To better combat the ever-increasing DDoS attacks, a leading cybersecurity solutions provider has enhanced its adaptive DDoS protection solution with additional AI/ML capabilities to better detect and block malicious traffic.
Distributed Denial of Service (DDoS) attacks on critical IT infrastructure and services have increased by 55 percent over the past four years. A combination of AI-driven automation, evolving DDoS-for-hire services, expanded IoT botnets, and geopolitical conflicts has transformed the threat landscape, with more frequent, more sophisticated attacks having the potential to cause more damage, faster. To combat these attacks, organizations, enterprises, and service providers need AI/ML-enabled solutions that can continuously adapt to threats and deploy proactive, intelligence-driven security strategies to protect their networks.
Combination of AI/ML in the cloud and monitoring
"With AI-driven attacks, ransomware, and nation-state threats impacting corporate governance, financial performance, and customer trust, corporate executives expect their IT teams to proactively adapt to emerging threats like DDoS," says Chris Steffen, Vice President of Research – Information Security, Enterprise Management Associates. "Implementing solutions that can adapt to threats helps minimize this risk."
NETSCOUT leverages a hybrid AI/ML strategy that combines cloud-based AI/ML with monitoring to analyze data collected from 550 Tbps of internet traffic (nearly half of all internet traffic), along with AI/ML in its software solutions to enable automated protection against these attacks. The computing power of the cloud enables large-scale threat data analysis with monitoring to ensure accuracy, while AI/ML in its software solutions can leverage this pre-analyzed intelligence to make fast, accurate, and automated decisions about what to detect and block.
The company's cloud-based AI/ML is the foundation for creating the ATLAS Intelligence Feed, which provides unique capabilities for Adaptive DDoS Protection solutions, enriching them with the latest DDoS attack data. Continuous analysis, updated multiple times daily, provides insights into the source IP addresses of devices actively conducting DDoS attacks on the internet, new attack vectors, DDoS attack targets, and other information. This allows Adaptive DDoS Protection to quickly and accurately detect even small direct-path attacks based on sampled data streams and route traffic to TMS for automatic blocking.
Fast detection and blocking of malicious data
The latest AI/ML-based ATLAS Intelligence Feed iteration has been enhanced with improved Geo-IP localization functionality, which maps IP addresses to geographic locations for faster and more accurate identification and blocking of malicious traffic. Additionally, the ATLAS Intelligence Feed now includes NETSCOUT's ATLAS Active DDoS Campaign Tracking, enabling Adaptive DDoS Protection to automatically detect and block attacks from over 65 known DDoS threat actors conducting active attack campaigns against a range of targets, including NoName057 and RipperSec.
AI/ML technology has also been adopted as part of the Adaptive DDoS Protection solution. New to the current version is AI/ML-powered host abuse detection, which enables network operators to track misbehaving subscribers, infected hosts, compromised IoT devices, and other internal attack sources. This new capability makes it easier to detect and block outbound DDoS attacks that can impact the performance and availability of services and infrastructure as edge connectivity speeds increase. With the new TMS Source Mitigations, network operators can redirect and target threats from specific sources that may potentially target the entire network, without requiring a full inline solution for all network traffic.
Benefits for service providers
With updates to NETSCOUT's Adaptive DDoS Protection solution, service providers can better protect their critical infrastructures and the services they offer their customers. Other key benefits include improved availability, reduced downtime costs, reduced hassle, and new revenue opportunities.
More at NETSCOUT.com
About NETSCOUT NETSCOUT SYSTEMS, INC. helps secure digital business services against security, availability and service disruptions. Our market and technology leadership is based on the combination of our patented smart data technology with intelligent analytics. We provide the comprehensive, real-time insight that customers need to accelerate and secure their digital transformation. Our advanced Omnis® cybersecurity platform for threat detection and mitigation offers comprehensive network visibility, threat detection, contextual investigations and automated mitigation at the network edge.