Downloads |
Data Sheet
PRODUCT OVERVIEW
The Cisco® Traffic Anomaly Detector XT 5600-B from Cisco Systems® is a complete solution to help large organizations protect against distributed denial-of-service (DDoS) or other network attacks, enabling users to quickly initiate mitigation services to block the attack before business is adversely affected.
Based on a unique, patented multiverification process (MVP) architecture, the Cisco Traffic Anomaly Detector XT uses the latest behavioral analysis and attack recognition technology to proactively detect and identify all types of network assaults.
By constantly monitoring traffic destined for a protected device, such as a Web or e-commerce application server, the Cisco Traffic Anomaly Detector XT compiles detailed profiles that indicate how individual devices behave under "normal" operating conditions. If the Cisco Traffic Anomaly Detector XT detects any per-flow deviations from the profile, it considers the anomalous behavior of a potential attack and responds based on user preference: by sending an operator alert to initiate a manual response, by triggering an existing management system, or by launching the Cisco Guard XT DDoS Mitigation Appliance to immediately begin mitigation services.
Combined with the Cisco Guard XT, the Cisco Traffic Anomaly Detector XT contributes to the industry's most comprehensive DDoS defense system. Through the MVP architecture, the Cisco Traffic Anomaly Detector XT and Cisco Guard XT detect, divert, isolate, and remove malicious attack flows without affecting legitimate transactions, helping to deliver robust protection to networks and business-critical traffic.
APPLICATIONS
DDoS attacks represent the fastest-growing threat facing online businesses today. These attacks have evolved from simple acts of publicity-seeking vandalism to highly focused events designed to disrupt the business operations of their targets. Increasingly relentless and malicious, these attacks can cause significant damage to businesses.
Attack techniques are also growing more sophisticated. Attackers mimic valid requests, spoof source identification, and use compromised "zombie" hosts to overwhelm Internet data centers and existing network defenses, while making identification and blocking of the malicious traffic flows virtually impossible.
The Cisco Traffic Anomaly Detector XT works with the Cisco Guard XT to provide a complete detection and mitigation solution that protects enterprises, hosting centers, government agencies, and service provider environments from DDoS attacks. When the Traffic Anomaly Detector XT identifies a potential attack by noticing deviations from known "normal" behavior, it alerts the Guard XT to begin diverting traffic destined for the targeted devices-and only that traffic-for inspection. All other traffic continues to flow freely, reducing the impact on overall business operations while increasing the number of devices or zones a single Guard XT can protect.
Diverted traffic is rerouted through the Cisco Guard XT, which is typically deployed off the critical path at any point in the network-from enterprise entrance access points to peering points off an ISP backbone. The diverted traffic is then scrutinized to identify and separate "bad" flows from legitimate transactions. Attack packets are identified and removed, while legitimate traffic is forwarded to its original destination, helping to ensure that real users and real transactions always get through, and providing maximum availability.
Figure 1 shows a Traffic Anomaly Detector in Enterprise Data Center Architecture.
Figure 1. Traffic Anomaly Detector in Enterprise Data Center Architecture
FEATURES AND BENEFITS
Recognition and Learning
The Cisco Traffic Anomaly Detector XT resides off the critical path to monitor mirrored traffic flows at full gigabit line rates, building detailed profiles of "normal" behavior for each protected device without consuming valuable switch or router resources.
Using sophisticated behavior-based anomaly detection technology, the Cisco Traffic Anomaly Detector XT detects any activity that deviates from established profiles at both global and granular session levels, enabling highly accurate identification of all types of known and unknown ("day-zero") attacks. Detailed, per-connection state analysis of all packets enables fast and thorough detection and identification of the most elusive and sophisticated attacks-from subtle, low-rate server resource exhaustion attacks to large-scale attacks launched by hundreds of thousands of distributed zombies.
The Cisco Traffic Anomaly Detector XT also includes a behavioral recognition engine that eliminates the need to continually update profiles, and reduces the large number of alerts and false positives common with static signature-based approaches. In addition, the Cisco Traffic Anomaly Detector XT comes preconfigured with default profiles for immediate operation; automated learning allows users to create specific tuning recommendations that can be reviewed by the operator.
Finally, session-state context recognizes validated session traffic and identifies session-abusive attacks to provide additional protection against malicious activity.
High Performance
The high-performance Cisco Traffic Anomaly Detector XT monitors attack flows at full gigabit line rates¬-enough to identify more than 100,000 sources per device in a single attack, providing robust protection against distributed attacks for large, high-volume environments.
In addition, multistage analysis of fully mirrored traffic delivers fast recognition of even the most stealthy low-rate attacks. To provide the greatest possible protection, the Cisco Traffic Anomaly Detector XT can be deployed downstream (close to protected resources in the data center) or upstream (adjacent to a Cisco Guard XT for more widespread coverage).
Reporting and Management
The Cisco Traffic Anomaly Detector XT uses a Web-based graphical user interface (GUI) that displays information in a simple, intuitive manner, dramatically simplifying configuration, operation, and attack identification and analysis.
Multiple real-time and historical reporting levels provide network operators, security administrators, and clients with detailed information to assist in attack detection, policy setting, and mitigation. Report statistics can also be exported to text files for back-end customization or for later review.
The Cisco Traffic Anomaly Detector XT can also be configured to proactively send alerts to network operators and to the Cisco Guard XT to initiate rapid response to attack conditions, including automated mitigation services to quickly thwart the attack. A Simple Network Management Protocol (SNMP) management information base (MIB) also makes statistics based on devices, protected zones, and attack levels available to standards-based management systems.
SUMMARY
Designed for large hosting centers and online enterprises, the Cisco Traffic Anomaly Detector XT combines with the Cisco Guard XT DDoS Mitigation Appliance to provide a security solution that can help ensure uninterrupted business operations, even in the face of the most malicious assaults. For users, that translates into a significant competitive advantage as it can help ensure uncompromised availability and unparalleled protection of valuable business assets.
PRODUCT SPECIFICATIONS
Table 1 provides product specifications for the Cisco Traffic Anomaly Detector XT 5600-B.
Table 1. Product Specifications
ORDERING INFORMATION
Table 2 provides ordering information for the Cisco Traffic Anomaly Detector XT 5600-B.
Table 2. Ordering Information
To place an order, visit the Cisco Ordering Home Page.
TECHNICAL SUPPORT SERVICES
Whether your company is a large organization, a commercial business, or a service provider, Cisco is committed to maximizing the return on your network investment. Cisco offers a portfolio of technical support services to help ensure that your Cisco products operate efficiently, remain highly available, and benefit from the most up-to-date system software.
The Cisco Technical Support Services organization offers the following features, providing network investment protection and minimal downtime for systems running mission-critical applications:
• Provides Cisco networking expertise online and on the telephone
• Creates a proactive support environment with software updates and upgrades as an ongoing integral part of your network operations, not merely a remedy when a failure or problem occurs
• Makes Cisco technical knowledge and resources available to you on demand
• Augments the resources of your technical staff to increase productivity
• Complements remote technical support with onsite hardware replacement
• Cisco Technical Support Services include:
– Cisco SMARTnet support
– Cisco SMARTnet Onsite support
– Cisco Software Application Services, including Software Application Support and Software Application Support plus Upgrades (SAS/SASU)
For more information, visit: http://www.cisco.com/en/US/products/svcs/ps3034/serv_category_home.html