Flowmon DDoS Defender

Due to their destructive nature and ability to affect networks with ease DDoS attacks have become especially worrisome to any business running web applications. Flowmon DDoS Defender puts advanced artificial intelligence between your critical systems and criminals. Without any changes in infrastructure, in a matter of minutes, network and security engineers will have up-and-running active DDoS protection.

Product Brief    Get Specification

DDoS Defender Features

Comprehensive Network Visibility

The DDoS Defender comes as a package with full network performance monitoring and diagnostic functionality. This enables tracking latency degradation, traffic structure analysis for capacity planning, traffic engineering and QoS monitoring.


Divide the traffic into logical portions per tenant, location or network path. All the consecutive detection methods, reporting and triggered actions are set in line with the specific needs for that traffic (blackholing, redirection for scrubbing etc.).

Learn More
Machine Learning

The system learns traffic patterns for different protocols and creates adaptive baselines. Two baselines are modelled: suspicion of an attack and an actual attack. This off-the-shelf functionality ensures real-time detection with a low number of false positives.

Learn More
Advanced Action Triggering

Respond to attacks automatically through script-based integration with network or authentication tools. When detecting an event, Flowmon can connect to, e.g. Cisco ISE through pxGrid, and quarantine the malicious IP address.

Learn More
Mitigation Tiering
Apply different mitigation strategies based on the attack characteristics. Mitigate all attacks up to capacity of your on-prem mitigation appliance and let the rest of the traffic be redirected to a cloud scrubbing service. No manual input needed, everything is fully automated.
BGP Flowspec

When an event has been detected, Flowmon creates attack partners and injects them as rules to routers, which can then redirect, forward, drop or rate-limit traffic and more. Rules can be manually adjusted at any given point and all the changes are automatically reverted back after the attack ends.

Learn More
Native Scrubbing Center Support

Flowmon DDoS Defender natively supports all the major vendors in the scrubbing centre market. The configuration itself is a matter of picking the vendor's name from a drop-down menu. Integration with the vendor is always kept up to date.

Learn More
Manual Thresholds
Manual thresholds are simple rules that alert when traffic with specific characterestics reaches undesirable point. Administrators are notified in advance so they can take appropriate actions and stay ahead of problems.

Flowmon DDoS Defender. Are you ready to go offline?

Flowmon DDoS Defender Screenshot

Unavailability of a critical customer application or a crash of the internal system as consequence of a DDoS attack can cause financial loss, reputation damage or security risks. Are you ready for DDoS?

Flowmon DDoS Defender is a scalable anti-DDoS solution. It leverages statistics from routers or dedicated network probes with an advanced network traffic analysis for real-time detection of volumetric attacks led against HTTP/HTTPS applications and systems. It provides the state of the art detection of DDoS, deep understanding of attack characteristics and a full-range of methods for successful attack mitigation.

With Flowmon DDoS Defender businesses benefit from:

  • Advanced mitigation capabilities. Utilize different methods of traffic diversion (PBR, BGP, RTBH, Flowspec) and advanced script triggering. Mitigate DDoS by using BGP Flowspec which quickly distributes filtering or traffic redirection policies.

  • Artificial intelligence. The Defender observes and learns the traffic characteristics while requiring minimum intervention from the user. Define segments, rules, utilize dynamic baselining and intelligent adaptive thresholds to protect your services.

  • Automatic detection. Fast detection of DDoS is the key for mitigation. DDoS defender identifies the attack within a single minute, immediately alarms the respective administrator (e-mail, syslog, SNMP, SMS) and dramatically reduces time to carry out remedial action.

  • Quick time-to-value. In a matter of minutes you will have up and running an active anti-DDos protection. Without any infrastructure or topology changes or any additional investments in the network

  • Comprehensive reporting and immediate alerting. Utilize dynamic baselining of traffic volumes and characteristics, independent configurations for different customers, services, network segments ond other features.

  • Universal deployment. Robust and versatile architecture allows the protection of any environment with the collection of flow statistics. It is capable of protecting even 100G networks. The Defender can be also easily deployed with Scrubbing centres or with a specialized out-of-band mitigation solution to eliminate an attack

DDoS Protection for Internet Service Providers

DDoS Protection for Internet Service Providers


Watch the introduction video

Watch this webinar to explore how Flowmon DDoS Defender helps to protect businesses from DDoS attacks. During the webinar you will learn about:

  • History and background of Flowmon Networks
  • Out of path DDoS detection and flow data technology
  • DDoS mitigation opportunities and 3rd party integrations
  • Use cases and features of Flowmon DDoS Defender

Protection of high-speed networks and an effective mitigation of DDoS attacks is one of the key challenges for internet service providers and backbone operators today. Flowmon DDoS Defender is capable of protecting even 100G networks and it is fully prepared for multi-tenant environments. Therefore it is an ideal solution for ISPs to provide their customers with DDoS protection as a service (MSSP).

Flowmon for ISPs  DDoS Protection of high-speed networks


"We want to deliver the best quality services to our customers. DDoS Defender is a reliable solution which helps us a lot in reaching this goal. Thanks to the Defender, DDoS attacks are not a threat to our customers anymore.“

Jiri Stembera, Head of Data & IP Network Department at CD-Telematika

Our customers

Explore more

Network Behavior Analysis & Anomaly Detection

Automate detection of operational and security anomalies in your network. Stop cyber risks that o...

Automated DDoS Protection

Learn more about flow-based DDoS protection for high-speed networks.

Flowmon ADS

An intelligent investigative unit that analyzes behavioral patterns to discern normal traffic fro...