| |
| Key Features & Benefits |
| |
Architecture & Deployment |
| |
- Appliance Architecture:
ease of system set-up and configurations.
The standalone single-box solution can perform the
complete functions of data collection, aggregation,
analysis, storing and results rendering.
- Non-intrusive Deployment:
only IP connectivity between
GenieATM and the analyzed network is required for
the deployment; no interruptions of users’ existing
network environment incurred.
- Scalable Solution:
the 2-layered architecture allows
users to deploy more than one Collector in distributed
locations for scalability and to manage from a central
Controller for ease-of-operation.
- High Availability: GenieATM
Controller supports VRRP (Virtual Router Redundancy
Protocol), which allows users to deploy two Controllers
for further increasing system reliability.
- Remotes Software Upgrade:
the system software can be upgraded
easily by remote access or by replacing the built-in
DOM card on-site locally.
|
| |
User Interface |
| |
- Web-based Interface:
the system could be accessed remotely
via a web-client and Internet connections. The system
also supports HTTPS for Web access with better security.
- Multi-lingual Support:er-user
language selection for English, Traditional Chinese
and Simplified Chinese.
- Command Line Interface:supports
Telnet and SSH (Secure Shell) access for system configurations
and upgrades.
|
| |
System Administration |
| |
- Multi-Layered User Accounts:
supports multiple levels of user
account authorities and also provides multiple users
online concurrently and provides activity logs and
status check of users.
- RADIUS & TACACS+ Support:
supports remote authentication
with users’ available RADIUS or TACACS+ servers.
- Database Storage Management:
provides intelligent, automatic,
and selective DB data purge once the storage utilization
has reached a configured threshold.
- Multiple Data Storage:
GenieATM Controller equips with
a built-in 147-GB hard disk, and also supports external
SCSI disks and NFS servers (NAS), which provides a
flexible means to extend the storage capacity.
- System Profiling: continuously
monitors GenieATM 6000 system performance by indicators
such as CPU usage, Memory usage, DB usage, and statistics
of received Flow records for users’ convenient
checking of system health.
|
| |
Data Sources |
| |
- Various Flow Record Format
Support: NetFlow™
(v1, v5, v7, v9), NetStream™, and sFlow®
(v4, v5) are supported for Flow-based analysis.
- Flow Forwarding: can
relay received NetFlow/NetStream/sFlow data to other
NetFlow/NetStream/sFlow collectors.
- SNMP-based Traffic Monitor:
in addition to flow-based traffic analysis, GenieATM
also provides SNMP-based traffic monitoring and analysis
by polling network devices.
- Embedded BGP Client:
collects BGP routing information via the embedded
BGP module. The BGP module supports MD5 signature
to better secure BGP communications.
|
| |
Traffic Analysis |
| |
- Network-wide Monitoring:
be able to monitor and analyze the network-wide traffic
without being constrained by physical network links.
- Intelligent Network Traffic
Modeling: the embedded Network
Traffic Modeling intelligence (Home, Internet, Neighbor,
Backbone, Sub-Network, and Customer) enables simplified
analysis settings, automatic traffic classification
and organized pre-defined reports.
- Pre-defined Analysis Report:
basing on the built-in network
model intelligence the system provides abundant pre-defined
reports — Internet, Neighbor, Backbone, Router,
Sub-Network, and Customer Analysis Reports.
- Abundant Report Formats:
renders analytic results in line-charts, stacked-line-charts,
pie-charts; offers daily, weekly, monthly, quarterly
and yearly statistics; provides Summary, Compare,
Detail, Breakdown and Attribute report types.
- Capacity Planning & Management:
the analysis reports of long-term
trending helps network operators forecast the growth
of the bandwidth demands and careful plan the resources
required to prevent network congestion.
- Peering & Transit Analysis:
the pre-defined Neighbor and ASN
Analyses provide in-depth traffic visibility by combining
Flow information and BGP know-how. The BGP intelligence
also equips users a powerful tool for peering relation
evaluation and negotiation for reducing bandwidth
acquisition costs.
- Routing Management:
BGP-based routing information
such as traffic distribution of AS_path_length, Peer/Origin
ASN, and BGP message statistics is helpful in routing
optimization planning.
- Router Monitoring:
provides SNMP-based network device health reports
such as CPU and memory utilization, and traffic analysis
reports like interface traffic, dropped packets and
CRC error statistics…etc.
- Traffic Snapshot: captures
the traffic Top-N instantly with flexible analysis
criteria, aggregation and ranking methods. Provides
traffic visibility of contents, source and destination,
routes and specific anomalies. Traffic Snapshot is
a unique tool provided by GenieATM and a powerful
network troubleshooting tool.
|
| |
Anomaly Detection & Mitigation |
| |
- Traffic-based Detection:
able to dynamically profile real-time
traffic and build normal traffic baselines for anomaly
detections. The traffic-based detection mechanism
is known for its power to timely detect Zero-day Attacks
without passively waiting for attack signatures.
- Signature-based Detection:
GenieATM also provides signature-based
anomaly detections by system default and user updatable
flow signatures. The built-in Protocol-Misuse detection
and Application-Anomaly detection models can successfully
detect worms, DoS/DDoS attacks such as TCP flooding,
Land attack, SQL Slammer, Code Red and Sasser attacks.
- Routing Anomaly Detection:
continuous monitors BGP routing
activities on the network, and provides timely alerts
for abnormal routing behaviors such as BGP Hijack
and spurts of route updates.
- Anomaly Trace-back: rapidly
constructs the full view of the attack and points
out the attacker’s and attackee’s information.
A highly time efficiency on collecting relevant information
and taking precautionary or indemnifying measures
can be easily accomplished.
- Anomaly Mitigation:
offers a number of anomaly mitigation options for detected threats. The actions supported including ACL command recommendations, Black-hole routing, and 3rd-party security device integration.
- Alarm Notification: a
two-level (Yellow & Red) threshold alarm mechanism
collocating with the indication of customer importance.
Specifiable email receivers and supportable SNMP traps
make Fault Management System more usable.
- Diversified Alarm Methods:
three supported alarm methods,
Email, SNMP Trap, and Syslog, can elastically coordinate
user’s demand.
|
|
| |
| |
NetFlow™ is a trademark of Cisco
Systems, Inc.
NetStream™ is a trademark of Huawei-3Com Technology Co., Ltd.
sFlow ® is registered as a trademark of InMon Corp.
|
|
|
GenieATM
6000
