Active Threat Intelligence at a Global Scale

As DDoS attacks continue to increase in frequency and complexity, DDoS attack threat intelligence becomes vital for automated, adaptive DDoS attack protection. Derived from NETSCOUT’s ATLAS network’s real-time monitoring of 50% of internet traffic, an unmatched source of visibility into global DDoS attack activity, combined with human insight from NETSCOUT’s ASERT Team, the ATLAS Intelligence Feed automatically arms all NETSCOUT Arbor DDoS attack protection products with the latest DDoS attack tactics, known sources of DDoS attacks and Indicators of Compromise so organizations can automatically protect themselves from DDoS attacks and other cyber threats and adapt protections as those attacks change vectors.

Benefits

Automated DDoS Attack Protection

Based on NETSCOUT's unique, Internet-wide visibility into the details of DDoS attacks, we are able to provide real-time in-line threat intelligence to our products about where attack traffic is originating from and what the attacks look like, to enable accurate, surgical, automated, and adaptable blocking of up to 90% of DDoS attack traffic.

Blocking Inbound and Outbound Cyber Threats

Cyber Threats are a primary driver for our smart perimeter defense systems for the enterprise. NETSCOUT solutions not only block threats trying to get into the network but also detect and block communication from malware already resident inside the network trying to get out.

Internet Traffic Intelligence

Generates operationally valuable information to identify Over The Top (OTT) traffic to understand the content of traditionally layer 4 flow data. This information can also identify traffic that may not require blocking during security protection activity like web search crawlers or conferencing applications.

The Internet, ISP Backbone, and On-Prem Inline
Click to enlarge image

Automated Threat Intelligence Improves Adaptive DDoS Protection

As cyber threats continue to increase in frequency and sophistication, mature security teams will rely upon not only the latest cybersecurity technology, but also highly curated threat intelligence that arms these products enabling them to conduct more agile incident response and remediation – all to ultimately avoid the downtime or data breach that puts their organization in the news.

ATLAS Intelligence Feed (AIF)
Solution Brief

ATLAS Intelligence Feed (AIF)

The ATLAS Intelligence Feed (AIF) continuously arms the NETSCOUT AED product with highly curated, actionable threat intelligence.

Features

  • DDoS: Automated DDoS Reputation Blocking

    By identifying current active attackers from our unique worldwide ATLAS DDoS attack data, and identifying current active hosts that are part of DDoS botnets, AIF enables our products to detect and block inbound DDoS attacks quickly, automatically, and accurately, without the risk of false positives that can come from non-human curated automation operating in software alone.

  • Cyber Threats: Inbound Blocking of Cyber Threats

    AIF identifies known active sources of Internet vulnerability scanning and brute force exploit attempts, as well as other bulk commodity threats. This enables our products to detect and block commodity threats before they enter the network, and help reduce the load on other security devices that may be struggling to keep up during active attacks.

  • Cyber Threats: Internal Threat Detection and Blocking

    Using the breadth of our global attack intelligence, we will detect, analyze and identify malware that may beinvolved in probing activities currently operating on your network and identify other advanced persistent threats.

  • Internet Intelligence: Identify and report on OTT traffic

    Identify and report on Over The Top (OTT) traffic from Content Providers using scalable flow data.

  • DDoS: Prevent blocking of legitimate services

    Prevent blocking of legitimate services during security related blocking activities.

DDoS: Automated DDoS Reputation Blocking
Click to enlarge image

(All Products) - Block known, active sources of DDoS attack traffic (e.g. specific IP addresses, botnet hosts) based on real-time global ATLAS intelligence.

  • Adds IP Filter Lists in TMS Mitigations and Templates
  • Augments inbound DDoS blocking in AED
DDoS: Automated DDoS Reputation Blocking

By identifying current active attackers from our unique worldwide ATLAS DDoS attack data, and identifying current active hosts that are part of DDoS botnets, AIF enables our products to detect and block inbound DDoS attacks quickly, automatically, and accurately, without the risk of false positives that can come from non-human curated automation operating in software alone.

DDoS: Inbound Blocking of Cyber Threats
Click to enlarge image

(All Products) - Blocks inbound scanning, brute force attempts, and other bulk inbound cyber threats at your network perimeter.  Our botnet intelligence feed uses our Honeypot network to understand when known botnet hosts are trying to infect other hosts on the network. This becomes actionable intelligence because we correlate the scan results with actual attack data from our worldwide collection to identify the which botnet hosts are launching attacks in real time.

  • Augments inbound Cyber Threat blocking
Cyber Threats: Inbound Blocking of Cyber Threats

AIF identifies known active sources of Internet vulnerability scanning and brute force exploit attempts, as well as other bulk commodity threats. This enables our products to detect and block commodity threats before they enter the network, and help reduce the load on other security devices that may be struggling to keep up during active attacks.

Cyber Threats: Internal Threat Detection and Blocking
Click to enlarge image

Threat Detection (Sentinel and AED) and Blocking (AED only) -  Malware IoCs enable NETSCOUT solutions to detect malware communication with a special focus on known botnet Command and Control infrastructure. NETSCOUT solutions detect infected hosts and threats resident inside the network, including APTs, and in the case of AED disrupts kill chain blocks and their outbound communication to prevent downloading additional malware payloads or communicating with command and control servers that are part of the kill chain.

  • In Sightline this enables threat Indicators in MO configuration
  • In AED malware coverage is expanded to Nation-State APTs, Malware Downloaders & Expanded Malware Distribution and Exploitation

 

Cyber Threats: Internal Threat Detection and Blocking

Using the breadth of our global attack intelligence, we will detect, analyze and identify malware that may beinvolved in probing activities currently operating on your network and identify other advanced persistent threats.

Internet Intelligence: Identify and report on OTT traffic
Click to enlarge image
  • Provides traffic analysis reports for OTT traffic
Internet Intelligence: Identify and report on OTT traffic

Identify and report on Over The Top (OTT) traffic from Content Providers using scalable flow data.

(All Products) – Helps to avoid blocking search crawlers and other desirable web content that may trip DDoS countermeasures and be blocked during attack.

  • Improves accuracy of attack blocking while avoiding blocking legitimate traffic.
  • Provides significantly more intelligence from expanded analysis pipeline and intelligence sharing partnerships
DDoS: Prevent blocking of legitimate services

Prevent blocking of legitimate services during security related blocking activities.

Resources

Use Case
Defending Your Local DNS Infrastructure
To defend against DDoS attacks targeting DNS services at the enterprise level, it is key to quickly detect any kind of DNS vector attack before it breaches your on-premise DNS...
Case Study
South Staffordshire College Stops Virtual Classroom Downtime with Real Time DDoS Protection
Due to the on-premises real-time mitigation capabilities of AED, this College saw its virtual class application availability recover 100%.
White Paper
How to Analyze and Reduce the Risk of DDoS Attacks
There are multiple ways to stop a DDoS attack. This paper will compare an “As-Is” scenario using a firewall to multiple “To-Be” scenarios using different NETSCOUT DDoS attack...
Data Sheet
AIF Service for Arbor Threat Mitigation System (TMS)
ATLAS Intelligence Feed (AIF) for NETSCOUT Arbor Threat Mitigation System (TMS) is a subscription-based service designed to optimize the TMS defenses to protect the network...
Data Sheet
ATLAS Intelligence Feed (AIF) for AED
The ATLAS Intelligence Feed (AIF) empowers users with policies and countermeasures to address attacks as part of an advanced threat or DDoS attack.
Data Sheet
ATLAS Intelligence Feed Service for Sightline
Learn how ATLAS Intelligence Feed (AIF) improves visibility and highlights potential threats in today's interconnected world.
View more resources

Related Pages

Arbor Threat Mitigation System
Product

Arbor Threat Mitigation System for DDoS Attacks

Arbor TMS is a powerful DDoS mitigator that filters out malicious traffic while allowing good traffic to pass through. Step up your DDoS threat mitigation with Arbor.
Learn more
Arbor Sightline Network Visibility Software
Product

Arbor Sightline DDoS Attack Detection Solution

Arbor Sightline is the premier DDoS attack detection solution for the world's most complex networks, whether you are a service provider or a large enterprise.
Learn more
NETSCOUT Real-Time Advanced Threat Intelligence
Overview

NETSCOUT Real-Time Advanced Threat Intelligence

Helping customers combat the ever-increasing frequency and complexity of DDoS attacks requires worldwide visibility, advanced threat analytics, continuous real-time cyber threat intelligence research, and recommended best practices for mitigation from industry expe
Learn more