Full of backbone network for abnormal traffic, excessive consumption of network resources, which greatly affect the degree to carry out normal business situation, Neusoft NetEye network traffic analysis and response system (NTARS) backbone network to help users effectively address security issues need to be resolved in: DoS/ DDoS attacks, worms and viruses, spam, vulnerability risk, network abuse, etc., guarantee the backbone network to maximize the controllability and efficiency, saving diagnosis, detection, repair, labor costs required for such threats.
Neusoft NetEye network traffic analysis and response system (NTARS) is a detection and response in a hybrid type of bypass protective equipment, for the bearer network carriers, industry networks, university campus networks, IDC data centers, large and medium enterprisesnet consolidated area within the entire network to provide statistical analysis, anomaly detection and automatic suppression of the response function.NTARS system to hundreds of real-time detection in a mixture of background traffic G DoS / DDoS attacks, P2P traffic, Worm, Spam and other network abuse incident, and then automatically trigger the response system to block defense.At the same time, NTARS system administrator for the flow pattern, trend forecasting, routing for the backbone network jitter and other statistical analysis of health data to help transport key management personnel to monitor and control link and the operation of critical resources.
Network Traffic Analysis and Response System (NTARS)
Neusoft NetEye network traffic analysis and response system (NTARS) Technical Features
1, DDoS and other abnormal traffic detection and prevention
Real-time detection of network-wide legitimacy of all link traffic, including network DoS / DDoS attacks, application layer attacks, worm propagation and other traffic, and the police, blocked, preventing malicious traffic for limited network bandwidth resources, swallowed,improve the overall service capacity of network availability.
2, DFI detailed analysis of the complete traffic flow
For the whole network system can automatically generate the network traffic flow analysis unit, the use of graphics, lists, links and other forms of network traffic patterns to accurately describe the type distribution of the vertical cover Frame size, IP, TOS, protocol, application protocoland other types of property to Internet zone, routers, next hop, routing, interface, subnet, the client account size for statistical detection of traffic rules and in accordance with different flow properties (such as issuing traffic AS, AS transit traffic, AS interconnectionflow, etc.) to generate classification other component ratio analysis, statistical comparison ranking report.
3, DPI depth of protocol analysis and traffic management
Detection of the powerful engine and tree ICA? Composite technology support, the system provides efficient DPI depth testing, to quickly identify application protocols, testing type of attack, further strengthened the abuse of agreement (such as BT, eMule, eDonkey, PPLive, SIP, H.323 and other P2P communication) application characteristics of the monitor, to link traffic from real-time to quickly identify the emergence of the business, and on this basis, the proper statistical analysis and quality of service control.
4, self-learning ability to adjust the dynamic baseline
Through the unknown characteristics of network traffic after a certain period of sampling and analysis, the baseline model and automatically keep track of changes in the actual flow curvature and dynamically adjusted to ensure the system evolution trend of network traffic self-learning ability.
5, the detection of a broad and comprehensive range of
In addition to NetFlow V1/V5/V7/V9, SFlow V4/V5, Cflowd V5/V8, NetStream V5/V8/V9, the system also supports SNMP, BGP, SPAN, CLI, NAP, etc., on the state of the routing device, routingtable entries, dynamic routing protocol interaction, IP / MAC mapping, MAC / Port mapping, the original message content in real-time acquisition.
6, highly intelligent ICA? Complex mechanism
ICA? Composite technologies based on a mechanism to dynamically adjust the output of the input strategy for other mechanisms, resulting in L2 ~ L7 between the various protocol layers, flow chart style between the state and the network elements, DFI and DPI flexible betweentesting operations distribution, and auto-complete inhibition of abnormal event detection and back between the policy-driven instruction.
7 Origin of fine-grained localization abnormal
Hit in the anomaly detection system, after positioning to provide fine-grained traceability, the source of the abnormal traffic directly back to the nearest source of the attack and exchange the routing device interface device port, the follow-up treatment for the administrator to provide accurate location information.
8, flexible drive mechanism of the inhibitory response
Supports a variety of different types of equipment for the inhibition of response to commands and predefined configuration templates, and exception flow occurs, the ICA? Composite technology automatically trigger without manual administrator intervention to prevent the occurrence of abnormal traffic follow-up.The response interface protocol support, including: BGP v4, SNMP v1/v2c/v3, CLI / CLI SSH, NAP v1.0/v1.2.
9, the security value-added interface to fit the business
Attention not only to get the user from the security product deployment benefits, and more emphasis on the profit system to increase capacity to the users.To this end, the system provides OSP functional unit, follow the user's existing profit model, fit the business needs to provide value-added services support capabilities.
10, one-stop centralized management
NTARS emphasis on one-stop management system operation and maintenance needs satisfaction, and its centralized management platform for CMP (Central Management Platform) for the Controller to provide multiple events distributed a summary of policies issued, condition monitoring, analysis, focus on work relatedcan be realized "1 + M * (1 + N)" multi-level distributed architecture, so well adapted carrier industry, "Branch + Corporation + Province municipal branches" of the organizational structure and system, successfully resolveda massive log data in real-time remote transmission, system overhead, network overhead, the conflict between storage media cost is built for large telecom operators a unified whole network traffic analysis platform launch targeted design.
11, and network management systems, SOC and other collaborative systems
NTARS system can be managed through a multi-dimensional channel support and network management systems and SOC integration to deploy and even custom extensions, the management level management system acceptable to the centralized management of services and convenient interface embedded in the management of the system to show the analysis of the programdata, at the product level can support an array of multi-device integration, and to achieve load balancing, filtering and classification performance of expansion, complete coverage of network management, traffic analysis, security, operation and maintenance needs of multiple business areas, for more than several hundred G networkthe whole of the maintenance management solutions.
12, maintenance-free long-term operational capabilities
NTARS system provides the stable operation of carrier-class quality, and enhanced through various mechanisms to achieve zero human intervention, life skills such as: traffic analysis report is automatically generated and directional transmission, automatic backup and space traffic data maintenance capabilities, the hardware of the storage mediadisaster recovery / expansion mechanism, the key components (CPU, power supply) redundant backup.
13, log auditing and automatic report
NTARS system provides perfect conditions for query and reporting audit function, for a certain time period to be conducted in accordance with regular audit work, the system can also automatically generate analysis report submitted by Email a different administrator.