Key Components of Our DDoS Monitoring Tool for Virtual Machines

Our customers and prospects are service providers who are looking to scale out their security analytics environment by simply “dropping” security visibility into any part of their network to analyze the nature of a threat. Now they can, thanks to Corero’s SmartWall® Threat Defense – Virtual Edition (vNTD Monitor), a new product we announced earlier this year.

Distributed Denial of Service (DDoS) Attacks Often Go Unnoticed

We created this DDoS monitoring tool because we realized that many of our prospective customers had little or no awareness of the fact that their networks experienced DDoS attacks on a regular—sometimes daily—basis. Low-threshold, short-duration DDoS attacks often go unnoticed, creating a lot of “white noise” that strains, but does not obviously disrupt, a network. But that doesn’t make those DDoS attacks any less dangerous; they often mask a more nefarious data infiltration.

Corero’s DDoS Monitoring Tool (vNTD) gives service providers more visibility to detect DDoS threats such as the localized quick-strike, multi-vector attacks that are proliferating worldwide. This product shifts traditional, appliance-based DDoS event visibility to Virtual Machine (VM) instances, for more diverse deployment capabilities, yet it also has the same powerful and rich DDoS security event analytics and reporting found in the award-winning Corero SmartWall Threat Defense System.

3 Components of Corero’s DDoS Monitoring Tool for Virtual Machines (vNTD)

The vNTD DDoS Monitoring solution has three main components:

  1. Corero SmartWall Network Threat Defense – Virtual Edition (vNTD Monitor)
    vNTD monitors and inspects traffic, sending sFlow data, security events and syslog messages to Corero SmartWall Site Management Server – Virtual Edition (vSMS) to provide granular visibility into DDoS attacks and traffic anomalies in any network. The vNTD technology can detect DDoS attack vectors ranging from volumetric, reflection, resource exhaustion, and application layer to provide a detailed analysis and summary of DDoS threats present on the network.
  2. Corero SmartWall Site Management Server – Virtual Edition (vSMS)
    vSMS provides management of the vNTD and processes event information, sending aggregated statistics and security metadata about DDoS attacks to Corero SecureWatch® Analytics – Virtual Edition (vSWA) for presentation. vSMS uses industry standard Cisco Network Service Orchestrator (NSO) enabled by Tail-f, which is used by Tier 1 Carriers for scalable configuration management.
  3. Corero SecureWatch® Analytics – Virtual Edition (vSWA)
    vSWA indexes data received from all vSMS instances and presents the information in an easy to read graphical user interface that incorporates pre-built DDoS information dashboards and enables detailed analysis and drill-down on an event-by-event basis. Also, vSWA can be connected to the Corero SecureWatch Analytics portal for global remote access to DDoS event information and integration of vNTD Monitor data with a commercial Corero SmartWall Threat Defense System deployment.

    Finally, vSWA has the capability of providing integrated DDoS signaling in an environment that supports the IETF draft standard for DDoS Open Threat Signaling (DOTS). By utilizing this function, a vNTD monitor combined with vSMS can act as a remote DDoS detection system that identifies link-saturating events that require DDoS cloud scrubbing, and that then signals the cloud resources to redirect affected traffic flows to the cloud for mitigation.

When IT security staff have granular, visual data about a network intrusion, they’re 1) more aware of network intrusions and 2) able to make better decisions about how to handle the intrusions.

vNTD Monitor is easy to deploy, highly scalable and ideal for hosting/service providers, enterprises, online gaming and Network Function Virtualization (NFV). For more information and technical specs, download the vNTD DDoS Monitoring data sheet.