Time for a New Cybersecurity Stack at the Network Edge
Once confined to your corporate network and branch offices, the network edge has expanded to include private/public clouds, partner networks, or home-based users. Still, the network edge remains a critical point in the network to detect and mitigate cyber threats. The continuous onslaught of DDoS attacks, data breaches and ransomware attacks is a constant reminder that the traditional network edge cybersecurity stack is not working.
What’s required is a next generation network edge cybersecurity stack that’s fronted with stateless threat detection and mitigation technology designed to protect not only the stateful network cybersecurity stack itself but also the network and services behind it. In other words, what’s required is Smart Network Edge Protection.
Next Generation Network Edge
Stateless Smart Network Edge Protection provides a first line of defense as it stops inbound threats such as DDoS attacks, probing/reconnaissance and brute force password attempts that threaten the availability and performance of the stateful cyber security stack. This same edge protection should also detect and stop outbound indicators of compromise that have been missed by the cybersecurity stack, essentially acting as a last line of defense.
NETSCOUT Omnis Smart Edge Protection is a versatile solution that can be used as a first and last line of cyber threat protection for your organization. Select each of the uses cases in the diagram to learn more.
Firewalls are stateful devices that are susceptible to state exhaustion DDoS attacks. Deployed in front of the firewall, Omnis Arbor Edge Defense uses stateless packet processing technology to stop inbound DDoS attacks to protect the availability of the firewall and services behind it.
VPN concentrators are stateful devices that are susceptible to state exhaustion DDoS attacks. Deployed in front of the VPN concentrator, Omnis Arbor Edge Defense use stateless packet processing technology to stop inbound DDoS attacks to protect the availability of the VPN concentrator and enable remote use access.
Stop Volumetric DDoS Attack
When a DDoS attack exceeds the size of your internet circuit, you must rely upon a cloud-based DDoS protection service. In the event of such an attack, via its Cloud Signaling feature, Omnis Arbor Edge Defense, can automatically route attack traffic to a cloud-based mitigation service such as NETSCOUT Arbor Cloud or one from your ISP.
Long before a ransomware attack occurs, the attacker was most likely dwelling inside your network environment for a while. It’s during this time that you want to discover indicators of compromise (IoCs) that precede the download of and execution of ransomware. Armed with threat intelligence from NETSCOUT ATLAS or 3rd parties (via STIX/TAXII) Omnis Smart Edge can detect and block outbound traffic from compromised internal hosts communicating with attacker command and control or malware that is known to precede the download of ransomware.
Block at Edge with Contextual Investigation
Though the network edge has evolved, its still the best place in the network to block both inbound and outbound cyber threats. But blocking at the network edge requires complete confidence that you are not blocking legitimate traffic. Leveraging NETSCOUT ISNG network instrumentation and Smart Data, Omnis Cyber Investigator can conduct rapid, highly contextual cyber threat investigations that enable the confidence to block at the network edge using a firewall or Omnis Arbor Edge Defense.
Security Stack Integration
Omnis Smart Edge Protection components can easily integrate into your security stack and processes. This includes use of open APIs, support for standards such as SYSLOG, STIX/TAXII, and existing integrations with 3rd parties such as Splunk and AWS Security Hub SIEM, Palo Alto Networks firewall and SOAR, and Anomali and Threat Quotient TIPs.
NETSCOUT Omnis Security is an advanced threat analytics and response platform that provides the scale, scope, and consistency required to secure today’s digital infrastructure.
AED simplifies the security stack by consolidating DDoS protection and TIG-like functionality in a single device. AED also protects the availability and performance of not only an...