
Data Sheet
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 11
Anomaly Guard Module uses advanced anomaly recognition capabilities to dynamically apply
integrated source verification and antispoofing technologies in conjunction with high-performance
filtering to identify and block individual attack flows while allowing legitimate transactions to pass
(Figure 2). Combined with an intuitive, graphical interface and extensive multilevel monitoring and
reporting designed to provide a comprehensive overview of all attack activity, the Cisco Anomaly
Guard Module delivers the most comprehensive DDoS defense for protecting business operations.
Figure 2. The Cisco Anomaly Guard Module Multiverification Process Architecture
How It Works
The Cisco Anomaly Guard Module is just one part of a complete detection and mitigation solution
from Cisco that protects large enterprises, government agencies, hosting centers, and service
providers from DDoS attacks. The Cisco Anomaly Guard Module provides a powerful, scalable
solution that enables hosting and service providers to deliver valuable managed DDoS protection
services to their subscribers. Working with the Cisco Traffic Anomaly Detector Module (or other
third-party alerting systems that detect the presence of DDoS attacks), the Anomaly Guard Module
performs the detailed per-flow-level attack analysis, identification, and mitigation services required
to prevent attacks from disrupting network and data center operations.
When the Cisco Traffic Anomaly Detector Module identifies a potential attack, it alerts the Cisco
Anomaly Guard Module to begin dynamic diversion, which redirects traffic destined for the targeted
resources—and only that traffic—for inspection and scrubbing. All other traffic continues to flow
directly to its intended destination, delivering a low-impact, highly reliable, and economical solution
that offers easy installation.
Diverted traffic is rerouted through the Cisco Anomaly Guard Module, where it is subjected to
multiple layers of scrutiny to identify and separate “bad” flows from legitimate transactions. Specific
attack packets are identified and removed, while “good” traffic is forwarded to its original
destination, helping to ensure that real users and real transactions always get through, and
providing maximum availability.
Komentáře k této Příručce