DeepFlow for DDOS Mitigation Vendors
Typical situation today
Distributed Denial-Of-Service (DDOS) mitigation takes customer NetFlow traffic from routers to detect DDOS. When a DDOS event is detected, a custom rule is built on the mitigation appliance, and blocks the traffic. Netflow does not provide application attributes to distinguish good from bad sessions in a DDOS attack. Think of a bot running millions of sessions, with some application attributes or behavior that might be common in a script: browser type, cookies, or urls. These attributes can be used to actively identify good from bad sessions.
Strengthening the solution with Qosmos DeepFlow® Probes
Router NetFlow collection is upgraded with DeepFlow Probes, for application aware flow visibility. DeepFlow streams application specific session behavior to the detection engines.
A DDOS mitigation vendor can instantly upgrade their solution to support application visibility, enabling unprecedented detection, and instant ability to qualify an attack. With additional integration of ixEngine in a blocking device, the same criteria can be used to block the attack in real time. More automation and less complexity means quicker time to mitigation for customers.