The Need for On Premise & In-Cloud Collaboration
Due to the increased tenacity of cybercriminals and the growth in complexity of DDoS attacks, the foundation for a comprehensive DDoS protection posture begins with an on-premises, always-on, purpose-built DDoS attack mitigation solution. Any selected solution should automatically identify and stop all types of DDoS attacks and other cyber threats before impacting the availability of business-critical services.
Although traditional cloud-based DDoS protection solutions, including those provided by ISPs or CDNs, are designed to stop large volumetric DDoS attacks, they struggle to eliminate other types of DDoS attacks designed to evade their efforts.
Cloud-based mitigation is an augmentation of on-premises protection. On-premises DDoS attack protection has capabilities intended to identify and mitigate those attacks designed to circumvent cloud-based solutions.
What’s more, due to the dynamic, multi-vector nature of the modern-day DDoS attack, the Best Practice is to employ both on-premises and a cloud solution with an intelligent and automated integration that offers the most comprehensive protection.
An On-Premises DDoS Defense Should be a Priority
Industry analysts are coming to grips with the fact that due to today’s growing frequency and complexity of DDoS attacks, the need for a multilayer hybrid defense strategy is now a requirement. Furthermore, due to the creation of new attack vectors like Adaptive DDoS Attack which changes vectors based on the defense that is presented, the need for On-Premises protection with its inherent attack management agility and efficiency is a priority. It should be considered the foundation of a comprehensive DDoS protection strategy.
Excellent tool. Before installing NETSCOUT Arbor we were unaware of the amount of unwanted traffic hitting our network. Being able to block these has definitely given our firewall some breathing space.
Why On-Premise Protection Should Be The Foundation of a Comprehensive DDoS Attack Mitigation Strategy
On-Premises DDoS Attack Protection
NETSCOUT Arbor DDoS Attack protection solution is an intelligently automated, combination of in-cloud and on-premises DDoS attack protection that is continuously backed by global threat intelligence and expertise.
Stopping Application Layer Attacks
Because application layer attacks are typically made up of lower volume traffic, they do not automatically trigger volumetric monitors employed by cloud scrubbing solutions and require on premise devices like Arbor Edge Defense (AED) to automatically detect and mitigate.
Protecting Stateful Devices
Stateful devices within your network like NGFWs, VPN Concentrators and Load Balancers are common targets for state exhaustion attacks. Protecting them in an always on manner can only be accomplished with an On Premise stateless device like AED.
Blocking Internal & External C2 Communications
Once an attacker breaches your network, compromised internal devices will communicate with their command-and-control infrastructure for further instructions. Deployed outside your firewall, Arbor Edge Defense (AED) blocks Indicators of Compromise (IoC) acting as a last line of defense for your organization.
Stopping Attacks in Encrypted Traffic
When cyber criminals embed attacks within encrypted traffic the only way to detect them is through decryption. Unlike decryption in the cloud, a safer method is to utilize the on-premises, embedded decryption capabilities in Arbor Edge Defense (AED).
Additional Resources
Related Product
Arbor Edge Defense Perimeter Security & Defense
Arbor Cloud DDoS Protection Services
