1
Setting the Objectives and Data Gathering Scheme
This step helps us to choose the right source of data by understanding your network infrastructure. Finally, the optimal project cost is estimated.
Use 3rd Party Data Sources

Leverage your own routers as a sensor of the attack. This scenario protects your past investments; however, it requires more configuration changes and represents an additional performance load for your infrastructure.

Check Compatibility Sheet

Use Flowmon as a Data Source

This data gathering scheme requires Flowmon Probe in place. However, it requires no changes to your infrastructure configuration, offloads performance load from the infrastructure and provides top market performance.

Probe comes as a hardware, virtual appliance or cloud service. It connects to Tap and seamlessly generates NetFlow/IPFIX data. Learn more about the ultimate performance of Flowmon Probes.

2
Understanding the Monitoring Scope
This step ensures the selection of the most price efficient data storage and processing part of the solution, Flowmon Collector.

Flowmon Collector receives data from the sources chosen in the previous step. The data is stored for the machine learning and adaptive baselining process.

Data transfers between Flowmon Probes and Collectors are minimal, hence keeping the bandwidth requirements low and all data can be encrypted for extra security.

Flowmon Collectors come in a variety of storage sizes and with different performance. Depending on your data retention requirements, you can scale from 0.5TB to 96TB per appliance.

Choose the hardware appliance, virtual appliance (compatible with VMware, Hyper-V and KVM hypervisors) or Amazon AWS and MS Azure for cloud deployments.

Performances scales from 75.000 fps to 400.000 fps per appliance. What is more Collectors can be stacked to Distributed Architecture to support your global operations with no size limits.
3
Setting the Mitigation Scenario
Flowmon DDoS Defender is an extension module of Flowmon Collector that uses NetFlow/IPFIX data to detect volumetric DDoS attacks.

You can either create manual thresholds or use machine learning with the adaptive baselining engine for near real-time and automatic detection.

  • As a detection and reporting engine, in which case all you need is the DDoS Defender itself.
  • As a detection and reporting engine and orchestrator of mitigation using BGP Flowspec. Here DDoS Defender serves as an orchestrator communicating with your infrastructure and instructing routers to filter an attack.
  • As a detection and reporting engine and orchestrator of mitigation using 3rd party scrubbing appliances. Here DDoS Defender server as an orchestrator communicating with your infrastructure to reroute traffic to the scrubbing appliance and provide attack characteristics so it can carry out mitigation.
  • As a detection and reporting engine with detection using 3rd party cloud scrubbing services. Here DDoS Defender serves as an orchestrator communicating with your infrastructure to reroute traffic into the scrubbing centre of your choice.
Languages
Flowmon is localised in English, Spanish, German, French, Japanese and Czech, including the GUI, user guides, training and most technical content.
Industry-leading Support
Delivering a top level service and support is our commitment. We require the same from our partners, who are highly skilled, experienced and ready to help.

Interested in Deployment and Implementation?

 

Discover Implementation Step by Step

"Flowmon was our first and only DDoS solution to test since we’ve had a very convincing feedback on their technology. The combination of great value for money, our experience with the vendors’ support and their feature set sealed our decision."

Check the Equinix Case Study