GenieATM 6000 ISP Series

Details

Category: GenieATM 6000

An Advanced Network Traffic Mining System to Provide Decision Support on Network Service Operation, Network Security Reinforcement on Locating Problems Instantly, Powerful Traffic Analysis with Flexibility, and Various Traffic Statistics Reports

Being faced with a continuously growing and gradually complex network environment nowadays, Network Service Providers extremely hunger for a more powerful and efficient network management system to integrate traffic analysis information including Flows, SNMP polling, and BGP routing respects for operation and business decision-making. Moreover, increasingly-rampant deliberate attacks have seriously impacted and threaten the network service performance and the operation of information system.

GenieATM 6000, a flow-based solution to collect network-wide traffic collection for data mining and anomaly detection, is designed especially for carrier-grade network with high capacity and high performance.  It can automatically generate various pre-defined traffic reports and detect abnormal network behaviors, DoS/DDoS attacks, and unusual routings from interior or exterior networks, and then send out alerts to network operators in time.  Meanwhile, GenieATM 6000 also provides powerful Snapshot and Forensic tools which can support the integration of third-party devices to promptly intercept anomaly traffic.

Deployment

Distributed Architecture with Centralized Control

With the distributed architecture design, GenieATM 6000 can not only easily collect large-scale network flows but also simplify system configuration management.  Meanwhile, according to actual network and traffic scale, GenieATM 6000 is flexible for phased equipment (GenieATM Collector) adjustment which could effectively reduce the total cost of ownership (TCO).

Key Features

Traffic Mining with Intelligent Traffic Models

GenieATM 6000 equips powerful Traffic Analysis Engine, which can swiftly implement various classification, statistics, and sorting operations, and generate various precise pre-defined traffic reports.

• With built-in intelligent network modeling, various pre-defined network flow (Home, Neighbor, Sub-Network, Backbone and Customer) can be accurately classified and their relevant traffic reports will be automatically generated as well.
• Using "Rule-based Traffic Analysis Mechanism" thru Factors and Filters, users can sieve out their interested flows for traffic analyses and monitoring, as well as different kinds of Top-N reports.
• Traffic Matrix Analysis between Sub-Networks and Neighbors.
• Traffic Attribute Reports on Application, Protocol+Port, TOS Value, and Packet Size.
• Real-time TopN Ranking: able to list TopN ranks within any specified time duration. The built-in traffic comparison accelerator enhances accuracy of traffic analysis for ISP high traffic volume environment.

DDoS and Anomaly Detection

Through analyzing IP header information of network flows, GenieATM 6000’s Anomaly Traffic Detection Engine can detect malicious DDoS attacks or Worm traffic, and also can focus on particular detection scope to check out if there is any enormous abnormal traffic trying to knock down your network quality.  The supported network-wide anomaly detections include:

• Traffic Anomaly: monitors a specific detection scope for suddenly-generated enormous traffic to find out unknown network attacks (Zero-Day Attacks).
• Worm: detects known worms, such as Blaster, Sasser, Code Red, SQL Slammer, and etc.
• DDoS Attack Detection: detects Protocol-Misuse anomalies, such as TCP SYN Flooding, UDP Flooding, ICMP Flooding, and enumerate possible attackers, victims and affected hosts.
• Interface Anomaly: monitors device performances, interface throughput, bandwidth utilization, (CRC) error packets, discard packets, and Multicast + Broadcast packets.
• BGP Route Instability: detects suddenly-generated BGP routing changes or excessively-frequent BGP update messages.

Real-time and Retrospective Traffic Snapshot

Traffic Snapshot is an on-line troubleshooting tool to inspect network traffic over current flows in cache or historical flows in raw data storage.  Given the network-wide view for troubleshooting, network administrators no longer have to trace problems by capturing and analyzing packets for each link.  GenieATM not only offers powerful traffic filters with abundant analysis criteria for Traffic Snapshot, but also provides various aggregation methods to generate different real-time Top-N analyses.  Moreover, users could drill down into the suspicious traffic step by step, and locate attacking sources precisely.  Meanwhile, the system could generate a set of ACL commands as a suggestion to a network operator for anomaly mitigation.

Mitigation

GenieATM 6000 can send out real-time alarms and notifications to network operators once any anomaly traffic is detected; moreover, it provides the following handy tools to help network operators for real-time troubleshooting, forensic, retrospective analysis, etc.  In addition, GenieATM also supports the integration with traffic-cleaning devices or routing devices to directly cut off malicious attacking traffic and thus protect the backbone bandwidth.

• Alarm & Notification: the system will automatically generate daily traffic baseline and send out alerts and notifications through Email, SNMP Trap, or Syslog once anomaly events are detected.
• Snapshot: this function can directly connect with online troubleshooting tools to locate problem points.
• Forensic: can preserve anomaly traffic rawdata for later analysis.
• Report Rebuild: according to the saved historical rawdata, users can rebuild rule-based Filter reports of a specific time period for the past network behavior recall.
• Mitigation: with Blackhole or Flowspec configuration, or integrating with traffic-cleaning device (Cisco Guard, Huawei Eudemon), the system can cut off attacking traffic directly and thus mitigate network-wide anomalies.

Ordering Information