In a complex large-scale enterprise network with changing applications, understanding real usage and user behaviors is essential to operations and maintenance of the network. Moreover, immense malicious DOS/DDOS attacks have been threatening most enterprises on the Internet, while Firewall, IDS, or Anti-Virus software could not recognize and response for unknown worms. Some DoS/DDoS attacks even aim for Firewall and leave the enterprise unshielded. Therefore, finding ways to detect DoS/DDoS attacks and mitigating possible damages becomes an important issue to all network administrators.
Equipped with Network Modeling intelligence and Anomaly Traffic Detection Engine, GenieATM 6200 is a total solution for network-wide traffic analysis, real-time troubleshooting, and proactive security protecting. The benefits brought to large enterprises by GenieATM are as follows:

• Save the cost of network devices and bandwidth, with proper capacity planning according to GenieATM’s traffic analysis reports.
• Reduce down time of network services and avoid business loss due to DoS/DDoS attacks, with GenieATM’s proactive security protection.
• Enhance work efficiency of traffic analysis and troubleshooting, with various pre-defined intelligent reports, flexible user-definable traffic reports, and real-time Top-N snapshot tool.
• Identify problems of network infrastructure quickly, with Intelligent Anomaly Traffic Detection Engine to monitor network flows and give immediate policies for mitigation.
• Get higher ROI and lower TCO, from better security by deploying Firewall, IPS, or IDS on external links and deploying GenieATM on internal network infrastructure.

Network Modeling with Network-wide View
“Network Modeling” of GenieATM represents a network hierarchy adopted by most large-scale service providers. On the basis of network modeling intelligence, GenieATM automatically classifies and aggregates network flows, and generates various pre-defined traffic reports quickly and precisely. Meanwhile, network operators are able to configure the system with less effort and easily have a network-wide view into the use of the network.

Flexible User-definable Traffic Report
GenieATM 6200 provides a user-definable reporting engine which highly improves the traffic analysis capability in respect of flexibility. Using “Rule-based Traffic Analysis Mechanism” thru Factors and Filters, users can sieve out their interested flows for traffic analyses and monitoring, as well as different kinds of Top-N reports. User-definable traffic analysis report successfully provides a way to customize your traffic reports to suit your network.

Real-time Top-N with High-performance Analysis
GenieATM 6200 adopts advanced dynamical Top-N sorting to analyze real-time traffic of arbitrary time duration. Also, equipping a traffic matching accelerator in order to provide high-speed and accurate analysis in a high traffic environment.

Anomaly Detection and Mitigation
The embedded “Anomaly Traffic Detection Engine” can quickly detect most malicious traffic originating from either internal or external networks, locate suspicious attackers and victims promptly, and suggest proper “ACL commands” for mitigation. Three types of anomalies, including Traffic Anomaly, Protocol-Misuse, and Application Anomaly, will be detected for either known worms or “Zero-Day” attacks. Both dynamic threshold with auto-learning mechanism and static threshold are available to trigger alarms and notifications.

Real-time and Retrospective Traffic Snapshot
Traffic Snapshot is an on-line troubleshooting tool to inspect network traffic over current flows in cache or historical flows in raw data. Given the network-wide view for troubleshooting, network administrators no longer have to trace problems by capturing and analyzing packets for each link. GenieATM not only offers a powerful traffic filter with abundant analysis criteria for Traffic Snapshot, but also provides various aggregation methods to generate different real-time Top-N analyses. Moreover, users could drill down into the suspicious traffic step by step, and locate the attacking sources precisely. Meanwhile, the system could generate a set of ACL commands as a suggestion to network operators for anomaly mitigation.

Distributed Architecture with Centralized Control
While a large-scale network is to be measured and monitored, GenieATM gives the best scalability and performance with the distributed architecture design. Any GenieATM 6200 device can be deployed to regional networks to collect Flows from routers or switches and to perform traffic classification and analysis. The analyzed data will be forwarded to a GenieATM Control Center for further aggregation and presentation. With the centralized configuration management, GenieATM brings the convenience and efficiency to operators as well as a global view on the network-wide traffic and anomalies.

Ease of Use, Ease of Maintenance
GenieATM is a superior network appliance with a hardened OS, guarantees performance as well as ease of system deployment. Operators are allowed to monitor and analyze their network traffic reports anywhere, anytime via user-friendly web UI. They don’t need to worry about data management since GenieATM provides self-maintenance capability. In addition, system is upgradeable from remote thus the maintenance cost is reduced. Accordingly, the total cost of ownership (TCO) has been successfully reduced.