Block first, ask questions later: One way to minimize the impact of encrypted attack traffic is to simply drop it before decrypting. There are several methods we employ to filter out the garbage quickly and efficiently:
Known source blocking: Many attackers are now using open internet proxies to hide the source of their HTTPS attacks. We constantly track these sources, and our ATLAS Intelligence Feed (AIF)-powered countermeasure can block them automatically.TLS attack prevention: This countermeasure looks at the TLS handshake (pre-encryption) and can block TLS sessions that don’t follow standard user behaviors”‹.TCP connection limiting: This countermeasure looks at TCP connection behavior from each source. Sources opening too many connections or engaging in abusive behaviors over TCP can be blocked.Rate-based protections: Usually, attackers will be sending more traffic than legitimate users, and these protections can distinguish and block those sources automatically”‹.Selective decryption: This is used to decrypt and deal with more-advanced attacks, when encrypted traffic behavior mimics legitimate users. Why full decryption isn’t always the answer: Decrypting all traffic isn’t practical. It’s computationally expensive and can quickly exhaust system resources. What’s needed is a smarter approach”, one that focuses decryption efforts only where it’s truly necessary. NETSCOUT’s solution: Selective decryption: NETSCOUT’s Arbor Edge Defense (AED) offers a powerful solution via selective decryption. Positioned at the network edge, AED intelligently decides which traffic to decrypt based on threat indicators and client validation.Here’s how it works:
Intelligent decryption: As the traffic enters, AED identifies valid client traffic and passes it on without requiring decryption.Suspicious traffic decryption: Only non-validated encrypted traffic is decrypted and analyzed for DDoS threats.Customizable decryption: Users can enable decryption for specific protection groups or levels, allowing targeted inspection without wasting resources.
NETSCOUT Benefits of selection decryption: Efficient resource use: Focuses decryption on suspicious traffic, preserving system performanceScalable protection: Enables high-scale defense against encrypted threats without compromising throughputFlexible configuration: Tailors decryption policies to match the needs of different services and threat levels Conclusion: As encrypted traffic continues to grow, so does the need for smarter security solutions. NETSCOUT AED’s selective decryption approach empowers organizations to defend against encrypted DDoS attacks efficiently and effectively”, without sacrificing performance. Learn more about Arbor Edge Defense.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4117454/smarter-ddos-security-at-scale.html
