| || |
How Flowmon DDoS Defender Works
As mentioned above, the system can set up adaptive baselines for each segment, which markedly reduces the number of false positives by eliminating cases where legitimate peak traffic is detected as an attack.
Thresholds are calculated automatically, with no need of manual input from the user, and come in two levels of sensitivity - suspect or attack.
Incident reporting and analytics
Attacks are displayed in groups by status.
An expanded detail shows full information about each attack - complete with status, length and timeline.The user has the option to whitelist a segment to exempt a range of assets from DDoS attack detection. Detailed statistics about the total of pre-attack and attack traffic are available, as is a communication chart of flows passing between the attacker and victim to provide an accurate attack analysis.
The DDoS Defender can use a variety of techniques for attack mitigation:
BGP (Border Gateway Protocol) - A standard internet routing protocol. It is used for defining re-routing rules on network routers.
BGP Flowspec - A more granular alternative to BGP. Allows more advanced filtering using additional parameters, such as source address, ports, etc. Flowmon DDoS Defender provides a dynamic signature of the attack to routers with BGP Flowspec capabilities, which either redirect the attack, or mitigate only the traffic that corresponds with the signature defined BGP Flowspec rules.
PBR (Policy-Based Routing) - Rerouting based on a defined set of policies. An alternative to BGP when prefered by service provider.
Additionally, RTBH (Remotely Triggered Black Hole) filtering is available as a simple method of attack mitigation. It is used to drop the undesirable attack traffic at the edge of the network based on destination IP addresses.
The most common scenario is where DDoS Defender is deployed in tandem with an out-of-band mitigation appliance or scrubbing service. Flowmon carries out the detection and analysis, while the 3rd-party solution deals with the attack itself based on data from Flowmon.
The system is multitenant, where each tenant has different detection and mitigation presets and reporting. Individual tenants are defined via segments and allow segment grouping, different access rights for each tenant or group, and each tenant has access to their own data.
SecureOne is a partner centric technology distributor that specialize in secure IT networking solutions, services and support. Principals and resellers partnering with us for proven expertise, enablement resources and overall business execution. We are a preferred distribution partner for many of today's leading and emerging networking and security products including SOPHOS, Cyberoam, Kemp, Paessler, Acunetix, Parallels, IP-guard, Altaro, AISHU, SonicWall, Mushroom Network, Info Express & etc.
Copyright © SecureOne Distribution Sdn Bhd. All Rights Reserved