DDoS protection and network performance monitoring in a single solution
Industries:
TelecommunicationProducts:
FlowmonChallenge
- Cost-efficient DDoS protection
- Protection of internal network against advanced cyber threats, botnets, unknown malware, violation of policies
- Fast resolution of operational and security incidents
- Detailed visibility into remote peering points (New York, Copenhagen)
Solution
- Flowmon ADS
- Flowmon Collector (Virtual)
- Flowmon DDoS Defender
- Flowmon Probe
Result
- Near real-time DDoS attacks detection and mitigation
- One comprehensive solution covering
- Network Performance Monitoring,
- Network Security, and DDoS protection
- Ease of use, professional maintenance and support
Full Story
Challenge
Greenland's sole ISP has deployed Flowmon to help protect the extensive infrastructure of the country against DDoS attacks and provide the IT Operations team with a detailed overview of all network traffic.
Geographical background of the island of Greenland implies special demands by their sole ISP, government-owned TELE Greenland. The country with its 2,2 million km2 and 56 000 inhabitants is six times larger than Germany, while the population is 1 500 times smaller. Price-to-value ratio is therefore very important when considering network and security solutions.
Flow collection from the ISP network core
- Export flow from existing Cisco infrastructure
- Compatibility with NetFlow v9 format
Flow collection from remote peering points
- Situate flow probes for generation flows at remote peering points
- Reliable unsampled flow export from 10G fiber links
- Volumetric DDoS attack detection and mitigation
- Analytics engine for network performance monitoring, troubleshooting, capacity planning, bandwidth monitoring, drilldowns, reporting
- Network Behavior Analysis & anomaly detection for proactive security approach
Having scanned the market for DDoS protection, we opted for PoC with Flowmon. We appreciated the vendor’s support during the PoC as well as ease of deployment, use, and maintenance. Flowmon provided us with enhanced DDoS protection and network performance monitoring in a single solution.
Peter Katborg
IT Operations manager
Solution
The network infrastructure of TELE Greenland is built on Cisco components that allow exporting NetFlow data from the core network. Flowmon Collector VA with 48TB capacity has been deployed to store unsampled flow data with months of history without aggregation.
In order to get visibility at remote peering points (New York, Copenhagen), two Flowmon Probes have been deployed in each of those location. Flowmon Probes are high-performance IPFIX/NetFlow generators that provide enhanced visibility with NPM statistics and L7 information.
Flowmon DDoS Defender module was installed on the Collector to perform adaptive traffic baselining for each protected segment. In case of unexpected increase of the volumetric characteristics, it will immediately report an ongoing DDoS attack. The BGP Flowspec feature allows sharing the dynamic signature of the attack with the border routers, along with instructions (for example, to drop traffic that matches the signature) – all in fully automatic or semiautomatic mode. Moreover, the solution architecture allows applying different mitigation strategies to each protected segment.