Build real-time monitoring systems for container vulnerabilities. Read our case study
DDoS Detection
Based on a stream of network telemetry data, we can create a continuously updating view of incoming requests to categorize the types of requests, and if any there are any thresholds that are breached by certain actors based on specific requests. This requires being able to analyze millions of network router events and aggregate them over very narrow sliding windows of time to detect anomalous requests to or from certain IPs.
Timeplus has been able to comfortably process over 1M messages/second, correlating attacks with a high number of rules, and using a reasonable CPU/memory footprint on a single machine.
ARCHITECTURE
WHY TIMEPLUS?
Continuous Running Queries
Purpose-built to handle continuous running queries over fast incoming data to detect anomalous changes.
In contrast, doing this in a database would require custom applications to run these queries periodically to detect the changes. This does not scale and has pitfalls around missing data within windows as well as increasing lag in detections.
Lightning-Fast
Process large amounts of data as well as perform complex aggregations extremely fast in order for the detections not to be stale
Time to detection is key in the success of this sort of application and thus the system has to be able to handle large amounts of incoming data in the shortest possible time to ensure that the detection of an anomaly can be acted upon successfully.
Easy Integrations
Native integrations to Kafka and ClickHouse, and connectors to integrate with 200 different systems.
While keeping up with incoming data is important, it’s equally important to ensure that analysis and monitor results are promptly sent to a centralized system for further analysis and reporting.
Discover End-to-End Capabilities
Bare Metal Installation
Deploy Timeplus directly onto physical servers for maximum performance and control. This setup ensures the lowest possible latency and full utilization of hardware resources.
Data Ingestion
Seamlessly ingest and process data from a variety of sources, including Apache Kafka. This versatility allows for real-time analysis of traffic patterns and potential threats from multiple vectors.
Dynamic Filters and Projections
Leverage SQL-based views to create dynamic filters and projections, enabling precise extraction of relevant data from raw traffic logs. Easily identify suspicious activities and anomalies in network traffic.
Windowed Queries
Utilize windowed queries to aggregate and analyze data over specific timeframes or fields, allowing for the detection of DDoS attack patterns that evolve over time or target specific assets.
Shuffling and Sharding
Achieve high-performance data processing with configurable parallelization through shuffle and sharding techniques. Large volumes of incoming traffic data can be ingested and analyzed in real time.
Table Aggregations
Perform large-scale, complex aggregations on traffic data tables to detect patterns. Timeplus handles these heavy computations efficiently, ensuring timely insights into traffic anomalies.
Monitoring
Continuously monitor system performance metrics and business-critical data, for a comprehensive view of network health and potential threats. Timeplus also integrates with dashboard tools like Grafana.
SDKs/Drivers
Access both streaming and historical data through dedicated SDKs and drivers, enabling the correlation of past incidents with real-time traffic for a thorough analysis of DDoS threats and vulnerabilities.
Build Your Detection App with Timeplus Enterprise.
Deploy your way with a 30-day free trial.
No credit card required.
Looking for the cloud?
We've got you covered with our fully-managed cloud service. Rest assured with zero ops, enterprise-grade security, and pay-as-you-go pricing.
Try Timeplus Enterprise Cloud, risk free.