate traffic.
Provides significantly more intelligence from expanded analysis pipeline and intelligence sharing partnerships
 

DDoS: Automatically Prevent Blocking of Legitimate Services

Automatically assists in processes to avoid blocking search crawlers and other desirable web content that may trip DDoS countermeasures and be blocked during attack.

Improves accuracy of attack blocking while avoiding blocking legitimate traffic.
Provides significantly more intelligence from expanded analysis pipeline and intelligence sharing partnerships
 

Cyber Threats: Automated Blocking of Inbound Cyber Threats and Malicious Traffic
Click to enlarge image

Artificial Intelligence-powered Threat Intelligence allows AIF to identify known active sources of Internet vulnerability scanning and brute force exploit attempts, as well as other bulk commodity threats. Our botnet intelligence feed uses our Honeypot network to understand when known botnet hosts are trying to infect other hosts on the network. This becomes actionable intelligence because we correlate the scan results with actual attack data from our worldwide collection to identify which botnet hosts are launching attacks in real time. This is designed to enable our products to automatically detect and block commodity threats before they enter the network, and decrease the load on other security devices that may be struggling to keep up during active attacks.

Cyber Threats: Automated Blocking of Inbound Cyber Threats and Malicious Traffic

Artificial Intelligence-powered Threat Intelligence allows AIF to identify known active sources of Internet vulnerability scanning and brute force exploit attempts, as well as other bulk commodity threats. Our botnet intelligence feed uses our Honeypot network to understand when known botnet hosts are trying to infect other hosts on the network. This becomes actionable intelligence because we correlate the scan results with actual attack data from our worldwide collection to identify which botnet hosts are launching attacks in real time. This is designed to enable our products to automatically detect and block commodity threats before they enter the network, and decrease the load on other security devices that may be struggling to keep up during active attacks.

Cyber Threats: Internal Threat Detection and Blocking
Click to enlarge image

Using the breadth of our Artificial Intelligence-powered global attack intelligence, we will automatically detect, analyze and identify malware that may be involved in probing activities currently operating on your network and identify other advanced persistent threats. Malware IoCs enable NETSCOUT solutions to detect malware communication with a special focus on known botnet Command and Control infrastructure. NETSCOUT solutions detect infected hosts and threats resident inside the network, including APTs, and disrupts kill chains by blocking their outbound communication to prevent downloading additional malware payloads or communicating with command and control servers that are part of the kill chain.

Cyber Threats: Automated Internal Threat Detection and Blocking

Using the breadth of our Artificial Intelligence-powered global attack intelligence, we will automatically detect, analyze and identify malware that may be involved in probing activities currently operating on your network and identify other advanced persistent threats. Malware IoCs enable NETSCOUT solutions to detect malware communication with a special focus on known botnet Command and Control infrastructure. NETSCOUT solutions detect infected hosts and threats resident inside the network, including APTs, and disrupts kill chains by blocking their outbound communication to prevent downloading additional malware payloads or communicating with command and control servers that are part of the kill chain.

Resources

Solution Brief
Arbor DDoS Attack Protection Solutions
Intelligently Automated, Hybrid DDoS Protection, Backed by Global Visibility and Threat Intelligence
Use Case
Defending Your Local DNS Infrastructure
To defend against DDoS attacks targeting DNS services at the enterprise level, it is key to quickly detect any kind of DNS vector attack before it breaches your on-premise DNS...
Case Study
South Staffordshire College Stops Virtual Classroom Downtime with Real Time DDoS Protection
Due to the on-premises real-time mitigation capabilities of AED, this College saw its virtual class application availability recover 100%.
White Paper
How to Analyze and Reduce the Risk of DDoS Attacks
There are multiple ways to stop a DDoS attack. This paper will compare an “As-Is” scenario using a firewall to multiple “To-Be” scenarios using different NETSCOUT DDoS attack...
Data Sheet
AIF Service for Arbor Threat Mitigation System (TMS)
ATLAS Intelligence Feed (AIF) for NETSCOUT Arbor Threat Mitigation System (TMS) is a subscription-based service designed to optimize the TMS defenses to protect the network...
Data Sheet
ATLAS Intelligence Feed (AIF) for AED
The ATLAS Intelligence Feed (AIF) empowers users with policies and countermeasures to address attacks as part of an advanced threat or DDoS attack.
Data Sheet
ATLAS Intelligence Feed Service for Sightline
Learn how ATLAS Intelligence Feed (AIF) improves visibility and highlights potential threats in today's interconnected world.
View more resources

Related Pages

Arbor Threat Mitigation System
Product

Arbor Threat Mitigation System for DDoS Attacks

Filter out malicious traffic while allowing legitimate traffic to pass through, at any scale, with Arbor Threat Mitigation System (TMS).
Learn more
Arbor Sightline DDoS Attack Detection
Product

Arbor Sightline DDoS Attack Detection Solution

Whether you are a service provider or have a complex enterprise network, Arbor Sightline helps monitor and identify networking and security issues at any network scale with AI and ML-powered insights.
Learn more
NETSCOUT Real-Time Advanced Threat Intelligence
Overview

NETSCOUT Real-Time Advanced Threat Intelligence

Helping customers combat the ever-increasing frequency and complexity of DDoS attacks requires worldwide visibility, advanced threat analytics, continuous real-time cyber threat intelligence research, and recommended best practices for mitigation from industry expe
Learn more