NSFOCUS Network Traffic Analyzer (NTA)



Similar documents
Eudemon8000 High-End Security Gateway HUAWEI TECHNOLOGIES CO., LTD.

SHARE THIS WHITEPAPER. Top Selection Criteria for an Anti-DDoS Solution Whitepaper

Huawei Traffic Cleaning Solution

Data Sheet. DPtech Anti-DDoS Series. Overview

NSFOCUS Anti-DDoS System White Paper

NSFOCUS Remote Security Assessment System. Overview

On-Premises DDoS Mitigation for the Enterprise

DDoS Overview and Incident Response Guide. July 2014

AntiDDoS1000 DDoS Protection Systems

NSFOCUS Web Application Firewall

Introducing FortiDDoS. Mar, 2013

SolarWinds Network Performance Monitor powerful network fault & availabilty management

SecurityDAM On-demand, Cloud-based DDoS Mitigation

TDC s perspective on DDoS threats

USG6600 Next-Generation Firewall

How valuable DDoS mitigation hardware is for Layer 7 Sophisticated attacks

SOLARWINDS NETWORK PERFORMANCE MONITOR

USG6300 Next-Generation Firewall

Eudemon8000E Anti-DDoS SPU

Arbor s Solution for ISP

A Layperson s Guide To DoS Attacks

First Line of Defense

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Hillstone T-Series Intelligent Next-Generation Firewall Whitepaper: Abnormal Behavior Analysis

Radware s Attack Mitigation Solution On-line Business Protection

Cheap and efficient anti-ddos solution

Cisco SR 520-T1 Secure Router

NSFOCUS Web Vulnerability Scanning System

Architecture Overview

First Line of Defense to Protect Critical Infrastructure

VALIDATING DDoS THREAT PROTECTION

An Elastic and Adaptive Anti-DDoS Architecture Based on Big Data Analysis and SDN for Operators

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

SolarWinds Network Performance Monitor

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

NSFOCUS Web Application Firewall White Paper

Complete Protection against Evolving DDoS Threats

FortiDDos Size isn t everything

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

STEALTHWATCH MANAGEMENT CONSOLE

Analyzed compe.tors Cisco RadWare Top Layer RioRey IntruGuard. January Cristian Velciov. (+40)

Radware s Behavioral Server Cracking Protection

First Line of Defense

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

Cisco IPS 4200 Series Sensors

Take the NetFlow Challenge!

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Huawei Eudemon200E-N Next-Generation Firewall

Security Toolsets for ISP Defense

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

AntiDDoS8000 DDoS Protection Systems

This document is licensed for use, redistribution, and derivative works, commercial or otherwise, in accordance with the Creative Commons

Analysis of a DDoS Attack

FlowMon. Complete solution for network monitoring and security. INVEA-TECH

Cisco IOS Flexible NetFlow Technology

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Observer Probe Family

Cisco IronPort C370 for Medium-Sized Enterprises and Satellite Offices

NEFSIS DEDICATED SERVER

Wharf T&T Limited DDoS Mitigation Service Customer Portal User Guide

NSC E

Concierge SIEM Reporting Overview

DDoS Protection on the Security Gateway

NetFlow Tips and Tricks

V-ISA Reputation Mechanism, Enabling Precise Defense against New DDoS Attacks

DDoS Threat Report. Chris Beal Chief Security Architect on Twitter

Advantages of Managed Security Services

Application of Netflow logs in Analysis and Detection of DDoS Attacks

INCREASE NETWORK VISIBILITY AND REDUCE SECURITY THREATS WITH IMC FLOW ANALYSIS TOOLS

Quality Certificate for Kaspersky DDoS Prevention Software

Elevating Data Center Performance Management

How To Manage Sourcefire From A Command Console

Chapter 8 Router and Network Management

Gigabit Content Security Router

Availability Digest. Prolexic a DDoS Mitigation Service Provider April 2013

CMPT 471 Networking II

NSFOCUS Anti-DDoS System White Paper

Distributed Denial of Service protection

SolarWinds Network Performance Monitor

Are you safe from DDoS attacks?

Gigabit Multi-Homing VPN Security Router

DEPLOYMENT GUIDE. This document gives a brief overview of deployment preparation, installation and configuration of a Vectra X-series platform.

DDoS Attack and Its Defense

Pravail 2.0 Technical Overview. Exclusive Networks

Cisco IronPort X1070 Security System

DPtech ADX Application Delivery Platform Series

Traffic Diversion Techniques for DDoS Mitigation using BGP Flowspec. Leonardo Serodio May 2013

Gold Support for NetFlow Tracker

White Paper. The Ten Features Your Web Application Monitoring Software Must Have. Executive Summary

Cisco IPS Manager Express

ICND2 NetFlow. Question 1. What are the benefit of using Netflow? (Choose three) A. Network, Application & User Monitoring. B.

Eudemon1000E Series Firewall HUAWEI TECHNOLOGIES CO., LTD.

Software. Quidview 56 CAMS 57. XLog NTAS 58

Barracuda Link Balancer Administrator s Guide

Transcription:

What does it do? x-flow technology Traffic Statistics and analysis Route analysis Abnormal traffic detection Whom to work with? NSFOCUS Anti-DDoS System Overview NSFOCUS Network Traffic Analyzer (NTA) NSFOCUS Network Traffic Analyzer (NSFOCUS NTA) is a traffic analysis and detection product powered by the Flow technology. Supported by NSFOCUS s decades of accumulative experience in traffic analysis, it is oriented to the telecom carrier network, IDC network and other networks. NSFOCUS NTA provides its users with real-time network status monitoring and real-time alerts of network attacks and anomalies, to secure users' network environments. Throughout years of development, NSFOCUS NTA has already established a good reputation among customers with a track of success cases covering China, the USA, EU, South Korea and other regions worldwide. NSFOCUS NTA has multiple models ranging from carrier-grade to Where to use? Carriers Network IDC Enterprise DC enterpriese-grade, which can be deloyed in the MANs and the backbone networks of the ISPs, government agencies, education orgainzations, enterprises and so forth. It is mainly designed for traffic analysis, anomaly traffic dection and route analysis in the Mbps, Gbps and 10Gbps networks, based on the xflow data from the router. Applications With the rapid expansion of the Internet businesses in recent years, higher and higher bandwidth is required for different links on the internet, which lead to increaing investment in network infrastructure. However, alongside the booming development of network infrastructure and the internet businesses, the network security issues grow to be greater concerns. The reduced attack cost and mushroomed easy-to-use attack techniques result in volumetric 1 / 13

anomaly traffic with complex compositions. Therefore, it is imperative to Features Real-time Network-wide Monitoring perform an in-depth analysis of the network traffic (including the varied anomaly traffic) to get throuogh insight into the distribution and trends of the network traffic. Accurate and Detailed Traffic Analysis Powerful Anomaly Detection IPV4/V6 Dual-stack Analysis and Detection Flexible and Diverse Reporting 3-in-1 Solution Value-added Operational Benefits Easy Operation and Maintenance Figure 1: The Deployment of NSFOCUS NTA NSFOCUS NTA is always deployed at the egress of the MAN or the intranet, activating the Netfow capability of the core router to send Netflow data to the NTA system. By virtue of the traffic analysis capability, the NTA system performs traffic analysis, anomaly traffic and attack detection, link stress analysis, route analysis and so forth, providing basic information for anomaly traffic mitigation and network optimizaition. Features Real-time Network-wide Monitoring NSFOCUS NTA monitors the overall network status in real time by collecting and analyzing traffic data. This enables network administrators to have a panoramic view of the network load and trends as well as the usage of network application resources. 2 / 13

Figure 2: Network-wide Monitoring As shown in Fig 2, NSFOCUS NTA monitors the network-wide status in the following four aspects: 1. NTA device status: The NTA system monitors the CPU usage, memory usage, hard disk usage, interface status, Flow rate and other indicators of itself, with real-time operating information presented. 2. Network anomaly status: The NTA system detects various network anomalies in real time during network operations, identifying network bottlenecks and the root causes of network performance degradation. 3. Network traffic status: The NTA system monitors the traffic status at the network egress, core devices, specific subnets, and other network objects in real time, with multi-dimensional traffic analysis provided. 4. Network device status: The NTA system monitors status of the routers, the interfaces, and the device traffic in real time and informs administrators of the network load and performance. Accurate and Detailed Traffic Analysis NSFOCUS has continuously improved the data analysis algorithms for the NTA system based on years of experience with Flow data detection and analysis. 3 / 13

This ensures accurate NTA analysis for existing network environments with differing levels of complexity. NSFOCUS NTA monitors the network traffic for the Internet egress, critical businesses, specific subnets, key servers, etc., which data are analyzed from the dimensions of total traffic volume, TOP IP, TOP ports/applications, etc. Correlation analysis is performed for objects across different dimensions in order to provide visibility of the network composition, flow, and trends in different time frames. With a minimum analysis granularity of only 30 seconds, it is capable of reflecting network traffic changes in real time. The system also provides analysis data storage for up to a year. Relying on such a long-term analysis of historical data, it can track the traffic distribution and trends by time, region, and flow direction. This helps carriers, data centers, and other institutions gain a deep understanding of their business demands, hotspots, and trends, laying network decision-makers a foundation for network planning and designing. Moreover, when an alert about anomaly traffic is triggered, NSFOCUS NTA can rapidly pinpoint the victimized IP address. Throughout the entire attack process, it logs the size, composition, source, and time-based violations of the attack traffic in detail, allowing further full-course forensics. Powerful Anomaly Detection NSFOCUS NTA also possesses a powerful anomaly detection capability with the following features, supported by NSFOCUS' self-developed anomaly detection algorithms. Abundant Detection Types and Full Coverage of Backbone Threats NSFOCUS NTA provides two types of anomaly detection methods: system build-in anomaly detection and custom anomaly detection. In addition to the built-in detection signatures, users can customize alerts for 128 types of self-discovered abnormal network signatures. The anomaly detection guards 4 / 13

against excessive traffic, bandwidth saturation, DDoS attacks, abnormal Dark IP, abnormal private IP, etc. NSFOCUS NTA supports warning of up to 14 types DDoS attacks at the network layer and the application layer, such as SYN FLOOD, ACK FLOOD, HTTP FLOOD, and SIP FLOOD, completely covering all threats on the backbone network. Rapid Attack Detection and Thorough Event Record NSFOCUS NTA responds to attacks so rapidly that it can generate an alert in 20 seconds at minimum. The alert levels are predefined as high, medium, or low severity. Different events will trigger different levels of alerts. In the case of network attacks, NTA records the attacks from multiple dimensions, such as network traffic fluctuations, changes of the traffic streaming to the target IP address before and after the attacks. It also analyzes the attack traffic in depth, including the cause, location, strength, type, composition, etc. From this, the system can backtrack the entire attack process and help network administrators locate the attack source. Intranet Security Protection Attacks are becoming more severe and more diverse. They can occur both on the Intranet and the Extranet. Attacks originated from the intranet can congest outbound bandwidth to make a network bottleneck, so it is also demanding to block this type of attacks. Many organizations are already aware of the dangers posed by attacks from Intranet. For instance, data centers have policies that require monitoring of any attacks launched internally against external targets. Carriers require that, in addition to monitoring external attack against their network infrastructure, they must also prevent attacks launched internally. In response to these new requirements, NTA's self-developed intelligent detection system can not only detect inbound attack traffic, but also monitor outbound anomaly traffic in real time. It intelligently determines if the outbound traffic exceeds the predefined threshold value, and accurately locates the TOP IP of any anomaly 5 / 13

traffic streaming out of the intranet. The security of the entire network can only be safeguarded by ferreting out the perpetrators of attacks launched from intranet while guarding against external attacks simultaneously. With no question, NSFOCUS NTA's bi-directional detection can secure users' networks with two-layer protections. Intelligent Detection Algorithm Because of the difficulty in configuring static baseline parameters, its accuracy is not high. Therefore, NSFOCUS NTA has developed an intelligent algorithm for generating dynamic baseline. This feature enables the system to intelligently generate multidimensional network characteristics for an object, following a period of traffic characteristics analysis and modeling for the object to be learnt. The technical principle of the baseline auto-learning technology is as follows. When hosts with similar business and traffic are operating in normal network environment, their traffic volumes and characteristics remain stable. From this, the system models the traffic for different characteristics of the host in normal operation, with the upper limits gained over a period of auto-learning. During this process, the system automatically records variations of the network traffic for basic data modeling. It sets a confidence interval based on the trustworthy data range. By analyzing and calculating the historical data within the confidence interval, the system obtains traffic variation trends and model characteristics. In order to ensure the traffic characteristics to be learnt conform to the normal distribution, the system allows users to enable data modeling in calendar mode, such as setting workdays, weekends, and other calendar time for automated modeling. At the same time, the system supports manual adjustment of the dynamic baseline. This, together with the calendar-based auto-learning mode, ensures the accuracy of the dynamic baseline. Flexible and Efficient Detection 6 / 13

The program structure of the system's calculation engine adopts framework and plug-in modes. This ensures the structural flexibility and efficiency of the system. Each plug-in is matched with one or a couple of detection algorithms. Users can load the most suitable plug-ins based on their network and business characteristics. The NTA system also provides different preset plug-in templates for different typical users. For example, telecom carriers are not very concerned about application-layer attacks when it comes to the operation and maintenance of their backbone networks. Therefore, the corresponding detection plug-in does not have to be loaded in such a user environment. IPV4/V6 Dual-stack Analysis and Detection The curtain is gradually rising for the IPV6 age. The transition to IPV6 has already implemented. The carriers in China, a major force for commercial IPV6 implementation, have already entered the functional verification phrase. Large Internet enterprises have also set up their own laboratory platforms to test and pilot IPV6 for their various businesses demands. In this backdrop, NSFOCUS NTA totally supports IPV4/IPV6 dual-stack for traffic analysis and detection, to dispel relevant concerns of the users. Flexible and Diverse Reporting In order to present analysis and detection data in a well-rounded way, NSFOCUS NTA has developed a flexible reporting system which can generate varied reports by customized conditional filtering or combining. The system provides both real-time and historical reports, facilitating the users to check out real-time monitoring data and to track history data for forensics. It supports daily/weekly/monthly/yearly/custom reports which present the data in the forms of pie charts, bar graphs, run charts etc. as well as custom area charts and line graph graphics. When presenting network traffic status reports, the system can select different network objects on demand and customize the report generation 7 / 13

rules. This allows it to analyze and present traffic data from multiple dimensions and perspectives. For DDoS attacks, the system provides detailed information about the attack target, the number of attack alerts, attack traffic, traffic diversion and so forth. It can filter the data based on attack type, alert level, statistical objects, etc. The system also has a report integration function to help users combine the data they wish to analyze and generate a comprehensive report. This flexible and diverse reporting system fully caters to various needs of the operations staff. A Complete Solution To enable the Anti-DDoS systems to be manageable and operable to the telecom carriers and large data centers, NSFOCUS has released a 3-in-1 solution. This solution is composed of an anomaly traffic detection system (NSFOCUS NTA), an anomaly traffic cleaning system (NSFOCUS ADS), and a management and forensics system (NSFOCUS ADS M). Figure 3: NSFOCUS 3-in-1 Solution 8 / 13

NSFOCUS NTA is responsible for network monitoring and DDoS attack detection. When an attack occurs, the NTA system intelligently enables the coordination mechanism with NSFOCUS ADS and immediately notifies ADS of the event alert. Then, the ADS device activates the traffic diversion function, diverting suspicious traffic from the routers and switches to the ADS device. After finishing purging the DDoS attack traffic, ADS injects the "clean" traffic back into the network. NSFOCUS ADS M acts as the anti-ddos management center to perform a centralized monitoring and policy management for NTA and ADS devices deployed at different network points. Diverse reports are provided to display the whole attack traffic detection and cleaning process. ADS M also has a self-service system, allowing carriers to provide Anti-DDoS value-added services. Value-added Operational Benefits NSFOCUS NTA addresses domain-based (such as by router interface or IP/IP group) attack detection and traffic analysis capabilities to major customers and critical business with value-added operations. Coordinating with the ADS M products, the NTA system provides a specialized value-added service platform for operation/maintenance and self-service. Carriers are thereby able to provide value-added security defense services to large security-sensitive customers, such as security companies, jewelry stores, power companies, government agencies, hotels, IPTV providers, etc. Furthermore, large-scale customers can log onto the self-service portal of NSFOCUS ADS M to view their real-time network traffic, application protocol distribution, attack countermeasures, and other key business information. This platform gives large-scale customers more visibility to their system security, and also enhances their service quality. Easy Operation and Maintenance Plug and Play 9 / 13

NSFOCUS NTA has a smart configuration system which only requires simply PNPs to run. For example, configuring the IP address range to be monitored does not require manual input, instead the system would automatically select IP address ranges to be monitored from a list of candidate IP addresses extracted from routing tables. Similarly, the system automatically matches the routers' physical port numbers and names. In addition, it only needs simple configuration of the dynamic baseline auto-learning algorithm to generate parameters for various anomalies to be detected. The system provides a deployment toolkit that includes packet capture tools, PING, router interface direction judgment tools, detection range generation tools, etc., to further simplify the deployment process. High Performance, Convenient Operation and Maintenance By using high-performance hardware and optimized calculation engine algorithms, NSFOCUS NTA has a processing capacity of up to 80,000 xflows per second. The administrators only need a single NSFOCUS NTA device to monitor a telecom-grade high-bandwidth network environment. This greatly reduces the workload on operations and maintenance staff. Expert Operation and Maintenance Support NSFOCUS possesses years of field network security experience and a team of certified professionals. This allows it to provide rapid on-site defensive support as well as defense consultation, deployment, training and other services. Customers are benefited with enhanced defense systems and supports, as well as the establishment of a professional security team. At the same time, NSFOCUS NTA also has access to the NSFOCUS Security Cloud platform with which NSFOCUS experts provide 24/7 managed services and real-time attacks response. Specifications 10 / 13

Performance Specifications For more information: For more information about NSFOCUS products and services, please contact the NSFOCUS sales U.S. TEL: +1 408 907 6638 EMAIL: info-us@nsfocus.com EMEA TEL: +44 (0)20 30786850 EMAIL: info-emea@nsfocus.com APAC TEL: +65 6809-3128 EMAIL: info-apac@nsfocus.com Japan TEL: +81 3 6206 8156 EMAIL: info-jp@nsfocus.com China TEL: +86 10-6843-8880 EMAIL: info@nsfocus.com For more information visit NSFOCUS Website: www.nsfocus.com/en/ Feature Specifications Features NTA NX3-2000E Platform OS 64 bit operation system Data Collection Netflow V5/V9 Format Netstream Cflow Sflow V4/V5 Support Sflow sampling rate self-adaption DDoS Attacks SYN-Flood Detection ACK-Flood UDP-Flood ICMP-Flood IGMP-Flood Protocol Null Flood TCP Flag Misuse TCP Flag Null HTTP Flood HTTPS Flood DNS Request Flood DNS Response Flood Land Flood SIP Flood Dark IP Private IP Abnormal Traffic Business Domain Inbound Attack Traffic Business Domainegion Outbound Attack Traffic IP Group Inbound Attack Traffic IP Group Outbound Attack Traffic Cluster Attack Traffic Alert Threshold Self-learning Custom Alert Performance Alert Router Memory andcpu Usages Abnormality Y Traffic Analysis Interface Bandwidth Abnormality Router Interface Traffic Analysis Router Interface Group traffic analysis IP Group Traffic Analysis Business Domain Traffic Y 11 / 13

Analysis AS Traffic Analysis, Support TOP 5 Third Party Interface Port and application Traffic Analysis SNMP GET/TRAP SYSLOG Email Flow Data Forwarding, Support TOP5 Null Route Single IP Null Route ADS Traffic Diversion Group Null Route Null Route Timeout Automatic Release Null Route Information Memo Sending Null Route to Different Routers based on Attack Traffic Volume Sending Diversion Notice To Different Routers based on Traffic Volume Y Y Safety Weak Password Inspection Support Password Dictionary Support Inspection Source IP Login Restrict Support Language English, Chinese, Japanese Support Flow Data Collection Flow Collection Capacity The Number of Monitored Routers The Number of Monitored Router Interface NTA NX3-2000E 80k Flows/s 20+ 1000 12 / 13

Hardware Specifications NTA NX3-2000E 1* RJ45 serial port, 2* USB2.0 Interface Weight Height Length Width Rack Device Mgt Power MTBF Operating Temperature Non-operating Temperature interface,2* RJ45 mgt. interface, 4*GE copper port, 4* GE SFP fiber port 16.6kg 88mm 512 mm 432 mm 2U HTTPS,CLI 220V,350W 60,000 hours 0~45 (32~113F) -20~65 About NSFOCUS NSFOCUS is a proven global leader in active perimeter network security for service providers, data centers, and corporations. It focuses on providing network security solutions including: carrier-grade Anti-DDoS System, Web Application Firewall, and Network Intrusion Prevention System - all designed to help customers secure their networks and corporate-critical information. More detailed information is available at http://www.nsfocus.com. 13 / 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information