Research and Education EMEA

How GÉANT Tailored Network Security for 43 Institutions

GÉANT is the leading collaboration on network and related infrastructure and services for the benefit of research and education, contributing to Europe's economic growth and competitiveness. A key part of this is the pan-European research and education network that interconnects European National Research and Education Networks (NRENs) on 1, 10, 20, 30, 100G lines and provides worldwide connectivity. Together they connect over 50 million users at 10,000 institutions across Europe. Operating at speeds of up to 500Gbps and reaching over 100 national networks worldwide, GÉANT remains the most advanced and well-connected research and education network in the world.

Challenges

High performance
Vast pan-European network
Detailed and accurate real-time and historical information
Development of supplementary detection methods
Integration into 3rd party ticketing tool
Multi-hundred gigabit environment SaaS
Management of number of tenants Integration with any potential mitigation appliance
Full redundancy to ensure 24/7 availability

Key Benefits

Overall network traffic visibility and security
Security as a Service to GÉANT’s users
Saving time and operational costs on incident reporting and handling
Lifetime license only limited to performance of appliances
Artificial Intelligence instead of simple thresholds
Low number of false positives
Comes with network visibility and performance monitoring

Deployed products

Flowmon ADS
Flowmon Collector

Situation

Network anomalies detection project

High service availability and service quality operations are the key characteristics of GÉANT’s infrastructure. Over 1,000 terabytes are transferred every day via the GÉANT IP backbone covering the entire Europe. 100 Gbps connectivity services are being operated across the core network that is designed to support up to 8 Tb/s, ensuring the network remains ahead of user demand and the data deluge. GÉANT is using a variety of different router models at different versions and thus the entire environment is sensitive to precise integration.

Solution

The goal of implementing Flowmon was to provide security reporting to GÉANT’s users - represented by the 43 national research and education institutions. The scope of the solution is to discover attacks on network services, botnets, port scans, vulnerable services, infected devices and other malicious activity. It had been decided to integrate Flowmon into GÉANT’s infrastructure by collecting flow data from existing backbone routers. To insure redundancy, two Flowmon collectors were deployed in parallel, hosting security intelligence module Flowmon ADS. Outputs from the system in the form of security events are exported to an automated ticket handling system, which notifies respective NREN’s in the event of an incident being detected in their network. Customer specific development activities were carried to reflect the customers’ needs for special detection methods. The entire solution was deployed in a matter of hours; followed by two months of custom development, customer testing and integration. Thereafter these activities transformed into the pilot program and the service officially went into production three months later.

“We’ve been working with Flowmon for over 3 years now. What makes our organizations similar is a strong focus on innovation. This is why they have always understood our needs and we can rely on their technology and support at all times. We continuously keep recommending and bringing their progressive technologies to our clients. I personally appreciate the flexibility of Flowmon solution which only needs small adjustments to fully cover our very specific needs.”

Evangelos Spatharas
Head of Security at GÉANT