Servicepipe FlowCollector

Main article: Firewall

Servicepipe FlowCollector is a network traffic mining system that ships as software or PAC. The product was created to strengthen the security of external and internal network infrastructure: monitoring the state of the network, analyzing the types and volumes of traffic consumed. FlowCollector continuously monitors incoming and outgoing packets from the network, detecting anomalies and translating DDoS attacks to filtering for 100 ms.

2026: Optimizing Protection

On February 3, 2026, Servicepipe introduced an updated version of the adaptive IT infrastructure protection system against DDoS attacks and DosGate network threats and the FlowCollector network traffic analyzer. The key change in the release is that the protection has become not only more targeted, but also visual. More here.

2025

Detection of "surgical" attacks at the port level

Servicepipe has added individual port-level activity monitoring to the FlowCollector traffic analyzer to protect against "surgical" DDoS attacks. The company announced this on November 6, 2025. This feature allows you to configure analysis vectors with activity counting for any port - be it authorization services, databases or application servers. This makes it possible not only to see anomalies in general traffic, but to accurately identify attacks aimed at critical elements of the infrastructure, control the load on key services and respond to threats even before they affect the work of users.

Surgical DDoS attacks are a tactic gaining popularity in 2025. Unlike traditional volume attacks, the purpose of which is to overload the entire site or network, surgical DDoS attacks are point attacks. Attackers disable individual elements on which the work of the business directly depends: payment systems, authorization forms, order processing. Externally, the service may remain available, but key functions stop working. Servicepipe estimates that the number of such attacks has grown by about 30% over the past year, and their share continues to increase.

In addition to the added analysis capabilities, FlowCollector now supports the NetFlow v9 standard (telemetry protocol that transmits statistics on network connections - addresses, volumes and traffic direction) and IMON (network interface monitoring protocol that allows you to collect data on load and port status in real time). Adding these protocols enhances the solution's interoperability with customer infrastructure, simplifies integration with leading vendor hardware, and provides more comprehensive data coverage for analysis.

FlowCollector is used to intelligently monitor and detect DDoS attacks. It analyzes dozens of traffic vectors, detecting anomalies in 100 ms, and can work both autonomously and in conjunction with the DosGate filtering platform.

Surgical DDoS attacks are a new stage in the evolution of cyber threats. This is a new challenge and a new logic for protecting the infrastructure - a generalized view is no longer possible, traffic control is needed, as they say, "under a microscope," said Mikhail Khlebunov, Servicepipe Product Director. - NetFlow v9 and IMON support is another step towards more nuanced, proactive real-time network risk management.

As part of the solution for telecom operators

On October 7, 2025, Servicepipe introduced a solution for telecom operators - a control panel that allows DosGate and FlowCollector to provide DDoS protection to end customers.

The solution combines the administrative panel for the operator and the client's personal account. In the admin part, the operator manages accounts and resources, and in the client office, users gain access to traffic statistics and can independently configure notifications about detected anomalies.

Thus, Servicepipe enables operators to quickly launch a protection service for their customers without additional investment in development. Using the already installed DosGate and FlowCollector, they can monetize the infrastructure and offer their customers protection in the form of a service.

The panel supports white-label format: it can be branded for the operator's corporate style, including logo, domain and corporate colors. The user-friendly interface of the admin panel allows you to keep records of all customers in a single window. At the same time, protection management remains completely in the hands of the operator, and the client works only with an understandable interface for monitoring.

The advantages of the new service for both the operators themselves and their customers are obvious. Personal account enables telecom operators to turn their own infrastructure into a full-fledged service for their customers, giving new opportunities for monetization. The clients of the operators receive not only confidence in the security of their resources, but also a complete picture of the attacks - said Sergey Andrienko, head of security for web applications at Servicepipe.

FlowCollector with connection to Servicepipe Hub

Servicepipe has presented a comprehensive solution for protecting telecom operators from carpet DDoS attacks - intelligent traffic analyzer FlowCollector plus connection to Servicepipe HUB. The developer announced this on September 2025.

The solution works like this: in normal mode, traffic enters the operator's network by standard routes, and FlowCollector continuously analyzes it for anomalies.

When a DDoS attack starts targeting specific IP addresses or portions of the operator's network, FlowCollector blocks malicious traffic at the edge of the network. Depending on the settings, DDoS attack blocking rules can be triggered automatically or configured manually.

In the case of a carpet DDoS attack on the operator's IP addresses or most of them, FlowCollector automatically routes traffic to the Servicepipe HUB. There the attack is blocked, and already cleared traffic is sent to the operator's network. Once the attack is complete, routing automatically returns to the original scheme.

The advantages of a comprehensive solution for telecom operators are obvious: the launch of protection does not require one-time significant investments and makes it possible to quickly start cleaning in the event of carpet DDoS attacks.

The solution is especially relevant for operators who need to quickly protect their own infrastructure at minimal cost without the need to implement and maintain expensive traffic cleaning equipment.

According to Servicepipe, at the end of the 1st quarter of 2025, only 27% of telecom operators had a traffic analyzer, protection against DDoS attacks - about 30%. At the same time, the attacks of 2025 on the industry showed that in modern realities, operators can no longer do without protection - both the largest companies and regional Internet faced DDoS in 2025, says Servicepipe providers Development Director. Danila Jezhin- I am sure that our comprehensive offer for telecom will help solve the problem with protection for many players. industries

BGP FlowSpec Support

Servicepipe has updated the FlowCollector traffic analyzer. This makes detection of attacks faster and analytics even more accurate and convenient. The company announced this on April 10, 2025.

Servicepipe FlowCollector is a network traffic mining system that ships as software or PAC. The product is designed to enhance the security of external and internal network infrastructure: monitoring the state of the network, analyzing the types and volumes of traffic consumed. FlowCollector continuously monitors incoming and outgoing packets from the network, detecting anomalies and translating DDoS attacks to filtering for 100 ms.

FlowCollector has support for the BGP FlowSpec protocol. This is an extension of the standard BGP protocol that allows traffic filtering rules to be automatically distributed throughout the network. The system can now automatically send special BGP messages when it detects network anomalies. This makes it possible to block malicious traffic on all devices of the network almost instantly and automatically. For example, the system is able to automatically initiate blocking of the specific port on which the attack is taking place, providing a quick response and minimizing damage.

Another change to the solution is deduplication of traffic data to improve the accuracy of statistics. When collecting NetFlow data (information about traffic flow, including start and end times, number of bytes and packets, protocol type, etc.), repeated records often occur, which distorts the analysis results. The functionality of "router id" in FlowCollector groups NetFlow sources, distributing them to common or individual counters, which eliminates data duplication.

In addition, all NetFlow and SNMP data (traffic flow data and device status data) are now stored in Clickhouse, allowing Data Explorer to conduct deeper retrospective analysis and proactive threat monitoring. A compression mechanism for data older than 24 hours helps save space, and high storage performance ensures efficient processing of large amounts of information.

Among other improvements:

• added support for 32-bit DeltaPackets and DeltaBytes for IPFIX, which improves compatibility with older routers;
• There is support for IPv6 for icmp-flood attacks, expanding the capabilities of the system in modern networks;
• Optimized mirroring and reporting to improve data performance and accuracy
• NATS support is implemented to transmit anomaly detection events, which further accelerates the response of the system;
• added new attack detection vectors: HTTPS-flood and GRE-flood.

Cyber ​ ​ experts in the first three months of 2025 showed that many players simply cannot cope with carpet DDoS attacks without a traffic analyzer. And our task is to make FlowCollector an even more reliable and convenient tool that helps customers quickly respond to threats and optimize their networks, "said Mikhail Khlebunov, Product Director of Servicepipe.

Add Data Explorer Module

Servicepipe enhances the ability to analyze network flows in its FlowCollector solution. The company announced this on February 5, 2025.

The Data Explorer module in FlowCollector provides a tiered storage system for network traffic metrics that allows you to analyze data for any period of time. The depth of analytics is limited only by the company's computing resources. The possibility of retrospective analysis gives a broader picture of what is happening in the company's data network to develop measures to improve security.

Data Explorer allows you to instantly detect suspicious patterns in traffic with high accuracy. This makes it possible to quickly filter data, obtain accurate metrics and identify bottlenecks in the network infrastructure for their subsequent elimination.

The FlowCollector system management interface allows you to flexibly configure dashboards in order to track the most important traffic parameters for the system administrator. In addition, there are predefined dashboard templates that can be used and with which you can also track traffic parameters both in real time and for retrospective analysis.

Companies receive and transmit huge amounts of traffic in which it is extremely difficult to detect low-frequency anomalies when there is an attack with a small number of packets in a minute. Tools are needed that will show a complete picture of changes in the traffic profile, and the updated FlowCollector is just such a tool, "commented Mikhail Khlebunov, Product Director of Servicepipe.