Benefits

Traffic data collection and analysis

Uses a bypass in traffic mirroring mode to collect inbound and outbound traffic that passes through the interconnection switch (ISW) and generates a traffic diagram.

Unusual traffic detection

Uses a bypass in traffic mirroring mode to detect the unusual traffic that has exceeded the scrubbing threshold and reroutes the traffic to the DDoS Traffic Scrubbing module. The traffic rate (Unit: Mbit/s), packet rate (Unit: PPS), HTTP request rate (Unit: QPS), or number of new connections can be set as the threshold.

Malicious server identification

Detects attacks launched by internal servers to identify controlled malicious servers.

Web application protection

Uses a bypass to block common attacks on Web applications at the network layer based on default Web attack detection rules. The attacks that can be blocked include Structured Query Language (SQL) injections, code and command execution, Trojan scripts, file inclusion attacks, exploitation of upload vulnerabilities, and common content management system (CMS) vulnerabilities.

Suspicious TCP connection blocking

Uses a bypass to send TCP RST packets to the server and the client to block layer-4 TCP connections.

Network log recording

Records UDP and TCP traffic logs and the Request and Response logs of HTTP queries. Threat Detection Service (TDS) uses these logs for big data analysis.