DeepFlow for DDOS Mitigation Vendors

Overview

Typical situation today

Distributed Denial-Of-Service (DDOS) mitigation takes customer NetFlow traffic from routers to detect DDOS. When a DDOS event is detected, a custom rule is built on the mitigation appliance, and blocks the traffic. Netflow does not provide application attributes to distinguish good from bad sessions in a DDOS attack. Think of a bot running millions of sessions, with some application attributes or behavior that might be common in a script: browser type, cookies, or urls. These attributes can be used to actively identify good from bad sessions.

Strengthening the solution with Qosmos DeepFlow® Probes

Router NetFlow collection is upgraded with DeepFlow Probes, for application aware flow visibility. DeepFlow streams application specific session behavior to the detection engines.

Benefits

A DDOS mitigation vendor can instantly upgrade their solution to support application visibility, enabling unprecedented detection, and instant ability to qualify an attack. With additional integration of ixEngine in a blocking device, the same criteria can be used to block the attack in real time. More automation and less complexity means quicker time to mitigation for customers.

Example