Protect service uptime and application performance

Cyber threats abound and are increasingly aimed at service provider, cloud, and enterprise resources. Allot ServiceProtector protects the availability and performance of your network services and resources by providing a first line of defense against Denial of Service (DoS/DDoS) and Zero-Day attacks. It also prevents outgoing spam and other bot infections from blacklisting your network and eating up valuable bandwidth.

Stop DDoS attacks in their tracks

Using advanced Network Behavior Anomaly Detection (NBAD) technology, Allot identifies DDoS and other volumetric attacks by the traffic anomalies they cause. Within seconds, Allot ServiceProtector performs fast, surgical mitigation filtering malicious traffic while allowing legitimate traffic to flow unimpeded – keeping your business online and protected at all times.

Filter outgoing spam and contain bots

Using advanced Host Behavior Anomaly Detection (HBAD) technology, Allot ServiceProtector detects internal spammers and stops outgoing spam emails from reaching the Internet or email platform. As a result, you can prevent network blacklisting and eliminate additional load on the network from IP scanning and other bot activity. Through real-time notification and redirection of users to a “cleanup” portal, Allot ServiceProtector helps you treat the root cause of outgoing spam as well as the symptoms.

Allot ServiceProtector helps you:

  • Establish a first line of defense against cyber attacks
  • Stop DDoS volumetric and stealthy attacks at the carrier backbone or network edge – far from your customers and eliminate the need to divert massive data volumes to scrubbing centers
  • Maximize service uptime and ensure performance of critical business applications
  • Gain visibility into attackers and their targets in your network
  • Reduce spammer abuse complaints and appearance on blacklists
  • Reduce time spent by helpdesk and engineering on problems from outbound spam
  • Lower operational overhead through automated mitigation of internal spammers
  • Treat the root cause of infected endpoints so they can be stopped without affecting other users

Contact to discover how Allot ServiceProtector can secure service uptime and application performance in your network.

Automated protection at scale

DDoS Protection and Outgoing Spam Filter capabilities are delivered over Allot’s unified platforms for network security, optimization and service delivery – Allot Service Gateway and Allot NetEnforcer. Full line-rate 1GE/10GE/100GE permits deployment near IP core and Internet exchange points, providing fully automated and highly scalable detection and mitigation solutions to stop even the largest-scale DDoS attacks.

Accurate detection and surgical mitigation

Advanced anomaly detection and analysis technologies are engineered to identify any number and complexity of DDoS attacks in real-time, and to surgically filter malicious traffic. Unlike solutions that “sample” captured packets and flow data, Allot collects and analyzes all anomalous packets and metadata to ensure accuracy and robustness.

Reliable performance

Passively captured traffic adds no latency and no point of failure to the network, so applications continue to perform even during an attack.

Real-time visibility of attack events

Visibility and reporting of attack detection and mitigation events include real-time notification and anomaly details showing the attack signature, IP source address, duration, destination, and mitigation filter.

Fortify existing security layers

Protect your network from the damage caused by outgoing spam in addition to commercial anti-spam solutions that are designed to block incoming spam.

Treat the root cause of outbound spam

Allot HBAD technology pinpoints malware-infected endpoints so you can effectively control outbound spam, especially in consumer environments with dynamic IP allocation and Bring Your Own Device (BYOD), where safe Internet usage practices cannot be enforced.

The Allot ServiceProtector system consists of hardware and software components. The components are: (a) the central management appliance called Allot ServiceProtector Controller, and (b) license-activated functionality embedded in Allot Service Gateway platforms and Allot NetEnforcer devices. Embedded functionality includes detection (ServiceProtector Sensor) and dynamic surgical packet filtering (ServiceProtector NBAD Mitigation).


  DDoS/Network Flood Attack Infected/Abusive Behavior
Approach Network-based monitoring; traffic meta data collected directly from the network
Technologies Network Behavior Anomaly Detection (NBAD) Host Behavior Anomaly Detection (HBAD)
Depth of Traffic Inspection Modeling: Layer 3 and 4 packet headers are inspected to build HBAD flow data or NBAD network statisticsEvidence/Analysis: Entire packet header and payload; 500 packets per automatic capture; Maximum of 25,000 packets for manual captures (evidential captures and manual capture not available for Integrated Sensors (AOS) versions AOS12.x and above)
Supported Networks Ethernet, VLAN, MPLS, L2TP, IPv4
Types of Events
  • High packet rate
  • Small packet size or large packet size
  • Fan-in or DDoS (many IPs to one IP);

Fan-out (one IP to many IPs); Swarms (many IPs to many IPs); DoS (one IP to one IP)

  • TCP based (SYN, FIN, ACK, RST, invalid flag combinations)
  • UDP based
  • ICMP (including echo request, echo reply, unreachable)
  • Other (non-TCP, UDP or ICMP)
  • Involving fragmented packets, truncated or malformed packets
  • Address scan
  • Port scan
  • Flow bomb (bombarding the same target IP and port with a high number of flows)
  • Mass SMTP (address scanning or flow bombs to 25/TCP)
  • Mass DNS (address scanning or flow bombs to 53/UDP)
Detection Time (typical) 10-60 seconds 3-5 minutes
Pattern Creation Time (typical) 10-20 seconds Not applicable
Alert/Notification Email, syslog, SNMP trap (v2c)
Enforcement Action
  • Traffic filtering using Allot Deep Packet Signatures (ADPS)
  • Filtering occurs in-line and before further policy and bandwidth management
  • Notification of subscriber/user via HTTP redirection on Allot NetEnforcer device or Allot Service Gateway platform and/or by triggering existing notification mechanisms (such as email or SMS)
  • Per-subscriber traffic management by rate-limiting or blocking specific services (such as 25/TCP to prevent propagation of spam)
  • Per-subscriber solutions require Allot Subscriber Management Platform
Allot Device/Platform Compatibility Available on Allot Service Gateway platforms and Allot NetEnforcer devices running Allot OS versions AOS10.2 and up Integrated with Allot SMP for per subscriber traffic enforcement, version SMP9.2.1 and up (see SMP datasheet for device/platform compatibility)
Third-party Compatibility Filter recommendations provided in the following formats: SNORT, TCPDUMP, IPTABLES, Cisco ACL (IOS 12.4), Cisco PIX, JUNOS 9.4, Huawei (CX200D), Fortinet 2.80. No device integration. Redback BRAS

ServiceProtector Controller

Capacity per Controller
Sensors per Controller 16 (maximum)
Sensor-Groups 400 (maximum)
Management Interface
Interface Media 1 x 10/100/1000BASE-T (RJ-45)
Traffic Encryption and Firewall Requirements
  • User to SP-Controller: HTTPS and SSH
  • SP-Controller to Sensor (Standalone or Embedded): IPSec*

Note: No NAT traversal except* between SP-Controller and standalone Sensor; No IPSec encryption on NBAD Mitigation traffic when Standalone Sensor is used.* * See Allot ServiceProtector Installation and Admin Guide for firewall configuration requirements.

Management Traffic 100-500kbps (varies according to number of Groups, anomalies and packet size)
Console VGA/USB and serial
Mechanical and Environmental
Form Factor/Dimensions Standard 1U in 19″ rack/43 mm x 440 mm x 711.4 mm (H x W x D)
Weight 12.7–15.6 kg/28–34.5 lb
Operating Temperature 50–95°F; 10–35°C (up to 3,000 ft/914.4 m);50–90°F; 10–32°C (3,000–7,000 ft/914.4–2,133 m)
Power Consumption 675 W (per PSU)
Power Supply Dual redundant, hot swappable
Certifications and Safety FCC (Part 15 of FCC rules, Class A), ICES-003 (Issue 4, Class A), UL/IEC 60950-1:2007,CDS C22.2 No. 69950-1-03 2nd Edition, NOM-019

Real-time DDoS Mitigation

Protect cloud data centers and other network resources from volumetric and stealthy attacks so you can:

  • Assure data center availability and efficiency
  • Meet cloud service SLAs and minimize risk of outages
  • Gain visibility of attackers and their targets in your cloud



Blacklist Avoidance

Automatically detect internal spammers on your network, isolate them and filter their outgoing spam traffic, so you can:

  • Get off and stay off spammer blacklists
  • Reduce complaints from other operators
  • Avoid unnecessary investment in content-based anti-spam solutions



Real-time Bot Containment

Stop outgoing spam and IP scanning traffic from eating up valuable bandwidth and pinpoint infected endpoints that require cleanup, so you can:

  • Protect network performance and integrity
  • Ensure business productivity by treating bot infections at the source
  • Reduce help desk time spent on problems from malware