Call a Specialist Today! 833-335-0427
Free Shipping! Free Shipping!

Allot Anomaly Detection

Distinguishing between legitimate and malicious traffic anomalies

When monitoring networks for traffic anomalies, it’s important to distinguish between legitimate traffic spikes and malicious attack. And when a bona fide attack is detected, it has to be surgically neutralized without blocking or limiting legitimate traffic flows. Our advanced anomaly detection technologies – Network Behavior Anomaly Detection (NBAD) and Host Behavior Anomaly Detection (HBAD) – help you do both.

Host Behavior Anomaly Detection (HBAD)

Our HBAD technology detects hosts or endpoints exhibiting symptoms of malware infection or abusive behavior. This is achieved by identifying abnormal levels of outbound connection activity, such as outgoing spam, and further categorized by matching to profiles of malicious connection patterns.

Our HBAD technology accurately detects a wide range of anomalous host behavior, including:

Our HBAD technology pinpoints anomalous behavior in 3-5 minutes. Once detected, it sends notifications, enabling you to block outgoing traffic and route the infected host to a captive portal for clean-up.

Network Behavior Anomaly Detection (NBAD)

Our NBAD technology identifies DDoS and other network flooding events by the anomalies they cause in the normally time-invariant behavior of “network ratios” or combinations of Layer 3 and 4 packet rate statistics. Packet filtering rules are obtained dynamically by searching deep into the captured DDoS packets for unique repeating patterns in each event. Optimal filtering accuracy is often achieved using the patterns detected in the Layer 2 to 4 headers and payload.

Our NBAD technology accurately detects a wide range of anomalous network behavior, including:

Our NBAD technology detects such anomalous network behavior in just 10-60 seconds. With a pattern creation time of 10-20 seconds, it notifies you and surgically mitigates network attacks in seconds. Alert notifications are provided by email, syslog and SNMP trap (v2c).