Application-based monitoring is a form of DDoS detection that alerts on application-layer DDoS attacks. Equipment on the customer premises passively monitors web traffic to detect denial of service efforts to impair application response. Data is gathered and correlated across multiple dimensions to provide insight into user interactions with your applications. Security Operations Center staff use this data to identify and analyze malicious application layer traffic to detect DDoS attacks.
Customer premise equipment (CPE) can provide non-intrusive monitoring, such as from a network tap or switch SPAN to avoid interruption or slowing down of web traffic.
Application-based DDoS detection provides early detection and notification of layer 7 DDoS attacks, such as GET floods, POST floods and low-and-slow attacks such as Slowloris.
Although application traffic may be encrypted, detection of DDoS as attacks hidden in HTTPS traffic is possible. FIPS-140-2 can be used on premise to decrypt SSL traffic and identify malicious IP addresses generating encrypted Layer 7 attacks.