| Overview |
 The constantly growing global demand for online access has caused the bandwidth of international entrances and content delivery providers to rapidly scale. The bandwidth of Metropolitan Area Network (MAN) entrances exceeds 10Gbps, and that of Internet Data Centers entrances exceeds 5Gbps. This growth affects not only operators’ networks, but the networks of industries and governments. In addition, applications and services that utilize network bandwidth have grown as well, leading to more aggressive delivery and uptime requirements.
Over the years, as network infrastructures and Internet services have increased in sophistication, so have the attacks designed to thwart network security. The days of simple signature-based detection against known threats are gone. Network analysts must be able to have a full view of traffic, so that they can get a clear view of its distribution, as well as being able to quickly detect anomalies that may pose a threat.
The NSFOCUS Network Traffic Analyst (NSFOCUS NTA) delivers those capabilities. It is designed to analyze traffic on the backbone network, using anomaly traffic detection and traffic statistic analysis to scrutinize all traffic, looking for such threats as DDoS traffic, network abuse and overuse, worm flood, and P2P traffic. NTA can be separately deployed as a traffic analysis product, or be deployed together with the NSFOCUS ADS (Anti-Denial of Service) appliance as an anomaly traffic detection product to effectively protect against anti-DDoS attacks, helping control what resources are given access and at which level. |
| |
| Features and Benefits |
 Advanced Baseline Generation Algorithm |
Since indexes for anomaly detection are diverse, different baselines must be adopted in the traffic analysis system for comparison, to ensure the accuracy of traffic detection. The NSFOCUS NTA uses two baseline algorithms. It employs a periodic baseline used to check the traffic index - such as total traffic on a given port, total traffic of an application and traffic tendency of an IP address group. It also uses a portable window baseline used to check the traffic index that remains more consistent. These two methods provide network operators and application managers with a clear picture of the resources being used, and how best to shape the traffic to meet external and internal customer needs. It also gives them a reliable indicator of when traffic slips outside of expected norms, which could be an advance indication of an attack or misuse. |
| Rich Anomaly Detection Algorithm |
NSFOCUS’s NTA not only provides a good picture of how the network is behaving, it is also designed with a rich set of tools for catching both known threats and "zero-day" attacks - configurable up to 17 categories of detection indexes. Each corresponds to a detection algorithm. These indexes cover the detection of all anomaly traffic on a network.
|
| Flexible and Effective Detection |
NSFOCUS’s NTA calculation engine adopts a “frame plus” plug-in that ensures the flexibility and effectiveness of the system. Each plug-in corresponds to one or more detection algorithms. Administrators can choose the most appropriate plug-in to upload according to the network structure and service features. In addition, the system provides some predefined plug-in templates for different types of typical use cases, making setup and operation easy. For example, the operation and maintenance of a backbone network allows for less attention paid to the application layer; however, the situation may be just the opposite for content delivery providers. This flexibility provides configurable detection for any operation, and may be changed easily if the network, or services offered over the network, changes over time. |
| Powerful processing capability |
With high performance hardware and optimized underlying algorithms, NSFOCUS’s NTA has the capability of processing more than 80,000 transactions per second, satisfying the high-end requirements for traffic analysis at even the most extreme networks, such as those required by telecommunications and e-commerce firms. |
| Easy to set up and use |
Getting the system online is simple. During configuration, analysts only need to provide a list of IP address segments as options in from the route table; no manual addressing is required. Maintenance personnel can simply choose which IP address segments will be monitored from the list. Other similar automatic processes are also built-in to help with initial configuration, and ongoing fine-tuning is just as easy. |
|
| |
| Functions |
| Index |
Collapsar-NTA-SP2000 |
| Alert Monitor |
Display alert figures and events list in real time; alert details are displayed by clicking on it. |
| Traffic Analysis |
Monitor the current traffic in real time or give a time scope for replaying the history of the traffic; review network traffic from different perspectives such as network, router, port, subnet, and IP address group. |
| Device Monitor |
Monitor SNMP-collected information about the operation status of the device and about the port traffic, and the flow packet information received by traffic analysis from net element devices. |
| Statistic Report |
Allow users to choose which conditions, such as time scope, statistic cycle, report type, and report template from the interface to generate reports in a flexible way; reports are delivered in .rtf, .pdf, html, or .xls formats. |
| Route Analysis |
Get a clear picture of the stability and rationality of the router by analyzing information about the route and route table. |
| Operation Configuration |
Configure the operation parameters of the system, including device management, engine operation parameters, autonomy domain list, alert configuration, storage policy, traffic group, route parameter configuration, IP configuration detection, IP cluster configuration, application/port configuration, and ADS diversion configuration.. |
| System Management |
Manage the traffic analysis system itself, including user management, basic system information, network configuration, license management, and system upgrade. |
| Log Management |
Query and browse detailed information about logs. Logs are divided into two types: audit logs and diversion logs. Audit logs record history operations on the system; diversion logs record history diversion orders sent by the NTA device to an ADS device. |
|
|
|
|
Pre-Sale Consultation |
Contact NSFOCUS sales:
international-business@nsfocus.com
|
|
