Your First Line of Network Defense Against Cyber Threats

Allot ServiceProtector protects your data network against the increasing scale and complexity of inbound and outbound cyber attacks that are designed to flood your network and disrupt service availability. Mobile, fixed and cloud service providers around the world rely on Allot ServiceProtector to surgically mitigate volumetric DoS/DDoS attacks and neutralize outgoing threats before they are able to impact network service and business continuity.

Real-time DDoS Protection

Allot ServiceProtector helps you detect and surgically block Denial of Service (DoS/DDoS) attacks within seconds, before they are able to threaten or disrupt your network service. Allot inspects 100% of the traffic on your network to ensure that no threat goes undetected. Dynamic creation of filtering rules and surgical filtering of attack packets avoids over-blocking and allows legitimate traffic to flow unimpeded, keeping your business online and protected at all times.

Outgoing Threat Protection

Allot ServiceProtector automatically detects and blocks outgoing spam, worm propagation, and port scanning traffic generated by bot-infected users, so you can prevent DNS blacklisting and eliminate additional traffic load on your network. Allot identifies host infection and abusive behavior according to abnormal outbound connection activity and malicious connection patterns, enabling you to treat the root cause of the threat as well as the symptoms.

Click to hear the Light Reading panel on latest trends in the use of DDoS attacks and Advanced Persistent Threats (APT).

Allot ServiceProtector helps you:

  • Defend against the largest volumetric attacks with mitigation bandwidth of Terabits per second
  • Stop DDoS attacks at carrier backbone or network edge – far from your users
  • Mitigate inline without diverting massive data volumes to cloud scrubbing centers
  • Gain real-time visibility into attackers and their targets in your network
  • Detailed reporting and threat analytics from a central console
  • Treat the root cause of infected endpoints so they can be stopped without affecting others
  • Eliminate spammer abuse complaints and appearance on blacklists
  • Drive efficiencies with on-premise, cloud, or hybrid deployment
  • Lower operational overhead through automated mitigation of internal spammers
  • Accelerate ROI through full integration in Allot Service Gateway

Testimonial Quote

“When we are asked about how good the Allot DDoS product is, I point to the special folder in my email showing the number of DDoS alerts. As you can see, none of the alerts are read by me because we know Allot DDoS JUST WORKS. We are no longer a reactive support, it’s a self-healing self-defending network – thank you for an excellent product.”

-Telco Inabox, Australia

Threat protection at scale

DDoS Protection and Outgoing Threat Protection capabilities are delivered over Allot unified platforms for network security, optimization and service delivery – Allot Service Gateway and Allot NetEnforcer. Full line-rate 1GE/10GE/100GE permits deployment near IP core and Internet exchange points, providing fully automated and highly scalable detection and mitigation solutions to stop even the largest-scale DDoS attacks.

Accurate threat detection and surgical mitigation

Sophisticated NBAD/HBAD anomaly detection and analysis technologies are engineered to identify any number and complexity of DDoS attacks in real-time, and to surgically filter only the malicious traffic. Unlike solutions that “sample” captured packets and flow data, Allot collects and analyzes all anomalous packets and metadata in real-time to ensure accuracy and robustness.

Threat visibility and reporting

Real-time alerts notify you when a threat is detected and when it has been mitigated. Detailed and customizable attack-mitigation logs, event analytics, host infection analytics, and trend/distribution reports support your security planning, threat management and operational decisions. A unified management console monitors network and user activity and manages threat protection across your entire network.

Reliable performance

Passively captured traffic adds no latency and no point of failure to the network, so applications continue to perform even during an attack.

Fortify existing security layers

Optional interfaces integrate with third-party networking devices for attack mitigation:  BGP Blackhole Mitigation and ACLs including SNORT, TCPDUMP, IPTABLES, Cisco ACL, Cisco PIX, JUNOS 9.4, and Huawei.

Flexible deployment

Allot ServiceProtector supports on-premise, cloud, hybrid, and virtual deployments so you get the security solution that best fits your network and efficiency requirements.

ServiceProtector Specifications (rev.6)

Allot supports on-premise, cloud, and hybrid deployments so you get the security solution that best fits your network and efficiency requirements. The Allot ServiceProtector system comprises sensors that are fully integrated in Allot Service Gateway and Allot NetEnforcer platforms deployed at critical access points to your network, and a central controller, which may be deployed on premise or in the cloud. Allot ServiceProtector is also available in a Virtual Edition for deployment in virtualized network environments.

Detection and Mitigation  
Inbound Threat ProtectionOutbound Threat Protection
TechnologiesNetwork Behavior Anomaly Detection (NBAD)Host Behavior Anomaly Detection (HBAD)
ApproachTraffic meta data from inline monitoring collected directly from the network
Depth of Traffic InspectionModeling: Layer 3 and 4 packet headers are inspected to build HBAD flow data or NBAD network statistics
Evidence/Analysis: Entire packet header and payload; 500 packets per automatic capture
Supported NetworksEthernet, VLAN, MPLS, L2TP
Types of Events·         High packet rate·         Address scan
·         Small packet size or large packet size Fan-in or DDoS (many IPs to one IP); Fan-out (one IP to many IPs); Swarms (many IPs to many IPs);·         Port scan
·         DoS (one IP to one IP)·         Flow bomb (bombarding the same target IP and port with a high number of flows)
·         TCP based (SYN, FIN, ACK, RST, invalid flag combinations)·         Mass SMTP (address scanning or flow bombs to 25/TCP)
·         UDP based·         Mass DNS (address scanning or flow bombs to 53/UDP)
·         ICMP (including echo request, echo reply, unreachable)
·         Other (non-TCP, UDP or ICMP)
·         Involving fragmented packets, truncated or malformed packets
Detection Time (typical)10-60 seconds3-5 minutes
Pattern Creation Time (typical)10-20 secondsNot applicable
Alert/NotificationEmail, syslog, SNMP trap (v2c)
Dynamic Surgical Packet Filtering
Approach·         Filtering rules are obtained dynamically per event by searching deep into captured DDoS packets for unique repeating patterns·         Notification to user via HTTP redirection on Allot Service Gateway and Allot NetEnforcer platforms and/or by triggering existing notification mechanisms (such as email or SMS)
·         Optimum filtering accuracy may be achieved by using patterns found in the Layer 2 to 4 headers and payload·         Per-subscriber traffic management by rate-limiting or blocking specific services (such as 25/TCP to prevent propagation of spam)
·         Filtering is enforced in-line, before further traffic management policy·         Per-subscriber solutions require Allot Subscriber Management Platform
Allot Device/Platform CompatibilityAvailable on Allot Service Gateway and Allot NetEnforcer platformsIntegrated with Allot SMP for per subscriber enforcement actions
Third-party CompatibilityFilter recommendations provided in the following formats: SNORT, TCPDUMP, IPTABLES, Cisco ACL (IOS 12.4), Cisco PIX, JUNOS 9.4, Huawei (CX200D), Fortinet 2.80. No device integration.Redback BRAS
ServiceProtector Controller
Available as appliance and in virtual edition
Capacity per Controller
Sensors per Controller32 (maximum)
Sensor-Groups400 (maximum)
Management Interface
Traffic Encryption and Firewall Requirements·         User to SP-Controller: HTTPS and SSH
·         SP-Controller to Sensor: IPSec
See Allot ServiceProtector Installation and Admin Guide for firewall configuration requirements.
Management Traffic100-500kbps (varies according to number of Groups, anomalies and packet size)
Allot ServiceProtector-VEVirtual Edition designed for Controller deployment in cloud and NFV environments.

Real-time DDoS Mitigation

Protect cloud data centers and other network resources from volumetric and stealthy attacks so you can:

  • Assure data center availability and efficiency
  • Meet cloud service SLAs and minimize risk of outages
  • Gain visibility of attackers and their targets in your cloud



Blacklist Avoidance

Automatically detect internal spammers on your network, isolate them and filter their outgoing spam traffic, so you can:

  • Get off and stay off spammer blacklists
  • Reduce complaints from other operators
  • Avoid unnecessary investment in content-based anti-spam solutions



Real-time Bot Containment

Stop outgoing spam and IP scanning traffic from eating up valuable bandwidth and pinpoint infected endpoints that require cleanup, so you can:

  • Protect network performance and integrity
  • Ensure business productivity by treating bot infections at the source
  • Reduce help desk time spent on problems from malware