ISP EMEA

DDoS protection and network performance monitoring in a single solution

Greenland's sole ISP has deployed Flowmon to help protect the extensive infrastructure of the country against DDoS attacks and provide the IT Operations team with a detailed overview of all network traffic.

Challenges

  • Cost-efficient DDoS protection
  • Protection of internal network against advanced cyber threats, botnets, unknown malware, violation of policies
  • Fast resolution of operational and security incidents
  • Detailed visibility into remote peering points (New York, Copenhagen)

 

Key Benefits

  • Near real-time DDoS attacks detection and mitigation
  • One comprehensive solution covering
  • Network Performance Monitoring,
  • Network Security, and DDoS protection
  • Ease of use, professional maintenance and support

 

Deployed products

  • Flowmon ADS
  • Flowmon Collector (Virtual)
  • Flowmon DDoS Defender
  • Flowmon Probe

Situation

Geographical background of the island of Greenland implies special demands by their sole ISP, government-owned TELE Greenland. The country with its 2,2 million km2 and 56 000 inhabitants is six times larger than Germany, while the population is 1 500 times smaller. Price-to-value ratio is therefore very important when considering network and security solutions.

  • Flow collection from the ISP network core

    • Export flow from existing Cisco infrastructure
    • Compatibility with NetFlow v9 format
  • Flow collection from remote peering points

    • Situate flow probes for generation flows at remote peering points
    • Reliable unsampled flow export from 10G fiber links
  • Volumetric DDoS attack detection and mitigation
  • Analytics engine for network performance monitoring, troubleshooting, capacity planning, bandwidth monitoring, drilldowns, reporting
  • Network Behavior Analysis & anomaly detection for proactive security approach

Solution

The network infrastructure of TELE Greenland is built on Cisco components that allow exporting NetFlow data from the core network. Flowmon Collector VA with 48TB capacity has been deployed to store unsampled flow data with months of history without aggregation.

In order to get visibility at remote peering points (New York, Copenhagen), two Flowmon Probes have been deployed in each of those location. Flowmon Probes are high-performance IPFIX/NetFlow generators that provide enhanced visibility with NPM statistics and L7 information.

Flowmon DDoS Defender module was installed on the Collector to perform adaptive traffic baselining for each protected segment. In case of unexpected increase of the volumetric characteristics, it will immediately report an ongoing DDoS attack. The BGP Flowspec feature allows sharing the dynamic signature of the attack with the border routers, along with instructions (for example, to drop traffic that matches the signature) – all in fully automatic or semiautomatic mode. Moreover, the solution architecture allows applying different mitigation strategies to each protected segment.

Flowmon Collector was also equipped with Flowmon ADS module that complements the perimeter security with signature-less technology, referred to as Network Behavior Analysis (NBA). It uses machine-learning algorithms to detect advanced threats that can bypass traditional protection, for example targeted attacks, botnet attacks, unknown malware, insider threats such as data leakage, and more. Thanks to Flowmon ADS, TELE Greenland is alerted on malicious behavior in the network in real time, and able to act on it immediately.

"Having scanned the market for DDoS protection, we opted for PoC with Flowmon. We appreciated the vendor’s support during the PoC as well as ease of deployment, use, and maintenance. Flowmon provided us with enhanced DDoS protection and network performance monitoring in a single solution."

Peter Katborg
IT Operations manager
Product

Flowmon ADS

Detect and Stop ransomware!

Launch more
Trial

Request free trial

Get no-obligation 30-day trial of Flowmon in your network.

Get your trial today