Just like David and Goliath. How DDoS Defender Succeded

01/07/16

I’m having a goose bumps as I’m holding a fresh case study of a Managed Service Provider from the Netherlands. It was not an easy task to fulfill their technical requirements and, what’s more, the competition was already deployed!

As you know, managed service providers are very technical oriented and they know very well technologies available on the market. They have to as their business is based on providing managed IT services. For that reason, they have to protect these services from DDoS attacks. As every MSP, they were always a frequent target of those attacks. And so the technical knowledge and the business model were providing clear requirements since early beginning – protect our customers from DDoS attacks! Obviously we knew there is already a tool in place doing this job. Nevertheless, they agreed for the first introduction meeting at their office.

As soon as we saw each other for a very first time, I knew these guys have already a lot’s of experience with technology. They knew a lot about NetFlow and behavioral analysis, too. What more, they were already using these technologies! I like this kind of discussion as it was deep, open and directly to the point. Since the very beginning they saw added value of Flowmon Anomaly Detection System, with which they would be able to detect multiple network traffic anomalies and suspicious behavior in the communication. Unfortunately, we were late. Just recently they have renewed maintenance for already deployed solution from one big American vendor. Such a pity!

However, they were also interested very much in Flowmon DDoS Defender, even though the module was still in our development lab. I promised to keep them informed about this new release in early 2015.

As had been agreed on the first meeting, we had another discussion about new module, DDoS Defender. Now this was starting to be a great business case for them! The test started with Flowmon ADS as well as Flowmon DDoS Defender. Everything went well, but let’s face the truth: it was still just 1.0 version of recently released DDoS Defender module. But the trigger came with 2.0, where adaptive baselines are helping with automated attacks detection and then BGP injection. (btw, have you noticed how security oriented is this company? Behavioral analysis and DDoS detection at the same time).

Honestly, they were astonished by the results of the test. Flowmon was able to detect almost all of the events as the solution they already had in place! And so we started discussion about how to implement the Flowmon solution into their infrastructure. On top of that, our cooperation with local Scrubbing center NaWas even supported their move, as they were becoming a member of this national service for scrubbing DDoS attacks. So Flowmon is detecting anomalies and DDoS attacks and then redirecting them to NaWas scrubbing center to let the center clean the traffic. Their decision was to go for virtual appliances (several probes and a collector) with both DDoS Defender and Anomaly Detection System. And just a cherry on the top was, that this deployment was still cheaper than one year maintenance fee of the old DDoS and anomaly detection tool they had in place.

Would you do the same for almost the same functionality?

Tags: