Netscout Launches Arbor Edge Defense for Enterprise DDoS Security

Netscout is aiming to help enterprises block both inbound and outbound threats with its Arbor Edge Defense security system.

Netscout Arbor Edge Defense

Netscout Systems announced its Arbor Edge Defense security system on Oct. 23, providing organizations with automated inbound and outbound protection against threats.

The AED technology, which Netscout is positioning as a stateless technology that blocks cyber-threats, is deployed at the perimeter of an enterprise network. AED also provides distributed denial-of-service (DDoS) protection for attacks of up to 40 Gbps in bandwidth volume. Additionally, AED is capable of blocking threats that emanate from inside an enterprise, such as botnet traffic and connections to known bad URLs.

"Arbor Edge Defense provides both the first and last line of defense. The first line is DDoS mitigation, which can sometimes be a smokescreen for other persistent activities," Adam Bixler, director of product management at Arbor Networks, the security division of Netscout, told eWEEK. "The last line is, we're catching things that are calling out of the network and using our point of enforcement to control any potential attack expansion."

Netscout acquired Arbor Networks in July 2015, and with the purchase acquired Arbor's Availability Protection System (APS) for DDoS. Bixler was previously the co-founder and COO of Efflux Systems, which Netscout acquired in July 2017. Efflux was a seed stage cyber-security startup primarily focused on behavioral analysis for internal traffic analysis, Bixler said.

"We're actually building a complementary product on the Netscout side right now," he said. "But what we looked at first was using the existing stateless high-speed packet processing technology that was in APS to roll out Arbor Edge Defense, which will key into our larger behavioral analytics offering that's coming hopefully next year."

Arbor Edge Defense

In Bixler's view, next-generation firewalls act as stateful monitoring devices and often integrate intrusion prevention system (IPS) capabilities. He added that there is an opportunity for more reputation-based blocking to occur outside the firewall and to take that load off the firewall itself, which is where the Arbor Edge Defense technology fits in. AED also can act as a Traffic Intelligence Gateway (TIG), providing a way for organizations to operationalize reputation-based intelligence that comes from different threat intelligence providers.

"Our goal is to enforce at the point perimeter to try to reduce the damage that could be done by any certain type of malware coming in and out of a network," Bixler said. 

AED is deployed in an enterprise network as either a physical or virtual appliance. It also benefits from the larger Netscout Arbor cloud resources for larger-scale DDoS mitigation.

"As part of our Edge Defense, we also include the cloud signaling component back to Arbor cloud so we can do a BGP [Border Gateway Protocol] reboot, do traffic scrubbing and deliver only clean traffic," Bixler explained. "But we need the device on-premises to be able to identify the attack itself."

The AED system does not currently include Web Application Firewall (WAF) capabilities for application layer attacks. Bixler noted that other DDoS mitigation vendors have taken on WAF as a core tenet of functionality, though it's not something that Netscout Arbor has embraced.

"We definitely have considered [WAF] as a complementary capability to what we're doing with Edge Defense," he said.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.