IntruGuard Products
Products Overview
Key Capabilities
Benefits
Technical Specs
Product Datasheets
 

Request Further Information

Click the icon below to:
  • Request a price quotation.
  • Request Competitive Analysis of DDoS mitigation solutions available in the market.
  • Request a Webinar.
  • Request a technical call to discuss your DDoS mitigation needs.
Request Further Information from IntruGuard

How Does DDOS Protection Service Work For a Customer?

IntuGuard Product Configuration Steps

  1. Factory Defaults Detection Mode

    When the appliance is shipped from the factory, it is sent with all the behavioral thresholds set to high (line rate) and the appliance is set to Detection Mode.

    In the Factory Defaults Detection Mode, the appliance does not drop any packets. The appliance acts like a wire or a layer 2 transparent bridge.

  2. Virtualize Partitions

    3. If you have more than one server or a network, you can partition your network into logical virtual partitions called VIDs. Each VID has a policy of its own and traffic behavior of its own. Each VID can be set into Detection or Prevention Mode independent of the others in each direction independently.

    The virtualization is achieved using network address/mask which can be defined as a CIDR - going all the way up to a network node.

  3. Baseline Partition 1

    4. Once you have partitioned the network, you can baseline each partition independent of the other. Essentially, let the traffic flow and let the system collect the information.

    This period can be as little as few hours or as much as a week or a month depending on how much time you have at hand. If you are already under attack, this step can be avoided and IntruGuard support staff can help you setup without the baselining based on their experience with attacks at similar sites.

    The process of baselining involves granularly understanding the traffic behavior in the partition.

    At the end of this stage, you get a Traffic Statistics Report. This report gives you an idea of the baseline of your traffic.

  4. Reduce Thresholds and Monitor Partition 1

    5. Once you have generate the Traffic Statistics Report, a wizard in the IntruGuard GUI will use that to set the behavioral thresholds with a configurable cushion. This cushion will take care of sudden surges such as those due to press campaigns, holiday shopping, etc.

    Once the thresholds have been lowered, the appliance is still maintained in Detection Mode. In this mode, the appliance will act as though it has dropped attack packets and create reports and notifications. But it will not actually drop the packets.

    If you are satisfied with the results, you can put the appliance partition in Prevention Mode.

  5. Prevention Mode for Partition 1 in a chosen direction

    6. In this mode, the appliance will actually enforce the policies and drop attack packets in the chosen direction for the chosen partition.

    You will get the reports and notifications.

  6. Continuous Learning and Adaptive Thresholds

    As your traffic grows, the appliance will learn that growth and adjust the thresholds continuously and adaptively so that you don't have to manually adjust the thresholds. There is an upper limit to such growth to avoid misuse.

    Once you are satisified with one VID partition in one direction, you can repeat the process for another partition.

 

Learn More:

    How does IntruGuard appliance work?