DNS Protection with NETSCOUT Arbor Edge Defense (AED)
Using a query response analysis, NETSCOUT Arbor Edge Defense (AED) continuously and automatically learns valid hostnames and adds them to a Valid Hostname List.
NETSCOUT Arbor Edge Defense (AED) sits in line at the edge of your network and repeatedly inspects every DNS query and query response. Using a query response analysis, it continuously and automatically learns the valid hostnames and adds them to a Valid Hostname List.
AED detects DNS attacks based on an increase in NXDOMAIN or SERVFAIL entries in DNS query responses. During the attack, AED provides an effective and unique solution in multiple ways. First, it compares the hostname in every query against the list of auto-learned valid hostnames while also identifying which zones are under attack. Second, if there is a match, the validated traffic is passed. If there’s a miss or an alert and if it’s in the zones that are under attack, AED blocks that traffic.