Network-as-a-Sensor: A New Approach to the DDoS Problem

Mike Geller from Cisco’s CTO office and Ehud Doron of Radware’s CTO office presented at Cisco Live Berlin 2016 the revolutionary concept of Network-as-a-Sensor to fight DDoS attacks.

There are two approaches to detect against DDoS attacks: on-premise (also sometimes called in-line) and Cloud (out of path). When a DDoS protection solution is deployed on-premise, organizations benefit from an immediate and automatic attack detection and DDoS mitigation solution. Within seconds from the start of an attack, the online services are well protected and the attack is mitigated.

However, on-premise DDoS solutions cannot handle volumetric network floods that saturate the Internet pipe of the enterprise. Cloud solutions require the deployment of an overlay infrastructure that collects network statistics from various end points and redirects customer traffic to scrubbing centers for attack cleansing. Cloud DDoS protection solutions can remove volumetric attacks; however, they lack visibility into application level attacks, low and slow DDoS attacks, and encrypted attacks.

Network-as-a-Sensor:  Extend Attack Detection to SMEs

At Cisco Live Berlin, Mike Geller and Ehud Doron presented at DevNet a new approach: Network-as-a-Sensor.

This approach is designed for small to medium enterprises (SMEs), which are, eventually, the mass market. Today, SMEs are forced to use cloud solutions because on-premise solution costs are too high. With this new approach DefenseFlow DDoS defense software is installed on existing routing solution (in the case of the DevNet session – Cisco ISR) and it acts as a virtual behavioral detection sensor.

[You might also like: Cloud-Based or Provider-Managed DDoS Mitigation – Which One is Right For Your Organization?]

DefenseFlow client signals attack information (rather than network statistics) to a central automated cyber incidents response server (DefenseFlow Server) using DOTS (DDoS Open Threat Signaling) protocol. DefenseFlow server automates the attack life-cycle workflow including traffic redirection to the scrubbing center and forwarding the clean traffic to its original destination.

The above solution has also been demonstrated with an end-to-end attack detection and mitigation life cycle.

What is the value proposition?

  • Network-as-a-Sensor approach recruits existing network infrastructure and router resources to act as attack detectors.
  • You gain cloud DDoS mitigation solution with the performance of an in-line (on-premise) solution characteristic.  A very short time to detect of less than 10 seconds!
  • Simplicity, flexibility and scalability in an IETF DOTS ready architecture.

Our team will be at Cisco Live Berlin this week at Booth G3.  Stop by and learn more about the flexibility and scalability of our security solutions and how they can help your SME.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now

Ron Meyran

Ron Meyran leads the marketing activities, partner strategy and Go-to-Market plans for Radware’s alliance and application partners. He also works to develop joint solutions that add value proposition and help drive sales initiatives – designed to increase visibility and lead generation. Mr. Meyran is a security and SDN industry expert who represents Radware at various industry events and training sessions. His thought leadership and opinion pieces have been widely published in leading IT & security industry magazines and he holds a B.Sc. degree in Electrical Engineering from Ben-Gurion University and a MBA from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program


An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center