Flowmon provides following components for advanced DDoS protection:
- Flowmon Collector – aggregation and storage of flow data in all major industrial formats from an unlimited number of sources. The traffic is profiled in 30s batches to reduce attack detection time (MTTR). In addition, collector provides full featured tools to report and analyse network and application traffic.
- Flowmon DDoS Defender – scalable multi-tenant DDoS detection module for Flowmon Collector using dynamic baselines and adaptive thresholds to detect various types of volumetric attacks and bandwidth consumption.
- Flowmon Probe – optional export of NetFlow/IPFIX data for infrastructures without flow-enabled network equipment.
Flowmon Collector equipped with DDoS Defender module observes and profiles volumetric characteristics of network traffic to create and maintain dynamic baselines. In case of unexpected increase of network traffic it triggers configurable actions that include alerting (e-mail, syslog, SNMP trap), traffic diversion (policy based routing, border gateway protocol, remotely triggered black hole), execution of script or mitigation through specific out-of-band DDoS mitigation system. Flowmon DDoS Defender enables to define protected segments – individual detection profiles corresponding to IP ranges, subnets or network services. In case that DDoS attack is detected all the attack characteristics including top source 10 IP addresses, subnets, autonomy systems and countries, L4 protocols and interfaces are part of the attack details.
F5 helps organizations seamlessly scale cloud, data center, and software-defined networking deployments to successfully deliver applications to anyone, anywhere, at any time.
BIG-IP Advanced Firewall Manager protects the network against incoming threats, even the most massive and complex DDoS attacks. With deep threat intelligence services and flexible mitigation options, BIG-IP Advanced Firewall Manager defends against threats to network layers 3–4, stopping them before they reach your data center.
Specifically, BIG-IP AFM scales to shut down high-capacity DDoS attacks that can overwhelm load balancers, firewalls, and even networks. It automatically invokes mitigation, alerts security admins, and configures or adjusts DDoS thresholds as traffic patterns change and without affecting legitimate traffic.
Network visibility, traffic analysis and attack detection together with attack mitigation capability is essential when fighting DDoS attacks in backbones as close to attack source as possible. Leveraging network traffic statistics from routers or dedicated network probes enables to detect attacks and understand their characteristics to start successful mitigation.
Once the attack is detected using flow data, network traffic needs to be diverted to specific out-of-band DDoS mitigation appliance that is able to create a dynamic attack signature and scrub the attack while enable the legitimate traffic to continue unaffected. And here comes to play F5 with BIG-IP appliance, which performs DDoS mitigation for diverted traffic. The described procedure is complex attack detection and mitigation ecosystem focused on volumetric attacks that includes seamless cooperation of multivendor solution.
Flowmon DDoS Defender takes advantage of stream processing of flow data which enables to profile traffic with 30s granularity. It allows to detect DDoS attack in sub 60s timeframe which is on the edge of flow-based detection.
Compared to in-line deployment of attack mitigation appliances this approach provides higher scalability and significant cost efficiency especially for large networks with multiple peering partners and bandwidth of tens of gigabits per second. In-line deployment of DDoS mitigation appliances is irreplaceable for the protection of so called last mile to detect sophisticated attacks focused on application layer that do not expose themselves in high volume of network traffic.
Joint multi-layered DDoS protection by F5 and Flowmon Networks benefits from combined approach. Out-of-band mitigation for volumetric attacks with in-line deployments is the most efficient method how to protect network infrastructure from DDoS attacks and ensure high quality and availability of network services.
For more information
For more information, please contact your F5 or Flowmon Networks partner.