DATA SHEET
CISCO TRAFFIC ANOMALY DETECTOR XT 5600
PRODUCT OVERVIEW
®
®
The Cisco Traffic Anomaly Detector XT 5600 from Cisco Systems is a complete solution to help large organizations protect against
distributed denial-of-service (DDoS) or other cyber attacks, enabling users to quickly initiate mitigation services to block the attack before
business is adversely affected.
Based on a unique, patented multiverification process (MVP) architecture, the Cisco Traffic Anomaly Detector XT utilizes the latest behavioral
analysis and attack recognition technology to proactively detect and identify all types of cyber assaults.
By constantly monitoring traffic destined for a protected device, such as a Web or e-commerce application server, the Cisco Traffic Anomaly
Detector XT compiles detailed profiles that indicate how individual devices behave under “normal” operating conditions. If the Cisco Traffic
Anomaly Detector XT detects any per-flow deviations from the profile, it considers the anomalous behavior of a potential attack and responds
based on user preference: by sending an operator alert to initiate a manual response, by triggering an existing management system, or by
launching the Cisco Guard XT DDoS Mitigation Appliance to immediately begin mitigation services.
Combined with the Cisco Guard XT, the Cisco Traffic Anomaly Detector XT contributes to the industry’s most comprehensive DDoS defense
system. Through the MVP architecture, the Cisco Traffic Anomaly Detector XT and Cisco Guard XT detect, divert, isolate, and remove
malicious attack flows without impacting legitimate transactions, helping to deliver robust protection to networks and business-critical traffic.
APPLICATIONS
Cyber attacks are on the rise, with DDoS assaults representing the fastest-growing threat facing online businesses today. These attacks, which
have evolved from simple acts of publicity-seeking vandalism to highly focused events designed to disrupt the business operations of targeted
victims, have grown increasingly relentless and malicious, driving many businesses to the brink of ruin.
Attack techniques are also growing more sophisticated. Attackers mimic valid requests, spoof source identification, and use armies of
compromised “zombie” hosts to overwhelm Internet data centers and existing defenses, while making identification and blocking of the
malicious traffic flows virtually impossible.
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 1 of 6
The Cisco Traffic Anomaly Detector XT works with the Cisco Guard XT to provide a complete detection and mitigation solution that protects
enterprises, hosting centers, government agencies, and service provider environments from DDoS attacks. When the Traffic Anomaly Detector
XT identifies a potential attack by noticing deviations from known “normal” behavior, it alerts the Guard XT to begin diverting traffic destined
for the targeted devices—and only that traffic—for inspection. All other traffic continues to flow freely, reducing the impact on overall business
operations while increasing the number of devices or zones a single Guard XT can protect.
Diverted traffic is rerouted through the Cisco Guard XT, which is typically deployed off the critical path at any point in the network— from
enterprise entrance access points to peering points off an ISP backbone. The diverted traffic is then scrutinized to identify and separate “bad”
flows from legitimate transactions. Attack packets are identified and removed, while legitimate traffic is forwarded to its original destination,
ensuring that real users and real transactions always get through, guaranteeing maximum availability.
Figure 1
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 2 of 6
KEY FEATURES AND BENEFITS
Recognition and Learning
The Cisco Traffic Anomaly Detector XT resides off the critical path to monitor mirrored traffic flows at full gigabit line rates, building detailed
profiles of “normal” behavior for each protected device without consuming valuable switch or router resources.
Using sophisticated behavior-based anomaly detection technology, the Cisco Traffic Anomaly Detector XT will detect any activity that deviates
from those profiles at both global and granular session levels, enabling highly accurate identification of all types of known and Day Zero
attacks. Granular, per-connection state analysis of all packets enable fast and thorough detection and identification of the most elusive and
sophisticated attacks—from subtle, low-rate server resource exhaustion attacks to large-scale attacks launched by hundreds of thousands of
distributed zombies.
The Traffic Anomaly Detector XT also includes a behavioral recognition engine that eliminates the need to continually update profiles, and
reduces the large number of alerts and false positives common with static signature-based approaches. In addition, the Cisco Traffic Anomaly
Detector XT comes preconfigured with default profiles for immediate operation out of the box; automated learning allows users to create
specific tuning recommendations that can be reviewed by the operator.
Finally, session-state context recognizes validated session traffic and identifies session-abusive attacks to provide additional protection against
malicious activity.
High Performance
The high-performance Cisco Traffic Anomaly Detector XT monitors attack flows at full gigabit line rates—enough to identify more than
100,000 sources per device in a single attack, providing robust protection for large, high-volume environments against distributed attacks.
In addition, multistage analysis of fully mirrored traffic delivers fast recognition of even the most stealthy low-rate attacks. To provide the
greatest possible protection, the Cisco Traffic Anomaly Detector XT can be deployed downstream—close to protected resources in the data
center, or upstream—adjacent to a Cisco Guard XT for more widespread coverage.
Reporting and Management
The Cisco Traffic Anomaly Detector XT uses a Web-based graphical user interface (GUI) that displays information in a simple, intuitive
manner, dramatically simplifying configuration, operation, and attack identification and analysis.
Multiple real-time and historical reporting levels provide network operators, security administrators, and clients with detailed information to
assist in attack detection, policy setting, and mitigation. Report statistics can also be exported to text files for back-end customization or for
later review.
The Cisco Traffic Anomaly Detector XT can also be configured to proactively send alerts to network operators and to the Cisco Guard XT to
initiate rapid response to attack conditions, including automated mitigation services to quickly thwart the attack. A Simple Network
Management Protocol (SNMP) management information base (MIB) also makes all device-, protected zone-, and attack-level statistics
available to standards-based management systems.
SUMMARY
Designed for large hosting centers and online enterprises, the Cisco Traffic Anomaly Detector XT combines with the Cisco Guard XT DDoS
Mitigation Appliance to provide a security solution that can help ensure uninterrupted business operations, even in the face of the most
malicious assaults. For users, that translates into a significant competitive advantage as it can help ensure uncompromised availability and
unparalleled protection of valuable business assets.
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 3 of 6
PRODUCT SPECIFICATIONS
Table 1. Product Specifications
Memory
2 GB DDRAM
Hard Drive
80 GB
Interfaces
Two Gigabit Ethernet
Two 100BASE-T (management)
Power Supply
Dual 110-220V, 350W
Weight
62 lb /28.2 Kg
Height
3.36 in. / 8.53 cm
Width
17.5 in. / 44.5 cm
Depth
27.5 in. / 69.9 cm
Operating Temperature
10 to 35C (50.0 to 95.0F)
Nonoperating Temperature
10 to 43C (50.0 to 109.4F)
Humidity
Operating: 8% to 80%
Non-Operating: 8% to 80%
Rack-mountable
Yes
Management
Secure Web-based GUI
CLI: Console, Telnet, SSH
Cisco (Riverhead) SNMP MIB and MIB II
TACACS+
Syslog
Certifications
UL recognized
CE
FCC Rules Part 15 compliant
Attack Protection
• Spoofed and Non-spoofed Attacks
– TCP (syns, syn-acks, acks, fins,
fragments)
– UDP (random port floods, fragments)
– ICMP (unreachable, echo, fragments)
– DNS
• Client Attacks
– Inactive and total connections
– HTTP Get flood
• BGP Attacks
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 4 of 6
ORDERING INFORMATION
Table 2. Ordering Information
Product Name
Part Number
SMARTnet Number
Cisco Traffic Anomaly Detector XT 5600 with 1000BASE-SX Multi
Mode Fiber Optic Ports with LC Connectors, Dual AC Power, RAID
ADXT-5600-MMF-A-K9
CON-SNT-ADX5600M
Cisco Traffic Anomaly Detector XT Appliance 5.0 Software
SC-ADXT-5.0-K9
To place an order, visit the Cisco Ordering Home Page.
TECHNICAL SUPPORT SERVICES
Whether your company is a large organization, a commercial business, or a service provider, Cisco is committed to maximizing the return on
your network investment. Cisco offers a portfolio of technical support services to help ensure that your Cisco products operate efficiently,
remain highly available, and benefit from the most up-to-date system software.
The Cisco Technical Support Services organization offers the following features, providing network investment protection and minimal
downtime for systems running mission-critical applications:
• Provides Cisco networking expertise online and on the telephone
• Creates a proactive support environment with software updates and upgrades as an ongoing integral part of your network operations, not
merely a remedy when a failure or problem occurs
• Makes Cisco technical knowledge and resources available to you on demand
• Augments the resources of your technical staff to increase productivity
• Complements remote technical support with onsite hardware replacement
• Cisco Technical Support Services include:
®
– Cisco SMARTnet support
– Cisco SMARTnet Onsite support
• Cisco Software Application Services, including Software Application Support and Software Application Support plus Upgrades
For more information, visit: http://www.cisco.com/en/US/products/svcs/ps3034/serv_category_home.html
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 5 of 6
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
European Headquarters
Cisco Systems International BV
Haarlerbergpark
Haarlerbergweg 13-19
1101 CH Amsterdam
The Netherlands
www-europe.cisco.com
Tel: 31 0 20 357 1000
Fax: 31 0 20 357 1100
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Tel: 408 526-7660
Fax: 408 527-0883
Asia Pacific Headquarters
Cisco Systems, Inc.
168 Robinson Road
#28-01 Capital Tower
Singapore 068912
www.cisco.com
Tel: +65 6317 7777
Fax: +65 6317 7799
Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on
the Cisco Web site at www.cisco.com/go/offices.
Argentina • Australia • Austria • Belgium • Brazil • Bulgaria • Canada • Chile • China PRC • Colombia • Costa Rica
Croatia • Cyprus • Czech Republic • Denmark • Dubai, UAE • Finland • France • Germany • Greece • Hong Kong SAR
Hungary • India • Indonesia • Ireland • Israel • Italy • Japan • Korea • Luxembourg • Malaysia • Mexico
The Netherlands • New Zealand • Norway • Peru • Philippines • Poland • Portugal • Puerto Rico • Romania • Russia
Saudi Arabia • Scotland • Singapore • Slovakia • Slovenia • South Africa • Spain • Sweden • Switzerland • Taiwan
Thailand • Turkey • Ukraine • United Kingdom • United States • Venezuela • Vietnam • Zimbabwe
Copyright 2004 Cisco Systems, Inc. All rights reserved. Catalyst, Cisco, Cisco IOS, Cisco Systems, the Cisco Systems logo, PIX, and SMARTnet are registered trademarks
of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the propertyCisco
of theirSystems,
respective owners.
Inc. The use of the word partner does not imply a partnership relationship
between Cisco
any otherare
company.
(0403R)
BG/LW6448 0604
Alland
contents
Copyright
© 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 6 of 6
Cisco Systems, Inc.
All contents are Copyright © 1992–2004 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 7 of 6