This industry first technology brings real-time DDoS event visibility to Virtual Machine (VM) instances for more diverse deployment possibilities, with the same powerful and rich DDoS security event analytics and reporting found in the award-winning Corero SmartWall Threat Defense System. This leading-edge technology brings real-time DDoS event visibility to the VM environment giving customers more clarity into DDoS threats such as localized quick strike multi-vector attacks that are proliferating worldwide.
“The introduction of vNTD Monitor provides freedom and flexibility to monitor DDoS activity against any server, application or network. Allowing network and security teams the ability to stay in control of DDoS attacks in a cloud environment with visibility of attack traffic, intuitive analytics and alerting of DDoS attack vectors targeting the system or workload”, said Dave Larson, Chief Operating Officer, Corero.
The vNTD Monitor technology incorporates the Corero SmartWall Network Threat Defense (NTD) in-line detection engine to identify DDoS attack traffic within a virtual context.
Key Technology Components:
Corero SmartWall Network Threat Defense - Virtual Edition (vNTD Monitor)
vNTD monitors and inspects traffic, sending sFlow data, security events and syslog messages to Corero SmartWall Site Management Server - Virtual Edition (vSMS) to provide granular visibility into DDoS attacks and traffic anomalies in any network. The vNTD technology can detect DDoS attack vectors ranging from volumetric, reflection, resource exhaustion, and application layer to provide a detailed analysis and summary of DDoS threats present on the network.
Corero SmartWall Site Management Server - Virtual Edition (vSMS)
vSMS provides management of the vNTD and processes event information, sending aggregated statistics and security metadata about DDoS attacks to Corero SecureWatch® Analytics - Virtual Edition (vSWA) for presentation. vSMS uses industry standard Cisco Network Service Orchestrator (NSO) enabled by Tail-f, which is used by Tier 1 Carriers for scalable configuration management.
Corero SecureWatch® Analytics - Virtual Edition (vSWA)
vSWA indexes data received from all vSMS instances and presents the information in an easy to read graphical user interface (GUI) that incorporates pre-built DDoS information dashboards and enables detailed analysis and drill-down on an event-by-event basis. Additionally, vSWA can be connected to the Corero SecureWatch Analytics portal for global remote access to DDoS event information and integration of vNTD Monitor data with a commercial Corero SmartWall Threat Defense System deployment.
Finally, vSWA has the capability of providing integrated DDoS signaling in an environment that supports the IETF draft standard for DDoS Open Threat Signaling (DOTS). By utilizing this function, a vNTD monitor combined with vSMS can act as a remote DDoS detection system that can identify link saturating events requiring DDoS cloud scrubbing to then signal the cloud resources to take action by redirecting effected traffic flows to the cloud for mitigation.
