Our new FlowTraq release (version Q1 2016) is updated with many improvements to reporting, alerting, and DDoS mitigation options, all features inspired by direct feedback from our existing users. This release supports easy creation of security event management reports, addition of notes to security events, manual approval or removal of mitigation actions, and null-routing/blackhole-routing of IPs under DDoS attack. Read the details below and contact us at firstname.lastname@example.org if you want to see a demo before you download the update.
Report on all or any subset of your alerts. You can now quickly generate a printable report on your alerts, including summary and averages information, as well as pie charts for Alerts by Partition, Traffic Groups, Severity and Types of Alerts. The selection of the alert and the time range to include use the existing filtering system, so your reports can be customized to your liking. The reports are printer-friendly and a direct link to the reports can be emailed for convenient sharing. Exporting to CSV has become an option for custom processing of alert data.
A host of improvements to the alerting system is included as well; you can now add notes and annotate an alert, including using @style addressing and filtering. For example, adding @soc to the alerts note field provides an @soc filter choice on the Alerts page. You can also filter on Notes > Annotated to see all alerts with notes. Alerts detail is also improved, featuring a printer-friendly alert format, and direct links to individual alerts makes it easier to email and export the details of each security event.
To improve operator control of plugin/mitigation actions, we added the ability to place actions “on hold” as an initial state. This allows the mitigation action to be queued up, but not taken, until the operator decides the action is approved. This allows for a progressive mitigation scenario where lower-volume DDoS attacks require operator intervention, while higher-volume DDoS attacks are automatically remediated. It is also possible to revoke plugin actions, and restart cancelled plugin actions.
Alert emails now support most types of email servers and authentication methods. More detailed information is sent in every email, including a URL that gives the operator a quick link back to the alert in FlowTraq.
A free BGP null-route plugin is now available that offers a lower-cost alternative for mitigating inbound DDoS attacks. Especially in data center and ISP environments, the best DDoS defense often is simply removing the target IP from the routed space, allowing traffic to other customers to continue without interruption.
We have also added a new policy detection type for inbound packet rates on any port. The typical scenario allows the operator to set lower, generic trigger points, whitelisting only those service ports that are known to be in common use.
Finally, we added performance and usability improvements to many parts of the FlowTraq user interface.
Want to try a demo before you upgrade? Contact us today at email@example.com.