Network-as-a-Sensor: A New Approach to the DDoS Problem


Mike Geller from Cisco’s CTO office and Ehud Doron of Radware’s CTO office presented at Cisco Live Berlin 2016 the revolutionary concept of Network-as-a-Sensor to fight DDoS attacks.

There are two approaches to detect against DDoS attacks: on-premise (also sometimes called in-line) and Cloud (out of path). When a DDoS protection solution is deployed on-premise, organizations benefit from an immediate and automatic attack detection and DDoS mitigation solution. Within seconds from the start of an attack, the online services are well protected and the attack is mitigated.

However, on-premise DDoS solutions cannot handle volumetric network floods that saturate the Internet pipe of the enterprise. Cloud solutions require the deployment of an overlay infrastructure that collects network statistics from various end points and redirects customer traffic to scrubbing centers for attack cleansing. Cloud DDoS protection solutions can remove volumetric attacks; however, they lack visibility into application level attacks, low and slow DDoS attacks, and encrypted attacks.

Network-as-a-Sensor:  Extend Attack Detection to SMEs

At Cisco Live Berlin, Mike Geller and Ehud Doron presented at DevNet a new approach: Network-as-a-Sensor.

This approach is designed for small to medium enterprises (SMEs), which are, eventually, the mass market. Today, SMEs are forced to use cloud solutions because on-premise solution costs are too high. With this new approach DefenseFlow DDoS defense software is installed on existing routing solution (in the case of the DevNet session – Cisco ISR) and it acts as a virtual behavioral detection sensor.

[You might also like: Cloud-Based or Provider-Managed DDoS Mitigation – Which One is Right For Your Organization?]

DefenseFlow client signals attack information (rather than network statistics) to a central automated cyber incidents response server (DefenseFlow Server) using DOTS (DDoS Open Threat Signaling) protocol. DefenseFlow server automates the attack life-cycle workflow including traffic redirection to the scrubbing center and forwarding the clean traffic to its original destination.

The above solution has also been demonstrated with an end-to-end attack detection and mitigation life cycle.

What is the value proposition?

  • Network-as-a-Sensor approach recruits existing network infrastructure and router resources to act as attack detectors.
  • You gain cloud DDoS mitigation solution with the performance of an in-line (on-premise) solution characteristic.  A very short time to detect of less than 10 seconds!
  • Simplicity, flexibility and scalability in an IETF DOTS ready architecture.

Our team will be at Cisco Live Berlin this week at Booth G3.  Stop by and learn more about the flexibility and scalability of our security solutions and how they can help your SME.


Download Radware’s DDoS Handbook to get expert advice, actionable tools and tips to help detect and stop DDoS attacks.

Download Now


  1. […] Protecting yourself from a DDoS attack is crucial for online services—going down due to an attack can not only be bad for your data, but also for your business’ visibility and brand.  Taking the necessary steps to be proactive about DDoS attacks can go a long way in saving you some stress and frustration.  Setting up a firewall that alerts you of any potential intrusions, network monitoring and managed services can be a great deterrent or prevent some cyberthreats. […]


Please enter your comment!
Please enter your name here