When we first started providing DOSarrest Traffic Analyzer (DTA) product, we initially just wanted to take advantage of the capabilities of the DCD platform and provide a basic traffic analysis tool for customer NetOps teams and their respective networks. As we continued to develop the DTA, we looked around at some of the leaders in the Network Traffic Analysis industry to see what they were doing. There were a couple of well known names (eg. Kentik, Cisco Stealthwatch, Nagios Network Analyzer, Darktrace), and some not so well known names (Plixer Scrutinzer, Awake Security Platform, Lastline Defender). While each of these tools have various strengths, our analysis revealed that there seemed to be challenges and hurdles in successfully introducing them into a customer’s network operation, notably:
A) Complexity – Most of these products had an on premises device and/or a software that required extensive setup and administration to just get started on ingesting records, let alone setting up the reporting and visuals.
B) Cost – Some of these solutions were just outright expensive to purchase, with ongoing annual licensing costs. Others had difficult-to-calculate cost structures predicated upon the number of devices and number of flows collected.
We also noticed that the monitoring capabilities were wide and varied amongst these vendors, where many platforms did not have monitoring built in (requiring you to buy a separate module or platform), to others that had black box machine learning based monitoring which you had to implicitly trust was identifying network and security incidents.
We looked at these industry challenges and evolved the DTA to avoid these pitfalls while still offering a powerful and flexible tool for Network operations and engineering. By providing a pure cloud solution, with tiered pricing based on records per second, we are able to offer a cost effective and easy to calculate monthly pricing structure, with very simple customer configuration requirements. And with over 20 years of experience in running wide area networks, we were able to develop simple but effective dashboards and configuration options for NetOPs teams, that provides them at-a-glance understanding of what is happening inside the wire for easier management and planning, including quick identification of spoofed IP activity inside their networks, as well powerful alerting capability on critical assets and traffic flows inside their environment:
Overview
Interface Configuration
Alerts
The roadmap for the DTA continues to focus on making simple but powerful visuals and configurations. Over the next few months we’ll be releasing a number of features advantageous to network and security teams, which include:
I) Pushing Flowspec rules into Customer routers – Not only be notified of an anomaly, customers will have their own routers defend against a DDoS, using the dynamic rules the DTA will push into their network.
II) Continued Development of Forensic & Query Tools – Evolving and adding to the ability to research network activity enables NetOPS to understand volatile dynamic information with less complexity.
III) Alert configurations specific to a set of interfaces – Not just focused on looking at specific IP activity
IV) Building and Maintaining private DTA instances for individual customers – For those customers who do not want to ship their netflow to an outside network or a shared platform or need a huge data lake and retention period. Our team can build your own personal DTA within your environment
For more information on DTA click here
Jag Bains
CTO
DOSarrest Internet Security
