This month we launched a new exciting product called the DOSarrest Traffic Analyzer (DTA), taking an inhouse platform that has been essential in providing real time security analytics and actions for the DOSarrest network, and making it available for customers to help with their own networks. In a nutshell, the DTA operates by ingesting Sflow/Netflow/Jflow records from any device capable of sending this type of data (routers and switches), indexing the data, and providing real time and historical data. A simple one-line config to export these flows is all that is required by anyone wanting to utilize this service. The valuable data that is contained in these records can be used for multiple purposes, notably:
- Creation of dynamic flowspec rules for DDoS mitigation
- Identifying top source/destination networks allowing netops to make economical routing decisions and establish strategic peering relationships
- Gain insight on application traffic in a multi-tenant environment
- Troubleshoot network congestion that may be occurring during specific time periods, down to the culprit IP’s and/or Protocols
- Make strategic decisions on capacity planning
The reason I’m personally excited by this product is because of my past experiences as a network engineer for over 12 years. Back in my day, most network engineers knew about the opportunities with working Netflow but could never fully realize the opportunity for the following reasons:
- Required Development cycles of built in house with open source tools. Most network teams know they are on the bottom of the list of priorities for the Dev team.
- Vendor solutions were simply cost prohibitive. With the cost structure based upon the number of flow exporters, yearly license, and peak traffic rate, even a medium size network would have to break the bank with a product from Arbor, and would easily be over 100k per year, never mind the upfront cost.
- Management Skepticism – Trying to extract budget for any tool is a difficult task from your executive team. For any network intelligence proposals, all they see is large costs, heavy development time and head count, for a platform with no real revenue generation. They also tend to be dismissive about revenue protection arguments as well, until a DDoS hits.
With DTA, we are able to provide a low cost, no CAPEX tool that you can utilize with minimal effort. You’ll have access to a portal where you can look at details on a per netblock basis for top source/destination ip’s, protocols, countries, BGP CIDR, ASN and much more, for an incredibly low cost. Plus you’ll have access to our 24/7/365 SOC for ad hoc reports, as we continue to build out more functionality in the portal.
Over the next few blogs I’ll provide some examples of how powerful the platform in helping netops get control of their network.
CTO, DOSarrest Internet Security