Active Threat Intelligence at a Global Scale

As DDoS attacks continue to increase in frequency and complexity, DDoS attack threat intelligence becomes vital for automated DDoS attack protection. Derived from NETSCOUT’s ATLAS network, an unmatched source of visibility into global DDoS attack activity, artificial intelligence, and human insight from NETSCOUT’s ATLAS Security Engineering and Response Team (ASERT), the ATLAS Intelligence Feed automatically arms all NETSCOUT Arbor DDoS attack protection products with the latest DDoS attack tactics, known sources of DDoS attacks and Indicators of Compromise so organizations can automatically protect themselves from DDoS attacks and other cyber threats.

Benefits

Automated DDoS Attack Protection

Based on Netscout’s unique, Internet-wide visibility into the details of DDoS attacks, we are able to provide real-time threat intelligence to our products about where attack traffic is originating from and what the attacks look like, to enable accurate, surgical, automated blocking of up to 90% of DDoS attack traffic.

Blocking Inbound and Outbound Cyber Threats

Cyber Threats are a primary driver for our smart perimeter defense systems for the enterprise. NETSCOUT solutions not only block threats trying to get into the network but also detect and block communication from malware already resident inside the network trying to get out.

Internet Traffic Intelligence

Generates operationally valuable information to identify Over The Top (OTT) traffic to understand the content of traditionally layer 4 flow data. This information can also identify traffic that may not require blocking during security protection activity like web search crawlers or conferencing applications.

NETSCOUT Threat Intelligence
Click to enlarge image

Automated Threat Intelligence Improves Security Posture

As cyber threats continue to increase in frequency and sophistication, mature security teams will rely upon not only the latest cybersecurity technology, but also highly curated threat intelligence that arms these products enabling them to conduct more agile incident response and remediation – all to ultimately avoid the downtime or data breach that puts their organization in the news.

ATLAS Intelligence Feed (AIF)
Solution Brief

ATLAS Intelligence Feed (AIF)

The ATLAS Intelligence Feed (AIF) continuously arms the NETSCOUT AED product with highly curated, actionable threat intelligence.

Features

  • DDoS: Automated DDoS Reputation Blocking

    By identifying current active attackers from our unique worldwide ATLAS DDoS attack data, and identifying current active hosts that are part of DDoS botnets, AIF enables our products to detect and block inbound DDoS attacks quickly, automatically, and accurately, without the risk of false positives that can come from non-human curated automation operating in software alone.

  • Cyber Threats: Inbound Blocking of Cyber Threats

    AIF identifies known active sources of Internet vulnerability scanning and brute force exploit attempts, as well as other bulk commodity threats. This enables our products to detect and block commodity threats before they enter the network, and help reduce the load on other security devices that may be struggling to keep up during active attacks.

  • Cyber Threats: Internal Threat Detection and Blocking

    Using the breadth of our global attack intelligence, we will detect, analyze and identify malware that may beinvolved in probing activities currently operating on your network and identify other advanced persistent threats.

  • Internet Intelligence: Identify and report on OTT traffic

    Identify and report on Over The Top (OTT) traffic from Content Providers using scalable flow data.

  • DDoS: Prevent blocking of legitimate services

    Prevent blocking of legitimate services during security related blocking activities.

DDoS: Automated DDoS Reputation Blocking
Click to enlarge image

(All Products) - Block known, active sources of DDoS attack traffic (e.g. specific IP addresses, botnet hosts) based on real-time global ATLAS intelligence.

  • Adds IP Filter Lists in TMS Mitigations and Templates
  • Augments inbound DDoS blocking in AED
DDoS: Automated DDoS Reputation Blocking

By identifying current active attackers from our unique worldwide ATLAS DDoS attack data, and identifying current active hosts that are part of DDoS botnets, AIF enables our products to detect and block inbound DDoS attacks quickly, automatically, and accurately, without the risk of false positives that can come from non-human curated automation operating in software alone.

DDoS: Inbound Blocking of Cyber Threats
Click to enlarge image

(All Products) - Blocks inbound scanning, brute force attempts, and other bulk inbound cyber threats at your network perimeter.  Our botnet intelligence feed uses our Honeypot network to understand when known botnet hosts are trying to infect other hosts on the network. This becomes actionable intelligence because we correlate the scan results with actual attack data from our worldwide collection to identify the which botnet hosts are launching attacks in real time.

  • Augments inbound Cyber Threat blocking
Cyber Threats: Inbound Blocking of Cyber Threats

AIF identifies known active sources of Internet vulnerability scanning and brute force exploit attempts, as well as other bulk commodity threats. This enables our products to detect and block commodity threats before they enter the network, and help reduce the load on other security devices that may be struggling to keep up during active attacks.

Cyber Threats: Internal Threat Detection and Blocking
Click to enlarge image

Threat Detection (Sentinel and AED) and Blocking (AED only) -  Malware IoCs enable NETSCOUT solutions to detect malware communication with a special focus on known botnet Command and Control infrastructure. NETSCOUT solutions detect infected hosts and threats resident inside the network, including APTs, and in the case of AED disrupts kill chain blocks and their outbound communication to prevent downloading additional malware payloads or communicating with command and control servers that are part of the kill chain.

  • In Sightline this enables threat Indicators in MO configuration
  • In AED malware coverage is expanded to Nation-State APTs, Malware Downloaders & Expanded Malware Distribution and Exploitation

 

Cyber Threats: Internal Threat Detection and Blocking

Using the breadth of our global attack intelligence, we will detect, analyze and identify malware that may beinvolved in probing activities currently operating on your network and identify other advanced persistent threats.

Internet Intelligence: Identify and report on OTT traffic
Click to enlarge image
  • Provides traffic analysis reports for OTT traffic
Internet Intelligence: Identify and report on OTT traffic

Identify and report on Over The Top (OTT) traffic from Content Providers using scalable flow data.

(All Products) – Helps to avoid blocking search crawlers and other desirable web content that may trip DDoS countermeasures and be blocked during attack.

  • Improves accuracy of attack blocking while avoiding blocking legitimate traffic.
  • Provides significantly more intelligence from expanded analysis pipeline and intelligence sharing partnerships
DDoS: Prevent blocking of legitimate services

Prevent blocking of legitimate services during security related blocking activities.