New Netscout DDoS mitigation platform for terabit attack era

This article is brought to you by Retail Technology Review: New Netscout DDoS mitigation platform for terabit attack era.

Netscout Systems Inc., provider of service assurance, security, and business analytics, has announced a new Arbor TMS HD1000 DDoS mitigation solution that more than doubles mitigation capacity over the previous version, delivering a 40% reduction in the cost per gigabit of protection delivered.

Enabling large-scale DDoS attack protection up to 400Gbps in a single appliance or up to 40Tbps in a single deployment, the new Arbor TMS HD1000 surgically removes layer 3-7 attack traffic from the network without disrupting key network services. The advanced alerting, countermeasures, and end-to-end workflows provide comprehensive, real-time visibility into network traffic and threats, automatically mitigating denial of service attacks so operators maintain their services and network performance without compromise.

"DDoS attacks have evolved, using size, persistence and increasing sophistication – or any combination thereof – to achieve their objective. The volume of the largest ever seen DDoS attack doubled overnight in February, up to 1.72Tbps. For internet service, cloud, and hosting providers, attacks of this magnitude pose a significant risk to their business, and their customers. We're focused on helping providers scale their mitigation capacity, using a combination of intelligence mitigation infrastructure and network capabilities, working with their teams through the application of intelligent automation whenever possible," said Darren Anstee, Netscout Arbor Chief Technology Officer.

Intelligent Automation

Not only are DDoS attacks getting larger, they're also getting more frequent and complex. According to Arbor's 13th Annual Worldwide Infrastructure Security Report, in 2017, Arbor's ATLAS observed 7.5 million DDoS vs. 6.8 million in 2016. The report also showed a 30% increase in the proportion of enterprises experiencing application layer attacks, and a 20% increase in those experiencing multi-vector attacks. As DDoS attacks increase in frequency and complexity, organisations must rely upon intelligently automated DDoS attack detection and mitigation solutions for proper protection.

Intelligent Automation is the automatic application of specific protections against specific threats, customized for the business environment. New features include:

• Automated protection against attacks targeting recursive and authoritative DNS servers; such as those executed by the Mirai IoT.
• The ability to offload mitigations running in the Arbor TMS to the network infrastructure using automated BGP FlowSpec filters. This allows customers to preserve the finite amount of mitigation capacity in their Arbor TMS for more complex DDoS attacks that require more surgical mitigation.
• The automated delivery of Arbor ATLAS Threat Intelligence Feed (AIF) mitigation templates, created from ASERT research. These templates can be used in the Arbor TMS to automatically stop new DDoS attack vectors.
• Automated multi-layer protection via Arbor Cloud Signaling capability. Used in scenarios when a customer's in-house mitigation expertise or Arbor TMS capacity is not enough to stop large or more complex attacks; using the Cloud Signaling feature, customers can automatically divert attack traffic to one of Arbor's worldwide Arbor Cloud scrubbing facilities for protection.

Surgical Attack Mitigation

Arbor TMS supports a mitigation architecture called diversion/reinjection. Arbor TMS removes only the malicious traffic and forwards the legitimate traffic to its intended destination. This is highly advantageous for service providers, large enterprises, and large hosting/cloud providers because it enables a single, centrally located Arbor TMS to protect multiple links and multiple data centers. The result is more efficient use of mitigation capacity and fully non-intrusive security.

A Platform for Managed DDoS Services

The Arbor TMS solution enables internet service, cloud, and hosting providers to deliver managed DDoS protection services to their customers. Customised portal access, APIs and delegated management give Managed Service Providers (MSPs) the flexibility and control to tailor services to fit their customers' needs. NETSCOUT Arbor TMS mitigation technology is the solution of choice for the majority of leading DDoS managed services.

Arbor TMS comes in a variety of mitigation platforms and capacities including: 2U appliances (500 Mbps–400 Gbps of mitigation), Cisco ASR 9000 Router embedded (10–60 Gbps of mitigation) and virtual/bare metal options (1–40 Gbps mitigation).