Servicepipe FlowCollector

Main article: Firewall

Servicepipe FlowCollector is a network traffic mining system that ships as software or PAC. The product was created to strengthen the security of external and internal network infrastructure: monitoring the state of the network, analyzing the types and volumes of traffic consumed. FlowCollector continuously monitors incoming and outgoing packets from the network, detecting anomalies and translating DDoS attacks to filtering for 100 ms.

2025

BGP FlowSpec Support

Servicepipe has updated the FlowCollector traffic analyzer. This makes detection of attacks faster and analytics even more accurate and convenient. The company announced this on April 10, 2025.

Servicepipe FlowCollector is a network traffic mining system that ships as software or PAC. The product is designed to enhance the security of external and internal network infrastructure: monitoring the state of the network, analyzing the types and volumes of traffic consumed. FlowCollector continuously monitors incoming and outgoing packets from the network, detecting anomalies and translating DDoS attacks to filtering for 100 ms.

FlowCollector has support for the BGP FlowSpec protocol. This is an extension of the standard BGP protocol that allows traffic filtering rules to be automatically distributed throughout the network. The system can now automatically send special BGP messages when it detects network anomalies. This makes it possible to block malicious traffic on all devices of the network almost instantly and automatically. For example, the system is able to automatically initiate blocking of the specific port on which the attack is taking place, providing a quick response and minimizing damage.

Another change to the solution is deduplication of traffic data to improve the accuracy of statistics. When collecting NetFlow data (information about traffic flow, including start and end times, number of bytes and packets, protocol type, etc.), repeated records often occur, which distorts the analysis results. The functionality of "router id" in FlowCollector groups NetFlow sources, distributing them to common or individual counters, which eliminates data duplication.

In addition, all NetFlow and SNMP data (traffic flow data and device status data) are now stored in Clickhouse, allowing Data Explorer to conduct deeper retrospective analysis and proactive threat monitoring. A compression mechanism for data older than 24 hours helps save space, and high storage performance ensures efficient processing of large amounts of information.

Among other improvements:

• added support for 32-bit DeltaPackets and DeltaBytes for IPFIX, which improves compatibility with older routers;
• There is support for IPv6 for icmp-flood attacks, expanding the capabilities of the system in modern networks;
• Optimized mirroring and reporting to improve data performance and accuracy
• NATS support is implemented to transmit anomaly detection events, which further accelerates the response of the system;
• added new attack detection vectors: HTTPS-flood and GRE-flood.

Cyber ​ ​ experts in the first three months of 2025 showed that many players simply cannot cope with carpet DDoS attacks without a traffic analyzer. And our task is to make FlowCollector an even more reliable and convenient tool that helps customers quickly respond to threats and optimize their networks, "said Mikhail Khlebunov, Product Director of Servicepipe.

Add Data Explorer Module

Servicepipe enhances the ability to analyze network flows in its FlowCollector solution. The company announced this on February 5, 2025.

The Data Explorer module in FlowCollector provides a tiered storage system for network traffic metrics that allows you to analyze data for any period of time. The depth of analytics is limited only by the company's computing resources. The possibility of retrospective analysis gives a broader picture of what is happening in the company's data network to develop measures to improve security.

Data Explorer allows you to instantly detect suspicious patterns in traffic with high accuracy. This makes it possible to quickly filter data, obtain accurate metrics and identify bottlenecks in the network infrastructure for their subsequent elimination.

The FlowCollector system management interface allows you to flexibly configure dashboards in order to track the most important traffic parameters for the system administrator. In addition, there are predefined dashboard templates that can be used and with which you can also track traffic parameters both in real time and for retrospective analysis.

Companies receive and transmit huge amounts of traffic in which it is extremely difficult to detect low-frequency anomalies when there is an attack with a small number of packets in a minute. Tools are needed that will show a complete picture of changes in the traffic profile, and the updated FlowCollector is just such a tool, "commented Mikhail Khlebunov, Product Director of Servicepipe.