Cisco Catalyst 6500 Anomaly Guard Module WS-SVC-AGM-1-K9= 데이터 시트
제품 코드
WS-SVC-AGM-1-K9=
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 11
Cisco Anomaly Guard Module Benefits
Multistage Verification
The Cisco Anomaly Guard Module’s innovative blocking techniques are based on Cisco’s unique
multiverification process architecture, which delivers multiple interactive layers of defense to
identify and block all types of attacks with unparalleled accuracy. Integrated dynamic filtering and
active verification technologies, driven by a sophisticated profile-based anomaly recognition
engine, enable rapid, automatic protection against all types of assault—even day-zero attacks. The
Anomaly Guard Module performs detailed per-flow analysis and blocking to stop attack traffic with
surgical precision, while allowing legitimate transactions to flow freely.
The anomaly recognition engine uses a baseline of normal behavior that includes thorough per-
flow profiles to define the normal or expected behavior specific to each protected resource. If
desired, users may enhance highly accurate default profiles with automatic site-specific learning
that customizes the profile for individual devices or zones.
An additional rate-limiting feature provides a mitigation alternative to blocking, as well as protection
against flash floods. Static filters, comprehensive Flex filters based on the Berkeley Packet Filter
that allow the creation of a deep packet inspection filter, and bypass “whitelist” filters are also
available.
The Cisco Anomaly Guard Module also features “zombie killer” capabilities that defeat all types
and sizes of attacks, including those launched by compromised computers known as zombies—
one of the most prevalent and difficult-to-stop DDoS attack sources today. When deployed in a
clustered configuration, Anomaly Guard Modules can identify and block literally hundreds of
thousands of individual zombies, delivering unparalleled levels of protection for defeating the
largest botnet attacks.
Multigigabit Performance
The Cisco Anomaly Guard Module features dedicated network processors that support attack
analysis and cleaning at full gigabit line rates, defending against large-scale DDoS attacks,
including those launched by massively distributed attackers such as compromised zombie hosts.
With Cisco Anomaly Guard Module Software Release 5.1 or lower, each module has a
performance of 1 Gbps throughput. In Release 6.0, the Cisco Anomaly Guard Module will be able
to operate at 3 Gbps throughput. The higher performance is achieved by turning up additional
network processors on the module and can be enabled using a software license.
Multiple Cisco Anomaly Guard Modules can be installed in a single chassis to provide incremental
scaling of both packet-per-second rates and zombie defense capacities—sufficient for protecting
even the largest enterprise and service provider environments against the most serious threats.
These multiple modules can also be clustered to protect a single resource or zone without
requiring special load balancers.
Scaling to 10-Gigabit Plus Capacity
With Cisco Anomaly Guard Module Software Release 6.0, since each Cisco Anomaly Guard
Module can operate at 3 Gpbs, 10 gigabits plus performance can be achieved by clustering up to
four modules in a single chassis. See the performance metrics table below for more information.