Flowmon DDoS Defender
DDoS detection for ISPs

The Flowmon DDoS Defender is an ISP-grade AI-based DDoS attack detection and response solution. It chooses the most appropriate of predefined mitigation scenarios leveraging a combination of infrastructure and/or third-party mitigation to provide DDoS protection that scales easily and maximizes your prior infrastructure investments.

Contact sales

Minimum false positives

Adaptive baselining adjusts to your peace traffic

Limitless integration

A large number of mitigation appliances and cloud scrubbing services

Smart mitigation triggering

Automatic triggering depending on attack structure and magnitude

Detection and analysis

The Flowmon DDoS Defender provides tailored DDoS attack detection by the ability to apply a different baseline to every tenant or traffic component. Detection thresholds can be manual or adaptive where they follow the contour of peace traffic without any input from you. When an attack is detected, the Defender notifies you and signals the corresponding mitigation system.

Full awareness

You can access additional information such as the type of attack, timeframe, traffic line, threshold, and more, with additional critical insights like target IP addresses, or the attack origin – country, subnet, router or interface.

Automated response

The DDoS Defender triggers mitigation automatically based on your defined policy. Leverage your existing infrastructure with BGP Flowspec, filter traffic with a Remotely Triggered Black Hole (RTBH) or re-route traffic using the Border Gateway Protocol (BGP) or Policy-Based Routing (PBR).

Mitigation tiering

Get the maximum out of your in-house mitigation capabilities. When your own infrastructure’s mitigation capacity is exhausted, the DDoS Defender automatically forwards excess traffic to a cloud scrubber.


You can ascribe different detection and mitigation presets and reporting to each tenant. Tenant segments can be grouped and you can assign access rights to each group or tenant individually while each tenant retains access to their own data.

BGP flowspec

When an event has been detected, Flowmon creates attack patterns and injects them as rules to routers, which can then redirect, forward, drop or rate-limit traffic and more. Rules can be manually adjusted at any given point and all the changes are automatically reverted back after the attack ends.

Machine learning

The system learns traffic patterns for different protocols and creates adaptive baselines. Two baselines are modelled: suspicion of an attack and an actual attack. This off-the-shelf functionality ensures real-time detection with a low number of false positives.

Manual thresholds

Manual thresholds are simple rules that alert when traffic with specific characterestics reaches undesirable point. Administrators are notified in advance so they can take appropriate actions and stay ahead of problems.

Native scrubbing center support

Flowmon DDoS Defender natively supports all the major vendors in the scrubbing centre market. The configuration itself is a matter of picking the vendor's name from a drop-down menu. Integration with the vendor is always kept up to date.

Advanced action triggering

Respond to attacks automatically through script-based integration with network or authentication tools. When detecting an event, Flowmon can connect to, e.g. Cisco ISE through pxGrid, and quarantine the malicious IP address.

"After three months of intensive testing we were able to prove that Flowmon was the right product due to its performance, anomaly detection capabilities, scalability in GÉANT and its simplicity when managing and configuring."

Wayne Routly

Head of Information & Infrastructure Security


Request free trial

Get no-obligation 30-day trial of Flowmon in your network.
Get your trial today

Get in touch

Do you have question around the solution or want to schedule a call. Write us a message.
Contact us

DDoS Defender integrations

Integration options with complementary security tools and platforms are enormous.

DDoS attack blocking

The DDoS Defender integrates with the mitigation appliances of multiple vendors and cloud scrubbing services.

  • Radware
  • A10 Networks
  • Corsa Networks
  • Corero Networks
  • NaWas cloud scrubbing service

BGP Flowspec mitigation

A mitigation method based on advanced traffic filtering at routers that operates with dynamic attack signatures and triggers actions accordingly. BGP Flowspec rules can be based on:

  • Destination prefix
  • Source prefix
  • IP protocol
  • Destination port
  • ICMP type
  • ICMP code

Get in touch

Do you have question around the solution or want to schedule a call. Write us a message.
Contact us

Typical project pricing

Or for a quote and our specialists will create a project offer tailored to your needs.
Check model pricing