DeepFlow DPI probe software for DDOS Mitigation Vendors


Typical situation today

Distributed Denial-Of-Service (DDOS) mitigation takes customer NetFlow traffic from routers to detect DDOS. When a DDOS event is detected, a custom rule is built on the mitigation appliance, and blocks the traffic. Netflow does not provide application attributes to distinguish good from bad sessions in a DDOS attack. Think of a bot running millions of sessions, with some application attributes or behavior that might be common in a script: browser type, cookies, or urls. These attributes can be used to actively identify good from bad sessions.

Strengthening the solution with Qosmos DeepFlow®

Router NetFlow collection is upgraded with probes running DeepFlow DPI software, for application-aware flow visibility. The DeepFlow software streams application-specific session behavior to the detection engines.


A DDOS mitigation vendor can instantly upgrade their solution to support application visibility, enabling unprecedented detection, and instant ability to qualify an attack. With additional integration of ixEngine in a blocking device, the same criteria can be used to block the attack in real time. More automation and less complexity means quicker time to mitigation for customers.


Diagram DDOS