DDoS protection and network performance monitoring in a single solution

Industries:
Telecommunication
Products:
Flowmon

Challenge

  • Cost-efficient DDoS protection
  • Protection of internal network against advanced cyber threats, botnets, unknown malware, violation of policies
  • Fast resolution of operational and security incidents
  • Detailed visibility into remote peering points (New York, Copenhagen)

 

Solution

  • Flowmon ADS
  • Flowmon Collector (Virtual)
  • Flowmon DDoS Defender
  • Flowmon Probe

Result

  • Near real-time DDoS attacks detection and mitigation
  • One comprehensive solution covering
  • Network Performance Monitoring,
  • Network Security, and DDoS protection
  • Ease of use, professional maintenance and support

 

Full Story

Challenge

Greenland's sole ISP has deployed Flowmon to help protect the extensive infrastructure of the country against DDoS attacks and provide the IT Operations team with a detailed overview of all network traffic.

Geographical background of the island of Greenland implies special demands by their sole ISP, government-owned TELE Greenland. The country with its 2,2 million km2 and 56 000 inhabitants is six times larger than Germany, while the population is 1 500 times smaller. Price-to-value ratio is therefore very important when considering network and security solutions.

  • Flow collection from the ISP network core

    • Export flow from existing Cisco infrastructure
    • Compatibility with NetFlow v9 format
  • Flow collection from remote peering points

    • Situate flow probes for generation flows at remote peering points
    • Reliable unsampled flow export from 10G fiber links
  • Volumetric DDoS attack detection and mitigation
  • Analytics engine for network performance monitoring, troubleshooting, capacity planning, bandwidth monitoring, drilldowns, reporting
  • Network Behavior Analysis & anomaly detection for proactive security approach

Having scanned the market for DDoS protection, we opted for PoC with Flowmon. We appreciated the vendor’s support during the PoC as well as ease of deployment, use, and maintenance. Flowmon provided us with enhanced DDoS protection and network performance monitoring in a single solution.

Peter Katborg

IT Operations manager

Solution

The network infrastructure of TELE Greenland is built on Cisco components that allow exporting NetFlow data from the core network. Flowmon Collector VA with 48TB capacity has been deployed to store unsampled flow data with months of history without aggregation.

In order to get visibility at remote peering points (New York, Copenhagen), two Flowmon Probes have been deployed in each of those location. Flowmon Probes are high-performance IPFIX/NetFlow generators that provide enhanced visibility with NPM statistics and L7 information.

Flowmon DDoS Defender module was installed on the Collector to perform adaptive traffic baselining for each protected segment. In case of unexpected increase of the volumetric characteristics, it will immediately report an ongoing DDoS attack. The BGP Flowspec feature allows sharing the dynamic signature of the attack with the border routers, along with instructions (for example, to drop traffic that matches the signature) – all in fully automatic or semiautomatic mode. Moreover, the solution architecture allows applying different mitigation strategies to each protected segment.

Learn more
about the products

Flowmon

Keep exploring
stories like this one

Read Next Story