Allot Network Intelligence - PowerPoint PPT Presentation

1 / 48

About This Presentation

Title:

Allot Network Intelligence

Description:

Assured Forwarding for video streaming ... Signature free DDoS, Spam and Zombie detection. 0 day detection. Fully based on traffic behavior ... – PowerPoint PPT presentation

Number of Views:881

Avg rating:3.0/5.0

Slides: 49

Provided by: All73

Category:

more less

Transcript and Presenter's Notes

Title: Allot Network Intelligence

1
Allot Network Intelligence

Tomás Gómez de Acuña
tgomez_at_allot.com

2
AllotAt-A-Glance
Company Status
Public company traded on NASDAQ ALLT
Employees
250
RD and Operations
Israel, Hod Hasharon
Americas MN, CA, NY, TX, AZ, BrazilEurope
France, UK, Germany, Italy, Spain, Scandinavia
Asia/Pac. Singapore, Japan, Australia
WW Sales and Support
Founded
1997
More than 9000 units sold in 118 countries More
than 700 service providers More than 2060
enterprises and educational inst.
Track Record
3
Allot Network Intelligence Solution
Internet Access
Internet
WAN
RED LAN / CORE
VPN/Leased Line/MPLS
4
Network Intelligence Solution Main Features

Network visibility Network Intelligence
Network troubleshooting
Layer 7 Firewall
Signature Base, DPI (Deep Packet Inspection)
Connection Control
Connection limitation per rule
Badwidth assignment per connection
Data center protection / DoS protection
DDoS and Malicious Traffic Control (Service
Protector)
P2P Control
Application Control
QoS Bandwidth Management
Video Caching (MediaSwift)
Block of Illegal Webside URLs (Websafe)
Managed Services. Virtual Traffic Control
Subscriber Management. Traffic Control per
Subscriber
Accounting and Billing

5
Allot Product Family
6
NetEnforcer Products
NetXplorer
SMP
AC-400
AC-800
AC-1000
AC-10000
AC-2500
Service Gateway
Ancho De Banda
2 a 100 Mb
45 a 310 Mb
155 Mb a 1 Gb
310 Mb a 2,5 Gb
5 Gb a 40Gb
4 Gb to 20 Gb
Politicas
4.000
28.000
80.000
80.000
400.000
400.000
Internet Access,Local ISPs Pymes y SMB
Tier 1, 2Carriers, ISPs
Tier 1, 2Carriers, ISPs, EnterpriseUniversidades
Tier 1, 2Carriers, ISPs, EnterpriseUniversidades
Tier 2-3 Carriers,ISPs,EnterpriseUniversidades
EnterpriseISPs Universidades
Clientes
7
NetEnforcer Enterprise / Medium SP Platform
8
NetEnforcer SP Carrier Platform
9
AC10000
10
Service Gateway
11
The Service Gateway Vision
Network Subscriber Management
3rd PartyServices
FutureService
...
DPI Engine
Open platform enabling integrationof
best-in-class services
12
Service Gateway Redirecction

Caching
URL Filtering
IDS
Firewall
Contect Inspection
Reponse Time System

Third Party Product
RED LAN / CORE

Centralized DPI System
Reduce System Investment
Better Traffic Control
Really Intelligent (L7) Forward

13
1 2 links Topologies
Two Links. Different Networks
One link
Two Links. Redundant Configuration

10/100 Ethernet NE 402/802
1 Giga NE 802/1010
10 Giga NE 10100 / SG

10/100 Ethernet NE 404/804
1 Giga NE 804/1020/2520
10 Giga NE 10200 / SG

10/100 Ethernet NE 404/804
1 Giga NE 804/1020/2520
10 Giga NE 10200 / SG

14
4 links Topologies
Four Links. Redundant Configuration. Fully Meshed
FourLinks. Different Networks.

10/100 Ethernet NE 808
1 Giga NE 808/2540
10 Giga SG 8 x 10G

10/100 Ethernet NE 808
1 Giga NE 808/2540
10 Giga SG 8 x 10G

15
8 links Topologies
Eight Links. Different Networks

Service Gateway 8 links of 1 giga

16
High Availability
17
SMP Arquitecture
18
SMP Features
Subscriber Monitoring
Tiered Services
Quota Management

Time Based
Volume Based

Portal
19
NetXplorer Provisioner Arquitecture
Managed Services Virtual Traffic Network
Intelligence
Authentication
NetXplorer Server
RADIUS Server
Users
Policy Modifications and Data Collection
Back-end control
Front-end Provisioning and Monitoring
Internet
Users
NetEnforcer
NetXplorer Provisioner
Network Operator
20
NetXplorer Provisioner (NPP)
21
NetXplorer SMP Arquitecture
GUI Client
GUI Client
OSS RADIUS/DHCP
Mediation / Billing
NetXplorer Server
Subscriber Management
NetXplorer DataCollector
NetXplorer DataCollector
NetXplorer DataCollector
22
Netxplorer Features
Main Features

Network Visibility
Real Time Monitoring
Long Term Monitoring
Auto Application Discovery
Centralized Policy Management
QoS definition
L7 Firewalling
Port Redirection
DoS control
Reports Creation
Reports Scheduling
Events Alarms

23
Netxplorer Drill Down Capability
24
Rich Set of Graphs

Statistics
Utilization
Distribution Graphs
NetEnforcers
Lines / Pipes / VCs
Protocols
Hosts / Int / Ext /
Conversations
Subscribers
Average Protocol Popularity
Typical Time

25
NetXplorer Most Active Graphs

Reports Top N

Three Dimensional Graphs
26
NetXplorer Data Selection
Date Time Range
27
NetXplorer Report Creation
Multiple Format Output Reports
28
NetXplorer Report Scheduling
29
Events Alarms
30
QoS Optimization Control
With Allot
Without Allot
P2P Upload P2P Download
Visible and Managed
VoIP WebTV Video Conferencing
Unmanaged
Gaming email
Allot NetEnforcer
31
NetXplorer Policy Definition
32
Superior DPI technology

New dedicated H/W offers scalability
upgradability
Based on Allots Next Generation DPI engine S/W
with native APU (Allot Protocol Updates) support
Advanced Proactive Learning System for finer
identification of sophisticated P2P Apps
Leader in real time and internet protocols

33
Service Catalog
34
Improvement of QoS features

3-level policy control
LINE, PIPE Virtual Channel
Expedited Forwarding for real time applications
Assured Forwarding for video streaming
Drop Precedence for effective BW management
(short term peak traffic)
Tailored QoS behavior per Application
Per Flow Queuing mechanism

35
QoS Catalog
36
DoS Connection Control
DoS Control
Connection Control
37
ServiceProtector

Protects against DDoS attacks network attacks
worms subscriber zombies spambots
Behavior-based ADS (Anomaly Detection System)
Facilitates surgical isolation at the network or
subscriber level

KEY BENEFITS
Reduce customer complaints
Reduce OPEX
Avoid email blacklisting
Enhance network mgmt
Improve network stability
Protect key customers
Protect revenue streams

38
ServiceProtectors Main Features

Signature free DDoS, Spam and Zombie detection
0 day detection
Fully based on traffic behavior
lt5 false positives, gt95 rate true positives
Fast attack identification. Normally less than 5
min from begin to mitigation
On-Fly attack signature creation
For Mitigating the attacks
Easy and transparent installation
Distributed system
Multiples sensors with one management console
Independent solution
No help needed from routers
Fully integrated with NetXplorers Network
Intelligent System
External server or a ATCA blade
Up to 10Gbits real-time detection per sensor

38
24 February 2012
39
Network Behavior Anomaly Detection (NBAD)

Network attacks disrupt network behavior and the
normal relationship between network statistics

Uses TCP/IP statistics to build behavioral models
Identifies disruptions in absolute and relative
network statistics
Connectionless, sessionless, stateless
Detection speed inversely proportional to
magnitude of attack
Invariant to normal peaks and troughs
Sensitive to attacks

40
Deployment

NetXplorer

NetEnforcer

Service Gateway

Service Gateway

Availability of Service Protector blade to be
announced expect mid-late 08

41
MediaSwift

Intelligent Media Caching maximizes network
efficiency
Accelerates content delivery and provides highest
QoE
Reduce delivery costs and improve service quality

KEY BENEFITS
Transparent caching of all bandwidth-intensive
protocols
Reduce OPEX
Reduction of upstream bandwidth
Wire speed data delivery
Preserves functionality for all Internet services
Scalable multi-gigabit bandwidth generation

42
Bandwidth Control Media Acceleration
Internet
HTTP Traffic

Manages traffic and BW growth
Produces BW savings
Fastest downloads possible
Best Quality of Experience (QoE)
Satisfy user demand for media
Competitive advantage over other ISPs

MediaSwift
ISP Core Network
P2P Traffic
ISP Access Network
Subscribers
HTTP Video
P2P Peer
Email, HTTP
VoIP
43
How it Works
MediaSwift Blade
SG-Sigma
ISP User
Internet User
44
WebSafe