Protect service uptime and application performance

As cyber threats abound and are increasingly aimed at service provider, cloud, and enterprise resources, Allot ServiceProtector protects the performance and integrity of your network services and resources by providing a first line of defense against Denial of Service (DoS/DDoS) and Zero-Day attacks. It also prevents outgoing spam and other bot infections from blacklisting your network and eating up valuable bandwidth.

Stop DDoS attacks in their tracks

Using advanced Network Behavior Anomaly Detection (NBAD) technology, Allot identifies DDoS and other flooding events by the traffic anomalies they cause. Within seconds, Allot ServiceProtector performs fast, surgical mitigation to block, limit or isolate malicious traffic while allowing legitimate traffic to flow unimpeded – keeping your business online and protected at all times.

Contain bots and clean up infected endpoints

Using advanced Host Behavior Anomaly Detection (HBAD) technology, Allot ServiceProtector detects internal spammers and stops outgoing spam emails from reaching the Internet or email platform. As a result, you can prevent network blacklisting and eliminate additional load on the network from IP scanning and other bot activity. Through real-time notification and redirection of users to a “cleanup” portal, Allot ServiceProtector helps you treat the root cause of bot infections with no need to install and update personal anti-virus and firewall software on endpoints.

Allot ServiceProtector helps you:

  • Establish a first line of defense against cyber attacks
  • Maximize service uptime and ensure performance of critical business applications
  • Gain visibility into attackers and their targets in your network
  • Reduce spammer abuse complaints and appearance on blacklists
  • Reduce time spent by helpdesk and engineering on problems from outbound spam
  • Lower operational overhead through automated mitigation of internal spammers
  • Treat the root cause of infected endpoints so they can be stopped without affecting other users

Contact to discover how Allot Service Protector can protect service uptime and application performance in your network.

Automated protection at scale

Allot’s Anti-DDoS and Bot Containment services are delivered via Allot Service Gateway and Allot NetEnforcer platforms, providing fully automated and highly scalable detection and mitigation solutions to stop even the largest-scale DDoS attacks and spambots. Full line-rate 1GE/10GE permits deployment near IP core.

Accurate detection and surgical mitigation

Allot’s advanced anomaly detection and analysis technologies are engineered to identify any number and complexity of DDoS attacks in real-time, and to surgically filter malicious traffic Unlike solutions that “sample” captured packets and flow data, Allot collects and analyzes all anomalous packets and metadata to ensure accuracy and robustness.

Reliable performance

Passively captured traffic adds no latency and no point of failure to the network, so applications continue to perform even during an attack.

Real-time visibility of attack events

Visibility and reporting of attack detection and mitigation events include real-time notification and anomaly details showing the attack signature, IP source address, duration, destination, and mitigation filter.

Fortify existing security layers

Ensure that your network is protected from the damage caused by outgoing spam in addition commercial anti-spam solutions that are designed to block incoming spam.

Treat the root cause of outbound spam

Allot HBAD technology pinpoints malware-infected endpoints so you can effectively control outbound spam, especially in consumer environments with dynamic IP allocation and Bring Your Own Device (BYOD), where safe Internet usage practices cannot be enforced.

The Allot ServiceProtector system consists of hardware and software components. The components are: (a) the central management appliance called Allot ServiceProtector Controller, and (b) license-activated functionality embedded in Allot Service Gateway platforms and Allot NetEnforcer devices. Embedded functionality includes detection (ServiceProtector Sensor) and dynamic surgical packet filtering (ServiceProtector NBAD Mitigation). In addition, an appliance-based ServiceProtector Sensor is also available.


  DDoS/Network Flood Attack Infected/Abusive Behavior
Approach Network-based monitoring; traffic meta data collected directly from the network
Technologies Network Behavior Anomaly Detection (NBAD) Host Behavior Anomaly Detection (HBAD)
Depth of Traffic Inspection Modeling: Layer 3 and 4 packet headers are inspected to build HBAD flow data or NBAD network statisticsEvidence/Analysis: Entire packet header and payload; 500 packets per automatic capture; Maximum of 25,000 packets for manual captures (evidential captures and manual capture not available for Integrated Sensors (AOS) versions AOS12.x and above)
Supported Networks Ethernet, VLAN, MPLS, L2TP, IPv4
Types of Events
  • High packet rate
  • Small packet size or large packet size
  • Fan-in or DDoS (many IPs to one IP);

Fan-out (one IP to many IPs);

Swarms (many IPs to many IPs);

DoS (one IP to one IP)

  • TCP based (SYN, FIN, ACK, RST, invalid flag combinations)
  • UDP based
  • ICMP (including echo request, echo reply, unreachable)
  • Other (non-TCP, UDP or ICMP)
  • Involving fragmented packets, truncated or malformed packets
  • Address scan
  • Port scan
  • Flow bomb (bombarding the same target IP and port with a high number of flows)
  • Mass SMTP (address scanning or flow bombs to 25/TCP)
  • Mass DNS (address scanning or flow bombs to 53/UDP)
Detection Time (typical) 10-60 seconds 3-5 minutes
Pattern Creation Time (typical) 10-20 seconds Not applicable
Alert/Notification Email, syslog, SNMP trap (v2c)
Enforcement Action
  • Traffic filtering using Allot Deep Packet Signatures (ADPS)
  • Filtering occurs in-line and before further policy and bandwidth management
  • Notification of subscriber/user via HTTP redirection on Allot NetEnforcer device or Allot Service Gateway platform and/or by triggering existing notification mechanisms (such as email or SMS)
  • Per-subscriber traffic management by rate-limiting or blocking specific services (such as 25/TCP to prevent propagation of spam)
  • Per-subscriber solutions require Allot Subscriber Management Platform
Allot Device/Platform Compatibility Available on Allot Service Gateway platforms and Allot NetEnforcer devices running Allot OS versions AOS10.2 and up Integrated with Allot SMP for per subscriber traffic enforcement, version SMP9.2.1 and up (see SMP datasheet for device/platform compatibility)
Third-party Compatibility Filter recommendations provided in the following formats: SNORT, TCPDUMP, IPTABLES, Cisco ACL (IOS 12.4), Cisco PIX, JUNOS 9.4, Huawei (CX200D), Fortinet 2.80. No device integration. Redback BRAS

ServiceProtector Controller

Capacity per Controller
Sensors per Controller 16 (maximum)
Sensor-Groups 400 (maximum)
Management Interface
Interface Media 1 x 10/100/1000BASE-T (RJ-45)
Traffic Encryption and Firewall Requirements
  • User to SP-Controller: HTTPS and SSH
  • SP-Controller to Sensor (Standalone or Embedded): IPSec*

Note: No NAT traversal except* between SP-Controller and standalone Sensor; No IPSec encryption on NBAD Mitigation traffic when Standalone Sensor is used.*

* See Allot ServiceProtector Installation and Admin Guide for firewall configuration requirements.

Management Traffic 100-500kbps (varies according to number of Groups, anomalies and packet size)
Console VGA/USB and serial
Mechanical and Environmental
Form Factor/Dimensions Standard 1U in 19″ rack/43 mm x 440 mm x 711.4 mm (H x W x D)
Weight 12.7–15.6 kg/28–34.5 lb
Operating Temperature 50–95°F; 10–35°C (up to 3,000 ft/914.4 m);50–90°F; 10–32°C (3,000–7,000 ft/914.4–2,133 m)
Power Consumption 675 W (per PSU)
Power Supply Dual redundant, hot swappable
Certifications and Safety FCC (Part 15 of FCC rules, Class A), ICES-003 (Issue 4, Class A), UL/IEC 60950-1:2007,CDS C22.2 No. 69950-1-03 2nd Edition, NOM-019


ServiceProtector (Embedded)

Impact on Legitimate Traffic Flows from Embedded Sensor (NBAD and/or HBAD License) and NBAD Mitigation License
Bit Rate/Packet Rate Sensor adds ~15%; NBAD Mitigation adds additional 1-2% on Service Gateway and 5-25% on NetEnforcers (applies only when mitigating)
Latency (relative) 10-20 μsec
CER Up to 2%
Concurrent Connections/Internal Hosts No change
Concurrent Suspicious Internal Hosts 1% of Concurrent Internal Hosts (HBAD only)
Max Groups per Sensor 30


ServiceProtector Sensor (Standalone)

1 GE Sensor Appliance 10 GE Sensor Appliance
Capacity (*Aggregated Traffic; **Outbound Connections)
Max Bit Rate* 4 Gbps (IMIX) 20 Gbps (IMIX)
Max Packet Rate* 5.97 Mpps (60 Byte) 16.6 Mpps (60 Byte)
CER** ~66 kcps ~329 kcps
Concurrent Connections** 9,600,000
Concurrent Internal Hosts** 2,000,000
Concurrent Suspicious Internal Hosts** 20,000
Max Groups per Sensor 30
Interfaces Options and Connections
Network Monitoring 4 x 10/100/1000BASE-T (RJ-45) Copper or4 x 1000BASE-SX/LX (LC) 2 x 10 Gigabit Ethernet SR/LR (LC)
Management 2 x 10/100/1000 BASE-T
Console VGA/USB and serial
Mechanical and Environmental
Form Factor/Dimensions Standard 1U in 19″ rack/43 mm x 440 mm x 711.4 mm (H x W x D)
Weight 12.7–15.6 kg
Operating Temperature 10–35°C (up to 914.4 m); 10–32°C (914.4–2,133 m)
Power Consumption 675 W (each PSU)
Power Supply Dual redundant, hot swappable
Certifications and Safety FCC (Part 15 of FCC rules, Class A), ICES-003 (Issue 4, Class A), UL/IEC 60950-1:2007,CDS C22.2 No. 69950-1-03 2nd Edition, NOM-019

Real-time DDoS Mitigation

Protect cloud data centers and other network resources from flooding and other Denial of Service attacks so you can:

  • Assure data center availability and efficiency
  • Meet cloud service SLAs and minimize risk of outages
  • Gain visibility of attackers and their targets in your cloud



Blacklist Avoidance

Automatically detect internal spammers on your network, isolate them and block their outgoing spam traffic, so you can:

  • Get off and stay off spammer blacklists
  • Reduce complaints from other operators
  • Avoid unnecessary investment in content-based anti-spam solutions



Real-time Bot Containment

Stop outgoing spam and IP scanning traffic from eating up valuable bandwidth and pinpoint infected endpoints that require cleanup, so you can:

  • Protect network performance and integrity
  • Ensure business productivity by treating bot infections at the source
  • Reduce help desk time spent on problems from malware