DDoS Mitigation

Have a question ?
Contact Us

Download Document



E-CQURITY DDoS Sensor is an advanced Linux system based on multiple open source and proprietary technologies to provide traffic monitoring, accounting, and analysis for both incoming and outgoing traffic. The traffic can be captured via the following methods: SPAN Port, NetFlow, sFlow, NetStream and In-line Deployment. The system is capable of continuously monitoring hundreds of thousands of IP addresses.
Our Hardware Sensor design with a High Availability concept. We support RAID, Redundancy PSU, and HA unit. HA unit will increase your DDoS stability up to 99.99%. This depends on your requirement and services scope.


The Traffic Filter component is designed to protect organizations from both internal and external threats such as botnet-based attacks, zero-day worm, and virus outbreaks. The Filter includes several sophisticated algorithms and technologies that are able to detect, divert, analyze, and drop the malicious traffic.
Our filter also fully support RAID, Redundancy PSU and HA unit.

High Availability Concept

Sensor Y Y Y* Y*
Filter Y Y Y Y


Deployment Architecture Diversion Mode Inline Mode
ECQ Sensor ECQ Filter ECQ Sensor + Filter (Combine)
Traffic Capturing Technology Port Mirroring, Network TAP NetFlow? or NetStream? v.5 enabled network devices In-line Deployment
Maximum Traffic Capacity 10 GigE , > 150,000 endpoints 10 GigE, < 100,000 endpoints GigE, < 100,000 endpoints
Traffic Parameters Accuracy Highest ( 5 seconds averages ) High (< flow export time + 5 seconds) Highest ( 5 seconds averages )
Traffic Validation Options IP Subnets, MAC addresses, VLANs IP Subnets, Interfaces, AS Number IP Subnets, MAC addresses, VLANs
High Availabilitye *Redundancy Power Supply Unit, RAID 1,5,10 Hardware bypass Feature, *HA units
Respond Email with customize template
Syslog Msg Support syslog msg to remote server
BGP announcements Yes No
Execute custom script Yes No
Non-disruptive Yes No
REMARK: Optional depend on contract and services agreement

While both of the aforementioned DDoS Protection deployments would work and help organizations increase availability for their IT systems, it is important to note the difference between each of the deployment options.

Inline mode provides the quickest deployment time and can help detect and stop DDoS traffic within 10 seconds or less. However, organizations will experience a temporary short downtime during the deployment. Moreover, a single deployment of an inline protection mode will make it become a single point of failure and thus it is important that organizations must have an additional inline deployment that works as a Failover unit in the event the main unit goes down.

DDoS Diversion mode can take time to deploy due to the need of BGP configuration on the edge router from the upstream provider.