Flowmon and F5 together against DDoS attacks

08/11/16

Flowmon DDoS Defender can be now integrated with the datacentre firewall (AFM) from F5. The solution is aimed specifically at internet service providers who want to protect their infrastructure against DDoS.

Denial of service attacks (DoS and DDoS) are still the top cyber security threats that commercial and state organisations face. F5 has over ten years’ experience in the fight against DDoS attacks. Its Advanced Firewall Manager (AFM) is one of the leading solutions in the field of protection against DDoS. Customers from a number of internet service providers (ISP), who use high bandwidth connection, can now use the advantages which the integration of AFM with Flowmon DDoS defender brings.

“The out-of-path solution (IPFIX/NetFlow), which brings the quick detection of volumetric DDoS attacks on the basis of network traffic analysis, is suitable for the ISP segment. Flowmon DDoS Defender ensures this and also takes care of the consequent selective redirecting of unwanted traffic outside the main path to the anti-DDoS traffic cleaner AFM from F5,” describes Pavel Minarik, CTO of Flowmon Networks.

To detect volumetric attacks Flowmon DDoS Defender uses advanced analysis of network traffic statistics. It is able to profile flow data with 30 seconds granularity which allows a near real-time detection and mitigation of DDoS.

The joint solution can be also combined with the outsourcing service F5 Silverline which ensures that the uplink from ISP's edge router to the Internet will not be overwhelmed with the data deluge. Silverline provides an external anti-DDoS scrubbing centre which contains a team of security experts SOC (Security Operations Center) proactively monitoring attacks against Silverline customers.

Today’s attacks are not only more intensive but also more complex. On one hand extremely powerful attacks appear, such as the one against the company Dyn, but more often than not are attacks around 10 Gbps which serve as decoys to distract attention from the concurrent megabit attacks on the application itself with the goal to steal or modify private data. For launching, the attackers most often use the network of infected user stations, so-called botnets, and also recently IoT devices such as IP cameras.

The combined solution of Flowmon and F5 was presented at F5 Forum 2016 on November 2nd  in Prague.

Tags: