Flowmon DDoS Defender
DDoS detection for ISPs

Flowmon DDoS Defender End of Sale

The End of Sale date is April 6th, 2022. From this date forward, no new DDoS Defender orders will be accepted, and associated new product sales SKUs will be removed from global price lists.

Learn more about the EoS in FAQ

Detection and analysis

The Flowmon DDoS Defender provides tailored DDoS attack detection by the ability to apply a different baseline to every tenant or traffic component. Detection thresholds can be manual or adaptive where they follow the contour of peace traffic without any input from you. When an attack is detected, the Defender notifies you and signals the corresponding mitigation system.

Full awareness

You can access additional information such as the type of attack, timeframe, traffic line, threshold, and more, with additional critical insights like target IP addresses, or the attack origin – country, subnet, router or interface.

Automated response

The DDoS Defender triggers mitigation automatically based on your defined policy. Leverage your existing infrastructure with BGP Flowspec, filter traffic with a Remotely Triggered Black Hole (RTBH) or re-route traffic using the Border Gateway Protocol (BGP) or Policy-Based Routing (PBR).

Mitigation tiering

Get the maximum out of your in-house mitigation capabilities. When your own infrastructure’s mitigation capacity is exhausted, the DDoS Defender automatically forwards excess traffic to a cloud scrubber.


You can ascribe different detection and mitigation presets and reporting to each tenant. Tenant segments can be grouped and you can assign access rights to each group or tenant individually while each tenant retains access to their own data.

BGP flowspec

When an event has been detected, Flowmon creates attack patterns and injects them as rules to routers, which can then redirect, forward, drop or rate-limit traffic and more. Rules can be manually adjusted at any given point and all the changes are automatically reverted back after the attack ends.

Machine learning

The system learns traffic patterns for different protocols and creates adaptive baselines. Two baselines are modelled: suspicion of an attack and an actual attack. This off-the-shelf functionality ensures real-time detection with a low number of false positives.

Manual thresholds

Manual thresholds are simple rules that alert when traffic with specific characterestics reaches undesirable point. Administrators are notified in advance so they can take appropriate actions and stay ahead of problems.

Native scrubbing center support

Flowmon DDoS Defender natively supports all the major vendors in the scrubbing centre market. The configuration itself is a matter of picking the vendor's name from a drop-down menu. Integration with the vendor is always kept up to date.

Advanced action triggering

Respond to attacks automatically through script-based integration with network or authentication tools. When detecting an event, Flowmon can connect to, e.g. Cisco ISE through pxGrid, and quarantine the malicious IP address.

DDoS Defender integrations

Integration options with complementary security tools and platforms are enormous.

DDoS attack blocking

The DDoS Defender integrates with the mitigation appliances of multiple vendors and cloud scrubbing services.

  • Radware
  • A10 Networks
  • Corsa Networks
  • Corero Networks
  • NaWas cloud scrubbing service

BGP Flowspec mitigation

A mitigation method based on advanced traffic filtering at routers that operates with dynamic attack signatures and triggers actions accordingly. BGP Flowspec rules can be based on:

  • Destination prefix
  • Source prefix
  • IP protocol
  • Destination port
  • ICMP type
  • ICMP code