Firewalls and other stateful devices such as VPN gateways, IDPS and load balancers are susceptible to DDoS attacks. According to Netscout 2H 2020 Threat Intelligence Report, 83% of survey respondents indicated that their firewalls attributed to network and services outages and/or crashed during a DDoS attack. Why? Because they were never designed to stop DDoS attacks – in particular, TCP state exhaustion DDoS attacks. Industry best practices recommend that you deploy stateless DDoS protection in front of the firewall to protect it, other stateful devices, and services behind them from going down.

TCP State Exhaustion Attack Firewall Diagram
Click to enlarge image

Netscout Arbor Edge Defense (AED), a component of Omnis Security solution, is deployed on-premises, inside the internet-facing router, and outside the firewall. There using stateless packet processing technology and armed with Netscout ATLAS or 3rd party threat intelligence (via STIX/TAXXII), AED can:

  • Automatically blocking inbound DDoS attacks – more specifically, TCP state exhaustion attacks that threaten the availability of stateful devices such as firewalls, VPN concentrators, or load balancers.
  • Automatically block inbound probing, reconnaissance, brute force password attacks or known Indicators of Compromise (IoCs) in bulk to reduce the load on the firewall.
  • Automatically block outbound IoCs from compromised internal devices communicating with outside known bad actor command and control infrastructure that have been missed by the firewall or existing cybersecurity stack.

Essentially Netscout Arbor Edge Defense acts as a first and last line of smart network edge defense, that can protect the availability and improve performance of your firewall and other stateful devices.

Watch the demo of AED protecting a firewall.

Arbor Edge Defense: A First and Last Line of Smart Edge Defense