Netscout takes internet scale Threat Protection to the edge
October 2018 by Marc Jacob
NETSCOUT SYSTEMS, INC. introduced NETSCOUT Arbor Edge Defense (AED), a new security solution that redefines the perimeter cyber security stack and serves as the first and last line of defense against multiple types of inbound and outbound threats.
Bringing Stateless Security to the Edge
NETSCOUT AED is an always-on, in-line solution which can be deployed as a physical appliance or virtual network function. It sits outside the firewall, between the enterprise or data center and the internet. A unique stateless packet processing engine provides efficient blocking of malicious traffic matching Indicators of Compromise (IoCs) without tracking any session state. As a result, NETSCOUT AED can make other perimeter defenses more effective by protecting them from DDoS attacks, and offloading the overhead associated with applying millions of IoCs to traffic streams.
NETSCOUT AED leverages the Company’s proven market-leading DDoS technology that is already trusted by thousands of enterprises worldwide. As a result, it provides advanced packet-based protections against complex application-specific DDoS attacks and state-exhaustion techniques; as well as defenses against internet scale threats, neutralizing the malware families that make up the global botnet threat. Armed with millions of reputation-based IoCs, NETSCOUT’s stateless packet processing engine can also detect and block outbound communication from internal compromised hosts that have been missed by other devices in the security stack; helping to stop further proliferation of malware and other tactics used within crimeware and advanced threat campaigns.
Operationalizing Threat Intelligence
NETSCOUT has the unprecedented ability to enable security and network teams to connect and correlate unique intelligence on emerging internet threats and trends, with visibility into what is happening across their entire internal organization from a threat perspective. NETSCOUT’s Active Threat Level Analysis System (ATLAS®), collects, prioritizes, and disseminates data on emerging threats based on our unique visibility into over one-third of all internet traffic. The ATLAS Security Engineering & Response Team (ASERT) is continuously and automatically delivering high fidelity threat intelligence via the ATLAS Intelligence Feed, enabling customers to not only block threats in real-time but enhance their defenses over time.
NETSCOUT believes that effective threat intelligence not only identifies attacks but also provides context to understand and catalogue attack infrastructure, methods, related indicators to enable faster security decisions can be taken with greater confidence. NETSCOUT AED supports standards such as STIX/TAXII for ingestion of third-party threat intelligence and provides a robust REST API to integrate threat detection and blocking telemetry, and contextual threat intelligence into existing SOC workflows and management tools.