Cisco Cisco Traffic Anomaly Detector XT 5600A Scheda Tecnica
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 6
KEY FEATURES AND BENEFITS
Recognition and Learning
The Cisco Traffic Anomaly Detector XT resides off the critical path to monitor mirrored traffic flows at full gigabit line rates, building detailed
profiles of “normal” behavior for each protected device without consuming valuable switch or router resources.
Using sophisticated behavior-based anomaly detection technology, the Cisco Traffic Anomaly Detector XT will detect any activity that deviates
from those profiles at both global and granular session levels, enabling highly accurate identification of all types of known and Day Zero
attacks. Granular, per-connection state analysis of all packets enable fast and thorough detection and identification of the most elusive and
sophisticated attacks—from subtle, low-rate server resource exhaustion attacks to large-scale attacks launched by hundreds of thousands of
distributed zombies.
The Traffic Anomaly Detector XT also includes a behavioral recognition engine that eliminates the need to continually update profiles, and
reduces the large number of alerts and false positives common with static signature-based approaches. In addition, the Cisco Traffic Anomaly
Detector XT comes preconfigured with default profiles for immediate operation out of the box; automated learning allows users to create
specific tuning recommendations that can be reviewed by the operator.
Finally, session-state context recognizes validated session traffic and identifies session-abusive attacks to provide additional protection against
malicious activity.
High Performance
The high-performance Cisco Traffic Anomaly Detector XT monitors attack flows at full gigabit line rates—enough to identify more than
100,000 sources per device in a single attack, providing robust protection for large, high-volume environments against distributed attacks.
In addition, multistage analysis of fully mirrored traffic delivers fast recognition of even the most stealthy low-rate attacks. To provide the
greatest possible protection, the Cisco Traffic Anomaly Detector XT can be deployed downstream—close to protected resources in the data
center, or upstream—adjacent to a Cisco Guard XT for more widespread coverage.
Reporting and Management
The Cisco Traffic Anomaly Detector XT uses a Web-based graphical user interface (GUI) that displays information in a simple, intuitive
manner, dramatically simplifying configuration, operation, and attack identification and analysis.
Multiple real-time and historical reporting levels provide network operators, security administrators, and clients with detailed information to
assist in attack detection, policy setting, and mitigation. Report statistics can also be exported to text files for back-end customization or for
later review.
The Cisco Traffic Anomaly Detector XT can also be configured to proactively send alerts to network operators and to the Cisco Guard XT to
initiate rapid response to attack conditions, including automated mitigation services to quickly thwart the attack. A Simple Network
Management Protocol (SNMP) management information base (MIB) also makes all device-, protected zone-, and attack-level statistics
available to standards-based management systems.
SUMMARY
Designed for large hosting centers and online enterprises, the Cisco Traffic Anomaly Detector XT combines with the Cisco Guard XT DDoS
Mitigation Appliance to provide a security solution that can help ensure uninterrupted business operations, even in the face of the most
malicious assaults. For users, that translates into a significant competitive advantage as it can help ensure uncompromised availability and
unparalleled protection of valuable business assets.