FastNetMon provides real-time visibility into network traffic by collecting telemetry from routers and switches using sFlow, NetFlow, IPFIX, jFlow and mirrored traffic. Traffic is analysed continuously to establish a baseline of normal behaviour and to identify abnormal patterns associated with L3 and L4 attacks.
Detection happens within seconds, allowing operators to identify volumetric floods, packet-rate spikes and abnormal flow behaviour early. FastNetMon is built for high-throughput environments and can scale to terabits of traffic and millions of flows per second on commodity hardware, supporting both IPv4 and IPv6 across diverse network topologies.
Automated DDoS Mitigation
FastNetMon combines fast detection with automated response, enabling mitigation actions to be triggered directly at the network layer as soon as an attack is identified. This removes reliance on manual workflows during incidents and ensures that response is consistent, fast and repeatable.
Mitigation is implemented using standard routing and traffic-control mechanisms already present in service provider and enterprise networks, allowing FastNetMon to integrate seamlessly into existing operational models.
BGP BlackHole and RTBH Automation
When an attack exceeds defined thresholds, FastNetMon can automatically announce BGP BlackHole (RTBH) routes for the affected prefixes. This allows malicious traffic to be dropped upstream or within the network, preventing attack traffic from reaching protected infrastructure.
Automation ensures that blackholing is applied quickly and only when required, reducing response time and operational overhead. FastNetMon works with existing BGP sessions and commonly used blackhole communities, making it suitable for ISP, hosting and large enterprise environments without introducing proprietary routing dependencies.
BGP FlowSpec-Based Traffic Filtering
For attacks where full blackholing is too disruptive, FastNetMon supports BGP Flow Spec to apply fine-grained traffic filtering rules directly on FlowSpec-capable routers. This allows mitigation policies to target specific protocols, ports or packet characteristics associated with an attack.
By filtering only the malicious traffic, FlowSpec helps preserve availability for legitimate users and reduces collateral damage during complex or multi-vector DDoS events.
Scrubbing Centre Diversion Automation
FastNetMon integrates with external scrubbing centres to automatically divert attack traffic for cleaning while allowing legitimate traffic to continue flowing normally. Traffic diversion is triggered only when an attack is detected and automatically withdrawn once conditions return to normal.
This approach enables significant cost savings by eliminating the need for always-on scrubbing. Only malicious traffic is sent to the scrubbing provider, reducing scrubbing capacity requirements and associated costs. At the same time, legitimate traffic avoids unnecessary detours, resulting in lower latency and better user experience during both normal operation and attack conditions.
Broad Vendor and Infrastructure Support
FastNetMon is designed for real-world, multi-vendor networks and relies on standard telemetry and routing protocols rather than proprietary integrations. It works with networking equipment from major vendors used in service provider and enterprise environments, including Cisco, Juniper, Nokia, Huawei, Arista and others.
Support for standard flow export protocols and BGP allows FastNetMon to integrate into existing infrastructure with minimal friction and no vendor lock-in.
And More
Beyond its core role as a network-level DDoS detection and mitigation platform, FastNetMon includes additional capabilities that extend visibility and control across modern environments:
- Blocklist-based traffic filtering
- Traffic visibility for AWS and Google Cloud environments
- Historical traffic analysis and Grafana dashboards
These features complement the core platform while keeping the primary focus on fast, automated defence against L3 and L4 DDoS attacks.
Get Started
FastNetMon is ideal for telcos, ISPs, cloud providers and enterprise networks seeking fast, automated, network-level DDoS defence with wide vendor support and integration into existing infrastructure. Start a free trial or contact us for more information.