Spectrum ENTERPRISE DDoS Protection Service User Guide
- June 20, 2024
- SPECTRUM ENTERPRISE
Table of Contents
- Spectrum ENTERPRISE DDoS Protection Service
- Spectrum Enterprise DDoS Protection service
- Threat Mitigation System (TMS) summary dashboard
- Rate of traffic passed and dropped by TMS over time
- Number of mitigations over time
- Total number of mitigations
- DDoS alert summary
- Rate of DoS alert traffic over time
- Number of DoS alerts over time
- Total number of DoS alerts
- Peers summary
- Read User Manual Online (PDF format)
- Download This Manual (PDF format)
Spectrum ENTERPRISE DDoS Protection Service
Spectrum Enterprise DDoS Protection service
Spectrum Enterprise monitors internet traffic for DDoS events by polling data
samples at regular intervals and measuring the data volume against predefined
thresholds based on a client’s normal traffic patterns. These thresholds are
defined during the service activation process.
When a client’s traffic patterns exceed the predefined threshold, the Spectrum
Enterprise DDoS Protection platform will trigger an alert of a potential DDoS
event and categorize the event as high, medium, or low based on the severity
of the event. DDoS mitigation is performed on high alerts and initiated based
on the clients’ subscription type.
- Proactive subscription – When a high alert is detected, Spectrum Enterprise will automatically begin DDoS Protection. Clients will receive a notification that the DDoS Protection has begun and a second notification when the DDoS Protection has ended.
- Reactive subscription – When a high alert is detected, Spectrum Enterprise will notify the client of a potential DDoS event. Clients will need to contact Spectrum Enterprise to begin DDoS Protection. Clients will receive a second notification when the DDoS Protection has ended.
NOTE : Clients without any DDoS events detected or mitigated during the 28-day period will have no data in the summary dashboards and/or graphs.
Threat Mitigation System (TMS) summary dashboard
The TMS summary dashboard provides statistics on the DDoS Protection performed by the Spectrum Enterprise DDoS Protection platform within the last 28 days and a measurement against the previous 28 days.
- Number of TMS – Count of DDoS events that required mitigation.
- The volume of traffic passed by TMS – Amount of traffic analyzed for DDoS events. This will be equal to or less than the bandwidth of the circuit being monitored for DDoS activity.
- The volume of traffic dropped by TMS – Amount of DDoS traffic that was identified and scrubbed by Spectrum Enterprise DDoS Protection.
- Volume of largest TMS mitigation – Size of the largest DDoS Protection event.
- Rate of largest TMS mitigation – Speed of the largest DDoS Protection event.
- Duration of longest TMS mitigation – Mitigation time of longest DDoS Protection event.
Rate of traffic passed and dropped by TMS over time
The rate of traffic / passed over time graph shows the traffic passed (green) and dropped (red) over the previous 28 days. Spikes in traffic (red) indicate when a DDoS event occurred.
The largest spike in this graph will correlate to the volume of traffic dropped by TMS in the TMS summary dashboard.
Number of mitigations over time
The mitigations over time graph indicates the type (manual or auto) of mitigation that occurred over the previous 28 days.
- Clients with proactive DDoS subscriptions will only have manual mitigation data if the client requested DDoS Protection.
- Clients with reactive DDoS will not have any auto-mitigation data.
Total number of mitigations
The mitigations over time graph will display the total number of auto and manual mitigations over the previous 28 days. This should correlate to the number of mitigations displayed in the TMS mitigation summary dashboard.
- Blackhole is a counter mechanism used to mitigate a DDoS attack where all traffic (malicious and legitimate) is dropped without informing the source that the data did not reach the intended recipient. Since suspicious traffic is only blackholed at the Spectrum Enterprise core/edge and never routed across a client’s FIA circuit, this measurement will never display any data.
- Clients with proactive DDoS Protection subscriptions will only have manual mitigation data if the client requested DDoS Protection.
- Clients with reactive DDoS Protection will not have any auto-mitigation data.
- Flowspec is a sample of the client’s data that is collected and polled at regular intervals to monitor for potential DDoS activity. If DDoS activity is suspected through the flowspec monitoring, the flowspec data sample will be mitigated with all of the traffic on the client’s monitored circuit.
DDoS alert summary
The DDoS alert summary dashboard provides statistics on DDoS alerts that were triggered by events within the monitored traffic within the last 28 days, as well as a measurement against the previous 28 days.
- Number of DDoS alerts – Count of all DDoS event that triggered DDoS alerts.
- Volume of DDoS alert traffic – Amount of DDoS alerts over the past 28 days.
- Volume of largest DDoS alert – Size of the largest DDoS alert.
- Rate of largest DDoS alert – Speed of the largest DDoS alert.
- Duration of longest DDoS aler t – Longest DDoS alert (will be equal to longest DDoS mitigation).
Rate of DoS alert traffic over time
The rate of DoS alert traffic over time graph displays the rate of traffic that triggered any DDoS alert (high, medium, or low) over the previous 28 days. Spikes in traffic rates indicate a potential DDoS attack.
Number of DoS alerts over time
The number of DoS alerts over time graph displays the number of high, medium, and low alerts that were triggered over the previous 28 days.
Clients are notified only when a high alert is detected. High alerts are considered business impacting. Medium / low alerts are monitored by Spectrum Enterprise, but clients are not notified of an event until the volume or duration of the event is high enough to impact access to business resources.
Total number of DoS alerts
The total number of DoS alerts graph displays the quantity of alerts for each alert type (high, medium, or low) as well as the quantity of each alert type that was mitigated or unmitigated.
Peers summary
- The peers summary graph is a visual display of the top 5 traffic types traversing the service monitored for DDoS activity.
- The peers activity table displays the top 5 traffic types and volumes traversing the service monitored for DDoS activity.
About Spectrum Enterprise
Spectrum Enterprise, a part of Charter Communications, Inc., is a national
provider of scalable, fiber technology solutions serving many of America’s
largest businesses and communications service providers. The broad Spectrum
Enterprise portfolio includes networking and managed services solutions:
Internet access, Ethernet access and networks, and Voice and TV solutions. The
Spectrum Enterprise team of experts works closely with clients to achieve
greater business success by providing solutions designed to meet their
evolving needs. For more information, visit
enterprise.spectrum.com.
©2024 Charter Communications. All rights reserved. Spectrum Enterprise is a trademark of Charter Communications. All other logos, marks, designs, and otherwise are the trademarks and intellectual property of their respective third-party owners. Not all products, pricing and services are available in all areas. Pricing and actual speeds may vary. Restrictions may apply. Subject to change without notice.
Read User Manual Online (PDF format)
Read User Manual Online (PDF format) >>