Geographical background of the island of Greenland implies special demands by their sole ISP, government-owned TELE Greenland. The country with its 2,2 million km2 and 56 000 inhabitants is six times larger than Germany, while the population is 1 500 times smaller. Price-to-value ratio is therefore very important when considering network and security solutions.
Flow collection from the ISP network core
Flow collection from remote peering points
The network infrastructure of TELE Greenland is built on Cisco components that allow exporting NetFlow data from the core network. Flowmon Collector VA with 48TB capacity has been deployed to store unsampled flow data with months of history without aggregation.
In order to get visibility at remote peering points (New York, Copenhagen), two Flowmon Probes have been deployed in each of those location. Flowmon Probes are high-performance IPFIX/NetFlow generators that provide enhanced visibility with NPM statistics and L7 information.
Flowmon DDoS Defender module was installed on the Collector to perform adaptive traffic baselining for each protected segment. In case of unexpected increase of the volumetric characteristics, it will immediately report an ongoing DDoS attack. The BGP Flowspec feature allows sharing the dynamic signature of the attack with the border routers, along with instructions (for example, to drop traffic that matches the signature) – all in fully automatic or semiautomatic mode. Moreover, the solution architecture allows applying different mitigation strategies to each protected segment.
Flowmon Collector was also equipped with Flowmon ADS module that complements the perimeter security with signature-less technology, referred to as Network Behavior Analysis (NBA). It uses machine-learning algorithms to detect advanced threats that can bypass traditional protection, for example targeted attacks, botnet attacks, unknown malware, insider threats such as data leakage, and more. Thanks to Flowmon ADS, TELE Greenland is alerted on malicious behavior in the network in real time, and able to act on it immediately.
"Having scanned the market for DDoS protection, we opted for PoC with Flowmon. We appreciated the vendor’s support during the PoC as well as ease of deployment, use, and maintenance. Flowmon provided us with enhanced DDoS protection and network performance monitoring in a single solution."