Challenges
When DDoS Attacks Overwhelm Stateful Defenses
Firewalls are versatile, stateful platforms that manage NAT, access control, and threat detection. Firewalls and other stateful devices, such as VPN gateways, IDS/IPS, and load balancers, rely on maintaining state (e.g., connection tables) to make security decisions.
DDoS attacks exploit this state, overwhelming connection tables and processing capacity with illegitimate traffic. When overloaded, firewalls and other stateful devices fail across all functions, leading to business disruptions, security vulnerabilities, and exposure of protected services and data.
To prevent firewall overload and maintain uninterrupted protection, organizations rely on NETSCOUT for purpose-built, stateless defense that stops DDoS attacks before they impact stateful critical security infrastructure.
Outcomes That Matter
Protect Firewall and Critical Applications
Protect the Firewall and Applications Behind It
Stateless DDoS attack mitigation prevents firewall state exhaustion and protects the applications behind it.
Reduce Firewall Load by 80%
Stateless protection reduces the load on stateful firewalls, IDS/IPS and WAFs by up to 80%.
Defer Costs
60 times the blocking capacity of a firewall, eliminating firewall capacity upgrades.
NETSCOUT’s Solution and How It Delivers Value
The First and Last Line of Perimeter Defense
Deployed on-premises, inside the internet-facing router, and outside the firewall, Arbor Edge Defense (AED) uses stateless packet processing to automatically detect and mitigate:
- Inbound DDoS attacks (e.g., TCP state exhaustion) that target stateful devices.
- Inbound scanning and brute force attacks that impact the performance of stateful devices.
- Outbound Indicators of Compromise (IOCs) (e.g., communication from compromised internal devices to known bad IP addresses, domains)
Arbor Edge Defense leverages AI-powered ATLAS Intelligence Feed (AIF), third-party threat intelligence, and Adaptive DDoS Protection to automatically block known attack sources and IoCs.
Acting as both the first and last line of defense, Arbor Edge Defense stops incoming attack traffic before it overwhelms the firewall—and prevents compromised internal systems from communicating outward.
Related Products
Arbor Edge Defense
Stateless, always-on, inline DDoS protection.
ATLAS Intelligence Feed
Continuous global, AI-powered DDoS threat intelligence.
Adaptive DDoS Protection
Automatically adjusts countermeasures as attack vectors change.
What Our Customers Are Saying
"AED delivers always-on, inline AI/ML-driven DDoS protection at the network edge (between router and firewall), stopping both inbound and outbound threats automatically with high accuracy. It reduces load on downstream firewalls, IDS/IPS, and WAFs by up to 80%, thanks to its stateless packet processing and large blocking capacity (≈ 60× firewall) ."
Bruno O., Enterprise User | Read full review
Resources
FAQs
Frequently Asked Questions
Why can’t firewalls stop DDoS attacks on their own?
Firewalls rely on maintaining state. DDoS attacks exploit this by overwhelming connection tables and processing resources, causing the firewall to fail before security policies can be enforced.
What does “stateless” DDoS protection mean?
Stateless protection inspects and blocks malicious packets without creating or tracking connection state, allowing it to scale under attack without exhaustion.
Where is Arbor Edge Defense deployed?
AED is deployed inline, on-premises, inside the internet-facing router and outside the firewall.
What is the mitigation capacity of Arbor Edge Defense?
Arbor Edge Defense can mitigate attacks up to 200 Gbps.
Does Arbor Edge Defense replace my firewall?
No. AED complements firewalls by stopping volumetric and state-exhaustion attacks upstream, allowing the firewall to focus on policy enforcement and threat inspection.
How does protecting my firewall from DDoS attacks reduce costs?
By offloading attack traffic and providing significantly higher blocking capacity, AED reduces the need for frequent firewall upgrades and emergency scaling during attacks.
