l DATA SHEET l

SECURITY

Let’s face it. There is no peace time. Whether it be new forms of DDoS attacks, ransomware,

phishing attempts compromised BYOD and IoT devices, organizations are under constant

threat from all types of advanced cyber threats. To address these evolving threats, overtime, the

modern-day security stack has become larger, more complex but unfortunately still is failing as

evidenced by the daily reports of data breaches and downtime.

Security teams need best of breed cyber security solutions that can detect and stop all

types of cyber threats - both inbound threats and outbound malicious communication from

compromised internal devices. As importantly, these solutions must also be able to integrate

into an organization’s existing security stack and/or consolidate functionality to reduce cost,

complexity and risk.

NETSCOUT AED (Arbor Edge Defense) is such a solution. AED’s unique position on the

network edge (i.e. between the router and the rewall), its stateless packet processing engine

and the continuous reputation based threat intelligence it receives from NETSCOUT’s ATLAS

Threat Intelligence feed enable it to automatically detect and stop both inbound threats and

outbound communication from internal compromised hosts – essentially acting as the rst

and last line of defense for organizations.

Figure 1: AED’s unique location on network edge + stateless packet processing engine + ATLAS

Global Threat Intelligence = First and Last Line of Defense from advanced cyber threats.

Benets of Arbor Edge Defense:

• First Line of Defense: Deployed at the network perimeter, using stateless technology and

armed with millions of IoCs, AED detects and blocks inbound commodity cyber threats thus

taking pressure o of stateful devices such as Next Gen Firewalls.

• Last Line of Defense: Missed by existing security stack, AED can detect and block outbound

communication to known bad IP addresses, domains, URLs, geographies; thus helping stop the

further proliferation of malware within an organization and avoid a data breach.

• Contextual Threat Intelligence: When an IoC is blocked, AED leverages the global threat

intelligence of NETSCOUT ATLAS to provide more context related to the IoC thus helping

security teams determine risk and/or give them more information to proactively hunt using

their other security tools.

• Best of Breed DDoS Protection: AED can automatically detect and stop inbound application

layer, TCP-state exhaustion and DDoS attacks as large as 40 Gbps. In the event of even larger

DDoS attacks, Cloud Signaling automatically reroutes trac to Arbor Cloud or a MSSP’s

cloud-based mitigation center.

• Integration: AED’s robust REST API, support for STIX/TAXII, Syslog, CEF, LEEF enable AED to

integrate into existing security stack and processes.

INTERNAL NETWORK / DATA CENTER

THE INTERNET

DDoS Attack Traﬃc

Other Cyber Threats

Outbound

Threat

Communication

NETSCOUT AED

+ ATLAS

KEY FEATURES & BENEFITS

First & Last Line of Defense

AED’s unique location on the network edge,

its stateless packet processing engine and

ATLAS

global threat intelligence feed allow

it to stop inbound threats and outbound

communication from compromised hosts.

Integration with Security Stack

REST API, support for STIX/TAXII, Syslog, CEF,

LEEF and Contextual Threat Intelligence

fueled by ATLAS enable AED to integrate into

existing security stack and processes.

Intelligently Automated, Hybrid

DDoS Protection

The intelligently automated, fully managed

combination of in-cloud (via Arbor Cloud) and

on-premises (via AED) is continuously armed

with ATLAS global threat intelligence; oers

the most comprehensive form of protection

from the modern-day DDoS attack.

Outbound Threat Communication

Detection and Blocking

AED’s ATLAS derived, reputation based

threat intelligence allow it to detect and block

outbound communication from internal

compromised hosts; helping to stop further

proliferation of malware or data breach.

Support for Virtual & Hybrid-Cloud

Environments

vAED is a virtual version of the AED appliance

that can be run in your private virtual

environment like Amazon Web Services,

providing unied protection for your hybrid-

cloud environments.

NETSCOUT AED (Arbor Edge Defense)

First and Last Line of Smart, Automated

PerimeterDefense

l DATA SHEET l NETSCOUT AED (Arbor Edge Defense)

SECURITY

NETSCOUT AED Appliances

Features 2600 2800

Physical Dimensions

Chassis: 2U rack height; Height: 3.45 inches (8.67 cm); Width: 17.4 inches (43.53 cm); Depth: 20 inches (50.8 cm);

Weight:36.95 lbs. (17.76 kg)

Power Options DC: 2 x DC redundant, hot swap capable power supplies; DC Power Ratings: -40 to -72 Vdc, 28/14 A max (per DC input);

AC: 2 x AC redundant, hot swap capable power supplies; AC Power Ratings: 100 to 240 VAC, 50 to 60 Hz, 12/6 A max;

Watts: 315 typical, 375 max

Hard Drives

2 x 120 GB SSD in RAID 1 Conguration 2 x 240 GB SSD in RAID 1 Conguration

Environmental

Operating: Temperature : 41ºF to 104ºF (5º to 40ºC) Humidity: 5–85%;

Non-Operating: Temperature -40º to 158ºF (-40º to 70ºC); Humidity 95%

Memory 32 GB 64 GB

Processor

2 x Intel Xeon E5-2608L v3 (6 cores) 2 GHz; Watts: 315 typical, 375

max

Dual Intel Xeon (12-core) E5–2648L v3 –1.80GHz

Operating System

Our proprietary, embedded ArbOS

operating system

Management

Interfaces

2 x 10/100/1000 BaseT Copper; RJ-45 serial console port 2 x 10/100/1000 BaseT Copper; RJ-45 serial console port

Protection

Interface

• 4, 8 or 12 1G bypass ports (copper, sx ber, lx ber)

• 4 x 10 G bypass ports plus 0, 4 or 8, 1 G bypass ports

• 4x10 GigE bypass ports (SR or LR mixed ber)

• 8x10 GigE bypass ports (SR or LR mixed ber)

• 8x10 GigE bypass ports (SR or LR mixed ber) plus

4x1 GigE bypass ports (SR or LR ber or copper)

Trac Bypass

Options

Integrated hardware bypass; Internal “software” bypass to pass trac without inspection

Latency

Less than 80 microseconds

Availability

Inline bypass, dual power supplies, solid-state hard drive RAID cluster

MTBF

44,000 hours

Regulatory

Compliance

UL60950-1/CSA 60950-1 (USA/Canada); EN60950-1 (Europe); IEC60950-1 (International), CB Certicate & Report including all

international deviations; GS Certicate (Germany); EAC-R Approval (Russia); CE—Low Voltage Directive 73/23/EEE (Europe);

BSMI CNS 13436 (Taiwan); KCC (South Korea); RoHS Directive 2002/95/EC (Europe)

DDoS & Advanced Cyber Threat Protection

Features 2600 2800

Inspected

Throughput

Licenses for 100 Mbps, 250 Mbps, 500 Mbps, 1 Gbps, 2 Gbps,

5��Gbps, 10 Gbps, 15 Gbps, 20 Gbps

Licenses for 10 Gbps, 20 Gbps, 30 Gbps, 40 Gbps;

software upgradeable

Maximum DDoS

Flood Prevention

Rate

Up to 15 Mpps Up to 28.80 Mpps

Simultaneous

Connections

Not applicable: AED does not track connections

HTTP(s)

Connections/SEC

368K at recommended protection level;

613K lter list only protection

1,351K at recommended protection level;

1,497K lter list only protection

SSL Decryption

Options

Inspected Throughput: Options for 750 Mbps and 5 Gbps

HTTPS Connections: Up to 7,500 (750M HSM) or 45,000 (5G HSM)

Concurrent Sessions: Up to 150,000

Inspected Throughput: Up to 5 Gbps

HTTPS Connections: Up to 45,000

Concurrent Sessions: Up to 150,000

Supported encryption protocols: SSL 3.0, TLS 1.0, 1.1 and 1.2; Supported Cypher Suites: RSA, ECDH, ECDHE; FIPS 140-2 Level 2

and 3 support; Separate “Trusted-Path” Administration for FIPS 140-2 Level 3; Secure tamper-proof enclosure; Keys cleared if

enclosure breached

Maximum Number of

Keys/Certicate Pairs

1998

Protected Endpoints

Unlimited

Authentication

On device, RADIUS; TACACS