Automated DDoS protection for MSP
Industries:
Other IndustriesProducts:
FlowmonChallenge
- Mitigation of DDoS Attacks
- Lack of network Insight
- Customer reporting
Solution
Aspire deployed a Flowmon appliance in order to receive Netflow data from its core routers which, among many other benefits, allowed it to easily and quickly identify the attack target of any volumetric style DDoS attacks, and set up mitigation techniques.
Within weeks of setting up a proof-of-concept solution, a real attack occurred. Aspire were immidiately alerted to the attack, and at the click of a button were able to deploy Flowmon’s mitigation technique based upon BGP advertisements that allowed Aspire to blackhole the attack target’s IP at its borders, and also instruct its upstream Tier 1 ISP peers to do the same instantly. This reduced the time from attack to mitigiation from around one hour to a matter of minutes.
Having been satisfied with the speed and accuracy of the Flowmon device, Aspire then enabled automatic mitigation so that any further attacks could be mitigated even sooner. Multiple further attacks have now all been effectively mitigated in approximately 30 seconds from the attack start!
“Flowmon has completely transformed the way we deal with DDoS attacks – it
has gone from being a very manual and time consuming process to being a
fully automated solution with effective mitigation in under one minute.
After turning on automatic mitigation, it was actually very difficult to see
from our normal monitoring platform that an attack had even occurred! After
several months of deployment, the frequency of attacks has diminished
significantly, perhaps a sign that the attackers are aware that their
efforts are no longer paying off?
During the early phases, we had concerns that false positives may cause us
to start black holing a whole range of IPs and causing us further problems,
but due to Flowmon’s sophisticated learning algorithms and minimal bandwidth
criteria, these fears have been unfounded - we have never had a false
positive yet!
While our primary reason to purchase the appliance was for its DDoS defence
capabilities, it has acutally given us much more insight into the traffic
patterns and nature of our network, with customisable reports providing us
with a wealth of data allowing us to see who the heaviest users are, what’s
consuming the bandwidth and which external networks we transfer the most
data with.
Overall, an excellent product with great support!”
Network Convergence Consultant
Result
- Immediate mitigation of distributed denial- of-service attacks
- Improved network insight to usage patterns
- Customizable reports to meet the requirements of its customers