NETSCOUT Case Studies Transition from Cisco Guard to the Peakflow Solution Provides Easier 10 Gbps DDoS Attack Mitigation

Edit This Case Study Record

	Transition from Cisco Guard to the Peakflow Solution Provides Easier 10 Gbps DDoS Attack Mitigation NETSCOUT

Transition from Cisco Guard to the Peakflow Solution Provides Easier 10 Gbps DDoS Attack Mitigation

NETSCOUT

Technology Category	Cybersecurity & Privacy - Network Security
Applicable Industries	Education
Applicable Functions	Business Operation
Use Cases	Cybersecurity
Services	System Integration
Challenge	The customer, a central European network service provider (NSP) that offers Internet access, domain name system (DNS), IP address allocation and DDoS attack detection and mitigation services to universities, ministries and research organizations, was using Cisco Guard for DDoS attack detection and mitigation. However, they faced two main problems with Cisco Guard. Firstly, the NSP had a 10 Gbps core backbone network, but Cisco Guard only supported 1.2 Gbps of mitigation, and there were no plans to improve this due to the end-of-sale schedule. Secondly, because the NSP used Peakflow SP for attack detection and Cisco Guard for attack mitigation, its staff was forced to learn two different user interfaces, which made attack mitigation more difficult. Read More
About Customer	The customer is a central European network service provider (NSP) that offers Internet access, domain name system (DNS), IP address allocation and DDoS attack detection and mitigation services to universities, ministries and research organizations. Its network, consisting mainly of Cisco devices, supports about 150 customers with thousands of end users. Three core routers, connected via a 10 Gbps fiber backbone, provide all the routing to neighboring countries, research networks and commercial upstream providers. Read More
Solution	The NSP transitioned from Cisco Guard to Peakflow SP TMS. The migration process was relatively easy, with minor changes required to the network routing environment. Since Peakflow SP TMS is an out-of-band appliance that doesn’t do any active routing, the NSP had to implement a separate routing instance to segregate the production Border Gateway Protocol (BGP) forwarding routing tables from the individual scrubbing routing tables. This routing instance was used for off-ramping attack traffic to the TMS appliance. TMS would then on-ramp or forward cleaned traffic into this routing instance, where the routers would make next-hop decisions for Peakflow SP TMS to deliver clean traffic to its original destination. Read More Log in to view content
Contents

Technology Category

Cybersecurity & Privacy - Network Security

Applicable Industries

Education

Applicable Functions

Business Operation

Use Cases

Cybersecurity

Services

System Integration

Challenge

The customer, a central European network service provider (NSP) that offers Internet access, domain name system (DNS), IP address allocation and DDoS attack detection and mitigation services to universities, ministries and research organizations, was using Cisco Guard for DDoS attack detection and mitigation. However, they faced two main problems with Cisco Guard. Firstly, the NSP had a 10 Gbps core backbone network, but Cisco Guard only supported 1.2 Gbps of mitigation, and there were no plans to improve this due to the end-of-sale schedule. Secondly, because the NSP used Peakflow SP for attack detection and Cisco Guard for attack mitigation, its staff was forced to learn two different user interfaces, which made attack mitigation more difficult.

About Customer

The customer is a central European network service provider (NSP) that offers Internet access, domain name system (DNS), IP address allocation and DDoS attack detection and mitigation services to universities, ministries and research organizations. Its network, consisting mainly of Cisco devices, supports about 150 customers with thousands of end users. Three core routers, connected via a 10 Gbps fiber backbone, provide all the routing to neighboring countries, research networks and commercial upstream providers.

Solution

The NSP transitioned from Cisco Guard to Peakflow SP TMS. The migration process was relatively easy, with minor changes required to the network routing environment. Since Peakflow SP TMS is an out-of-band appliance that doesn’t do any active routing, the NSP had to implement a separate routing instance to segregate the production Border Gateway Protocol (BGP) forwarding routing tables from the individual scrubbing routing tables. This routing instance was used for off-ramping attack traffic to the TMS appliance. TMS would then on-ramp or forward cleaned traffic into this routing instance, where the routers would make next-hop decisions for Peakflow SP TMS to deliver clean traffic to its original destination.

Impact #1	The NSP can now protect its whole 10 Gbps core backbone with a single 10 Gbps mitigation device (the TMS 3100).
Impact #2	The team only needs to learn one solution, simplifying the process and reducing the time required for training.
Impact #3	It now only takes 4 or 5 clicks to start a mitigation, providing a very simple and fast way to stop attacks within 10 to 15 seconds.

Impact #1

The NSP can now protect its whole 10 Gbps core backbone with a single 10 Gbps mitigation device (the TMS 3100).

Impact #2

The team only needs to learn one solution, simplifying the process and reducing the time required for training.

Impact #3

It now only takes 4 or 5 clicks to start a mitigation, providing a very simple and fast way to stop attacks within 10 to 15 seconds.

Benefit #1	10 Gbps DDoS attack mitigation capability
Benefit #2	Attack mitigation can be started within 10 to 15 seconds

Benefit #1

10 Gbps DDoS attack mitigation capability

Benefit #2

Attack mitigation can be started within 10 to 15 seconds

Download PDF Version

Overview

Transition from Cisco Guard to the Peakflow Solution Provides Easier 10 Gbps DDoS Attack Mitigation

Operational Impact

Quantitative Benefit