With embedded intelligence and high performance, GenieATM provides enterprises a total solution for both Network-wide Flow Analysis and Network Anomaly Detection.
In a complex, large-scale enterprise network, understanding the real usage and user behaviors is essential to operations and maintenance of the network. Moreover, the vast malicious DOS/DDOS attacks have been threatening most enterprises on the internet, while Firewall, IDS, or Anti-Virus software is unable to recognize and response to unknown worms for mitigation. Firewall is also being targeted by DoS/DDoS attacks leaving the enterprise unshielded. Therefore, detecting DoS/DDoS attacks and mitigating potential damages becomes a crucial task to all network administrators. Equipped with Network Modeling intelligence and Anomaly Traffic Detection Engine, GenieATM 6200 is a total solution for network-wide traffic analysis, real-time troubleshooting, and proactive security protecting. The benefits brought to large enterprises by GenieATM are as follows:
Saves the cost of network devices and bandwidth, with proper capacity planning according to GenieATM's traffic analysis reports.
Reduces down time of network services and avoids business loss due to DoS/DDoS attacks via GenieATM's proactive security protection.
Enhances work efficiency of traffic analysis and troubleshooting, with various pre-defined intelligent reports, flexible user-definable traffic reports, and real-time Top-N snapshot tool.
Promptly identifies problems of network infrastructure; monitors network flows and provides immediate policies for mitigations with Intelligent Anomaly Traffic Detection Engine.
Achieving higher ROI and lower TCO by deploying Firewall, IPS, or IDS on external links and deploying GenieATM on internal network infrastructure for enhanced security
Network Modeling with Network-wide View
“Network Modeling” of GenieATM represents a network hierarchy adopted by most large-scale service providers. On the basis of network modeling intelligence, GenieATM automatically classifies and aggregates network flows, and generates various pre-defined traffic reports quickly and precisely. Meanwhile, systems can be configured with less effort and have an easier network-wide view into the use of the network.
Flexible User-definable Traffic Report
GenieATM 6200 provides a user-definable reporting engine which highly improves the flexibility of traffic analysis. Using “Rule-based Traffic Analysis Mechanism” through Factors and Filters, users can sieve out specific flows for traffic analysis and monitoring, as well as generating different kinds of Top-N reports. User-definable traffic analysis report successfully provides a way to customize your traffic reports to suit your network.
Real-time Top-N with High-performance Analysis
GenieATM 6200 adopts advanced dynamical Top-N sorting to analyze real-time traffic of arbitrary time duration as well as equipping a traffic matching accelerator in order to provide high-speed and accurate analysis in a high traffic environment.
The embedded “Anomaly Traffic Detection Engine” can quickly detect most malicious traffic originating from either internal or external networks; locates suspicious attackers and victims promptly and suggest proper “ACL commands” for mitigation. Three types of anomalies, including Traffic Anomaly, Protocol-Misuse, and Application Anomaly, can be detected for either known worms or “Zero-Day” attacks. Both dynamic threshold with auto-learning mechanism and static threshold are able to trigger alarms and notifications when required.
Real-time and Retrospective Traffic Snapshot
Traffic Snapshot is an on-line troubleshooting tool which inspects network traffic over current flows in cache or historical flows in raw data storage. Given the scope of network-wide troubleshooting, network administrators no longer have to trace problems by capturing and analyzing packets for each link. GenieATM not only offers powerful traffic filters with abundant analysis criteria for Traffic Snapshot, but also provides various aggregation methods to generate different real-time Top-N analyses. Moreover, users could drill down into the suspicious traffic step by step, and locate attacking sources precisely. Meanwhile, the system could generate a set of ACL commands as a suggestion to network operators for anomaly mitigation.
Distributed Architecture with Centralized Control
GenieATM provides the most enhanced scalability and performance with the distributed architecture design for monitoring and measuring large-scale network. GenieATM 6200 devices can be deployed at regional networks to collect Flows from routers or switches to carry out traffic classification and analysis. The analyzed data will be forwarded to a GenieATM Control Center for further aggregation and presentation. With the centralized configuration management, GenieATM brings the convenience and efficiency to operators as well as a global view on the network-wide traffic and anomalies.
Ease of Use, Ease of Maintenance
GenieATM is a superior network appliance with a hardened OS; guarantees performance as well as ease of system deployment. Operators are allowed to monitor and analyze their network traffic reports anywhere, anytime via user-friendly web UI. GenieATM provides self-maintenance capability for data management. In addition, system is upgradeable from remote thus reducing the maintenance cost. Consequently, successfully reduces the total cost of ownership (TCO).
All-in-one System to work as a Controller or Flow Collector