Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
2
Replies

NIPS <> Guard & Anomaly Detector

Iselator71
Level 1
Level 1

‎03-23-2009 08:04 AM - edited ‎03-09-2019 10:09 PM

I'm looking for a comparison of Cisco IPS versus Guard & Anomaly Detector in order to find out which solutions offers which benefits to protect against DDoS attacks from the Internet and where which solution has shortcomings. If I have the guard and detector do I still need NIPS and vice versa.

Thanks

Labels:
0 Helpful
2 Replies 2

Not applicable

‎03-27-2009 08:31 AM

The Guard is an active DDoS attack mitigation device that protects the zone against DDoS attacks. The Guard receives traffic that is diverted from the attacked zones and inspects the diverted traffic to identify and separate malicious flows from legitimate transactions. The Guard removes specific attack packets and forwards legitimate traffic packets to their targeted destination, helping to ensure that real users and real transactions get through.

Typically, you deploy the Guard in a distributed upstream configuration at the backbone level. When the Guard receives an external indication of an attack, such as from a Detector, it diverts only the traffic of the attacked zone to itself. Any traffic destined for other zones not under attack continues to flow to their destinations without being diverted to the Guard. The Guard analyzes the packets, removes the DDoS components, and allows only clean traffic packets to continue on to the intended zone. During the attack, the Guard constantly filters the traffic and adjusts the attack mitigation process as the attack evolves.

The Guard uses the following features to manage zone traffic:

•A traffic diversion process that diverts the zone traffic to the Guard for learning purposes, protects against DDoS attacks, and injects legitimate traffic back into the network.

•An algorithm-based learning process that can learn the characteristics of normal zone traffic and customize the zone protection capabilities. This process provides the Guard with traffic reference points and protection instructions in the form of zone policies and policy thresholds.

•Protection processes that can distinguish between legitimate and malicious traffic. The protection processes filter the malicious traffic so that only the legitimate traffic can pass through to the zone.

These components enable the Guard to assume its protective role when there is an attack but allows the Guard to remain unobtrusively in the background when there is no attack. When there are no suspected attacks, you do not need to activate the diversion process, and the Guard does not see the traffic.

0 Helpful

Iselator71
Level 1
Level 1
In response to

‎04-01-2009 02:12 AM

Thanks for the additional information. What I'm looking for is how I can persuade my customer to buy the guard/detector in addition to the NIPS. The NIPS seems to be quite effective to limit DDoS attacks, so why would I still want to have the guard/detector?

0 Helpful
Customers Also Viewed These Support Documents