invGUARD – DDoS Mitigation System
invGuard monitors real-time traffic flow in the network for DDoS attack detection and mitigation to prevent adverse impact to the network, data centers, customers or services.
- whole visibility of the network up to 5 Tbit/s with hundreads routers
- real-time cyberattack detection and mitigation
- high-speed traffic cleaning & filtering up to 200 Gbit/s
- quality control of traffic flow to services, customers, uplinks and peers
- managed services for customers
- low cost of ownership
- Collects and aggregates NetFlow data, SNMP and BGP updates from the network.
- Analyzes traffic by various views with TCP/IP stack and BGP information.
- Detects anomalies as a behavior of managed objects and signature-less malicious impacts to the network
- Detects DDoS attacks such as ICMP flood, TCP SYN flood, TCP Connection flood, UDP flood and more than 100 other types of attacks.
- Generates more than 250 different real-time and historic reports.
- Mitigates attacks carefully with BGP updates: Blackhole and FlowSpec.
- Cleans traffic from worms, zombies, botnets and other types of malicious impacts.
- Activates countermeasures to prevent malicious impacts: connections, amount of data, etc.
- Integrates in customer’s security monitoring centers via SNMP.
- Network routers supported: Juniper, Cisco, Huawei, HPE, H3C, Extreme etc.
- Multi-language interface.
invGuard AS – Analyzer
invGuard AS is the main invGuard system component:
- collects, aggregates, analyses and stores network data from routers by NetFlow, SNMP and BGP;
- detects network traffic anomalies, DDoS and other types of network attacks;
- generates detailed network traffic reports.
invGuard AS – blocking attacks on routers
- Block traffic: BGP Blackhole routing
- Dynamic filtering on routers (BGP flowspec): source IP, destination IP, protocols, ports, flags, packet size, fragmentation, DSCP
- ACL filtering: ports, source IP, destination IP,, flags, protocols
- Black and white lists filtering
- Traffic shaping
invGuard AS specification (per appliance):
- Analysis, attacks and anomalies detection up to 5 Tbits with 100000 NetFlow rps rate;
- BGP: up to 100 routers with 650 000 routing records;
- Detailed statistics of relations in controlled network infrastructure allows effectively manage network resources and quickly detect the network bottlenecks;
- Management API for create/update managed objects, detection thresholds, activate automitigation, reporting (traffic statistics, anomalies, mitigation tasks)
- Notification center: email by SMTP, SNMP traps and syslog;
- Web interface for management (administrators, security engineers);
- Web interface for customer’s susbscribers (personal accounts);
invGuard CS – Cleaner
invGuard CS performs accurate traffic cleaning.
To redirect traffic from its normal flow for cleaning invGuard AS send BGP update to the routers and attack traffic flows directly to invGuard CS.
- assembles traffic by sessions to distinguish malicious impacts;
- uses attacks database and countermeasures settings to mark traffic packets;
- drops illegitimate traffic;
- passes clean traffic to destination.
invGuard CS specification (per appliance):
- invGuard CS: traffic cleaning up to 20 Gbits
- invGuard CS-01: traffic cleaning up to 1 Gbits
- Attacks mitigation on application level (HTTP, DNS, SIP, etc)
- Automatic, semi-automatic and manual attacks mitigation
- Precision filtering settings supported