In our previous tech blog, we highlight the dangers of Distributed Denial of Service (DDoS) attacks for the reliability and availability of your critical IT services. Today, it is significantly more important than ever to understand the complexity of multi-vector threats and that even Next-Generation Firewalls (NGFW) do not provide adequate protection. Being aware of the multi-layered attacks helps to identify the right solutions for defending the availability of your critical services, tailored to your specific network infrastructure and business needs.
Arbor’s 13th annual Worldwide Infrastructure Security Report (WISR) shows that DDoS attacks are still a top threat, as 87% of service providers and 41% of enterprise, government and education (EGE) organisations reported for 2017.
In addition to our last blog article “Defending services against DDoS attacks is about understanding the complexity of multi-vector threats” we would like to deepen a combined on-premise and cloud solution provided by NETSCOUT Arbor.
Arbor Availability Protection System (APS)
The Arbor Availability Protection System (APS) is a dedicated, on-premise inline device which provides continuous monitoring of in- and outbound traffic at the WAN edge. The device can detect and mitigate complex, state-exhausting and application-layer DDoS attacks and is feed with the newest threats. The platform is even able to prevent powerful botnet-based DDoS attacks, advanced threats and volumetric attacks up to the line speed of your connection. In combination with the Arbor Cloud, the solution can even automatically protect against the largest volumetric attack sizes in the Terabit range. APS also provides extensive visibility to your network with detailed attack analyses and reports.
Using Arbor’s intelligent Cloud signalling
The APS enhances your overall protection by using Arbor’s intelligent Cloud signalling. That means that volumetric DDoS attack traffic, which would overwhelm your on-premises protection, is automatically detected and rerouted to an upstream DDoS scrubbing facility (e.g. the Arbor Cloud) as you can see in the figure below. Deployed as the first line of defence, it works as holistic protection against DDoS so that the traditional firewall can serve its purpose.
The combination of Arbor APS on-premise, Cloud signalling and Arbor Cloud offers a comprehensive protection from modern-day DDoS attacks.
Arbor ATLAS – Advanced Threat Level Analysis System
In addition to Arbor’s Cloud signalling, Arbor has developed the unique Advanced Threat Level Analysis System (ATLAS) – a global information base of today’s threat landscape by continuously analysing one third of all Internet traffic – which reflects the health of the Internet. More than 330 service providers and enterprises agreed to provide anonymous traffic information, containing insights into what is happening in several networks of the Internet’s backbone.
Combined with their research in botnets and DDoS mitigation solutions, Arbor offers their ATLAS Intelligence Feed (AIF) enabling customers a look at the current big picture of threats and traffic analysis. All Arbor products can consume the AIF – including the Availability Protection System (APS). That way, updated by AIF with policies and countermeasures for the newest global threats, the APS is enabled to identify and to defend your network infrastructure against various attacks.
Arbor’s Security Engineering & Response Team
But what makes this feed useful? The so-called Arbor Security Engineering & Response Team (ASERT), a mix of researchers, developers and IT security specialists, is continuously analysing and updating the ATLAS information base. By using their huge amount of data from ATLAS, Arbor can prepare defence tactics for new and sophisticated threats.
Deploying the APS as an appliance or virtual platform
The APS is deployed between the WAN and your firewalls. For an easy integration it comes with “out-of-the-box” protection, with fine-grained controls. The APS is available as an appliance – with the APS 2600 and APS 2800 – or as a virtual platform – the vAPS. Depending on the license, the APS2600 and APS2800 come with mitigation capacities ranging from 100 Mbps to 40 Gbps. Both versions have the same form-factor with a height of 2 rack units. The APS 2600 can be licensed between 100Mbit and 20Gbit while the APS 2800 can be licensed between 10 and 40 Gbit. Both components can be equipped with additional SSL decryption cards.
In addition to both appliances, there is also a virtual version called vAPS, which can be deployed to KVM and VMWare hypervisors and supports Cloud-Init or OpenStack as a VNF orchestrator. The vAPS provides mitigation capacities from sub 20 Mbps to 1 Gbps.
Ensure that cyber threats do not impact your business
The integration of adequate protection against the massive variety of DDoS attacks requires more than just the use of hardware. Xantaro’s security line is specialised in the protection of business-critical IT infrastructures. As an official Premier Advantage Partner of Arbor, we can provide in-depth knowledge and experience with successfully delivering, implementing and supporting Arbor technologies within our customers’ networks.
Within our XT³Lab infrastructure, Arbor’s product portfolio is available for advanced Proof-of-Concept tests tailored to the needs of our customers, for troubleshooting issues within our customers’ production networks or advanced training.
Share your opinion with us!
Leave a comment using the form below and let us know what you think.