Sandvine Network Security
Sandvine’s Network Security product delivers carrier-grade protection of subscribers and network resources at scale, with the flexibility to be deployed as a virtualized system, and advanced network threat deception capabilities that materially increase the costs of malicious network activities for the actor making an attack on the network or subscribers less economically feasible.
With capabilities delivered through three unique feature sets: Network Protection, Subscriber Protection, and Web Content Intelligence, Sandvine’s Network Security product enables communications service providers (CSPs) to address a wide array of network threats, infections, and vulnerabilities.
Sandvine’s traffic classification technology emphasizes zero false positives to ensure no harmful impact to the network or users when you enable mitigation/defenses.
Asymmetry Aware Detection
Detects attacks in networks where asymmetric traffic is prevalent; when the inbound traffic is seen by one Policy Traffic Switch (PTS) element, and the outbound traffic is handled by another Policy Traffic Switch (PTS) element.
Attack Traffic Protection
Provides protection for single-origin or distributed denial of service attacks: SYN flood, flow flood, bandwidth flood, fragmented SYN, and reflector attack detection and mitigation.
Detects threats based on traffic behaviors, and is not reliant on specific attack signatures (so the network is always protected against zero-day attacks).
Network Security is specifically designed to perform in carrier-grade environments, and can handle large-volume attacks greater than 1 terabit per second; since the Sandvine platform scales to support the world’s largest networks, your network-based filtering works no matter your bandwidth volume.
CSP-Defined Filtering Lists
Define your own white/black/grey lists of up to 150 million URLs, depending on your network’s unique requirements.
EMS / NMS Alarms
Trigger SNMP alarms based on detections that alert an EMS or NMS systems (as well as the operator) to a network threat.
Network-Based Filtering / Defense
Since content filtering and threat mitigation actions are performed in the network, without any dependency on client device, software, or operating system, they are very difficult to bypass.
Network Processing Unit (NPU) Mitigation
Sandvine delivers detection and mitigation at the hardware level using the Network Processing Unit (NPU) for large scale, volumetric attacks beyond 400Gbps.