ZTV Integrates Network Monitoring and Analysis with DDoS Protection Measures
- Lack of network stability was jeopardizing customer satisfaction
- DDoS attacks overloaded servers with large number of small packets, making it hard for existing flow collector to accurately detect traffic volume
- NETSCOUT® Arbor Sightline
- NETSCOUT Arbor Sightline with Insight
- Usability improvement with better dashboard and quicker response
- Cost optimization by using a peering analysis function
ZTV, which started a cable television broadcasting service in 1994 in Tsu City, Mie Prefecture, Japan, runs cable television, Internet, and landline telephone service businesses. The company has expanded its service area into 36 municipalities in three prefectures, including Mie, Shiga, and Wakayama.
In recent years, ZTV has accelerated plans to improve its infrastructure in response to greater competition amongst Internet service providers who are focusing on increased speed and capacity. ZTV expects to complete the switch to FTTH across its entire service area by 2020. As the company concentrates on its data center and private line businesses for corporate and public sector clients, as well as access services for individual clients, they recognize the importance of improving service stability by enhancing the network infrastructure and network monitoring capability.
When it comes to internet service, customer satisfaction is directly related to network stability. For ZTV, network performance is dependent on the ability to monitor traffic volume of internet access points. In order to achieve network stability, it was critically important to obtain statistical traffic information, including NetFlow from the routers installed at the access points. In the past, ZTV used a commercial flow collector to monitor and analyze NetFlow obtained from redundant multiple routers. However, as DDoS attacks targeting the infrastructure increased, the server was gradually overloaded by a large number of small packets, making it hard for the existing flow collector to accurately detect traffic volume.
Since more precise visualization was required to prevent service quality from deteriorating, ZTV began considering the deployment of an enhanced network monitoring solution equipped with a DDoS protection function. “We had a strong sense of urgency because we had been experiencing severe DDoS attacks for some time,” said Kotosuga Mayumi, Acting Manager of Technological Section, Communication Engineering Department, ZTV Co , Ltd. “As the network quality requirements are becoming higher every year, there has been a rapid increase in the need for visualization of DDoS attacks, in addition to traffic monitoring and analysis.”
Solution in Action
After evaluating several products, ZTV selected NETSCOUT Arbor Sightline (formerly Arbor SP) because it offers more monitoring options than the company’s existing flow collector and has a DDoS detection function. Arbor Sightline increases the display speed for visualizing data in graphs and tables by saving the flow information in meta data format. Arbor Sightline allows the user to view the flow information in greater detail and from various angles; detects DDoS attacks and other traffic anomalies that cannot be detected by the previous flow collector; and notifies the user by alert or email.
In addition, ZTV needed to store all flow information so they could go back through past records to investigate and analyze network performance more closely, allowing them to gain invaluable insights that would be instrumental instituting preventive measures in the future. To address this issue, ZTV added NETSCOUT Arbor Sightline with Insight (formerly Arbor SP Insight) to the solution, which has significantly enhanced capabilities to extract the target information from the entire flow information. This has also made it possible to narrow down information using approximately 30 levels of filters.
“In order to take corrective action when issues arise and assure stable internet service, it is important to understand network performance in real time,” stated Mr. Mayumi. “To answer inquiries from customers appropriately, a service provider must be able to analyze traffic to determine if it is malicious, normal, or a completely new type of traffic. These insights can lead to improvements in customer satisfaction, which is why this type of monitoring is key.”
ZTV deployed Arbor Sightline and Arbor Sightline with Insight, integrating the network traffic monitoring and analysis function with DDoS detection. One of the results is an improvement in network operation. The company indicated that it highly valued the easy-to-read screen and the display speed of the dashboard which shows traffic status and alert information in graph and table formats. This information has led to improved operability and response that ensures stable network operations.
“Network stability is achieved by continuous monitoring. In the past, we weren’t always able to identify large traffic flows as DDoS attacks, but the Arbor Sightline products generate an alert in real time, so we feel much better protected now,” added Mr. Mayumi. “Although a large number of small packets flowing over a long period of time are not displayed in the graph, we can still analyze them in detail by reviewing stored data. This makes this product very reliable.”
Optimization of the transit cost is also a great benefit. A peering analysis function monitors traffic for each autonomous system (AS) of interconnected transit providers at all times. It analyzes and visualizes the traffic volume for each route and allows them to avoid routes where traffic is congested, instead rapidly selecting the most optimal route. “The previous flow collector could not monitor traffic in detail for each AS like the Arbor solution can,” concluded Mr. Mayumi. “The peering analysis function allows us to obtain the information required for selecting the optimal route, which helps reduce our infrastructure cost.”
Learn More About ZTV
Headquarters: 4-7-1 Anotsudai, Tsu-shi, Mie, 514-8557 Japan
Business line: Cable Television, Internet, Cable Plus Telephone, Cable Smartphone, Local BWA
Contect: Kotosuga Mayumi, Acting Manager of Technological Section, Communication Engineering Department, ZTV Co., Ltd.
La rete è l'azienda. Gli operatori devono ottimizzare le risorse e ridurre le minacce alla disponibilità dei servizi per risparmiare denaro. Arbor SightLine fornisce solide funzionalità, dalla pianificazione della capacità a livello di rete, all’identificazione delle minacce di rete e alla gestione della mitigazione.
Questi dati di rete pervasivi possono anche essere sfruttati per prendere decisioni di routing e peering, ridurre i costi del trasporto, eliminare le minacce di rete e fornire alla tua attività nuovi ricavi, tramite la generazione di servizi.