ITCSECadmin

Network Security Platform

DDoS Detection ยท BGP Mitigation ยท Traffic Diversion ยท SIEM ยท NIS2 Compliance

Request a Demo Download Product Description (PDF)

What is ITCSECadmin?

ITCSECadmin is a modular, self-hosted network security platform designed for Internet Service Providers (ISPs), Internet Exchange Points (IXPs), and enterprise networks. The platform combines DDoS protection, BGP traffic diversion, SIEM, network monitoring, multi-vendor BGP management, vulnerability scanning, and AI analytics into a single unified interface.

< 2 sec.

attack detection time

< 5 sec.

blackhole activation

< 10 sec.

BGP traffic diversion

70โ€“80%

TCO reduction

< 0.1%

false positives

99.99%

availability

Key Benefits

All-in-one

DDoS protection, BGP Traffic Diversion, SIEM, network monitoring, multi-vendor BGP management, vulnerability scanning, and AI analytics in one platform โ€” no need to pay for multiple separate tools.

Full Data Control

Self-hosted solution, with no dependency on external clouds. Ideal for air-gapped environments and networks with high security requirements. Zero external calls in operational mode.

Real-time Threat Detection

DDoS attack detection in under 2 seconds with automatic mitigation via BGP blackholing or traffic diversion to a scrubbing path.

BGP Traffic Diversion without Blackholing

Redirect attacked traffic to a scrubbing path without complete blackholing. Native integration with multi-vendor devices. Auto-trigger and auto-revert based on detected distributed attacks.

NIS2 Compliance

Built-in compliance module: incident reporting (Art. 23), risk management, security policies, training logs, and a tamper-evident audit log.

Artificial Intelligence

Integrated AI assistant supporting network analysis, troubleshooting, and operational decision-making in natural language.

Lower Total Cost of Ownership

TCO reduction by 70โ€“80% compared to commercial solutions. No per-Gbps fees, no data ingestion subscriptions.

Modules and Features

DDoS Protection

  • Real-time traffic analysis โ€” supports NetFlow v5/v9/IPFIX, sFlow, and PCAP
  • Hierarchical detection thresholds โ€” at network, protocol, port, and TOS levels
  • Country Risk Scoring โ€” traffic weighting based on the source country risk profile
  • Automatic mitigation โ€” BGP blackholing with community tagging and FlowSpec integration โ€” multi-vendor support
  • White/Blacklist management โ€” IP whitelisting and blacklisting
  • Various attack types support โ€” volumetric, protocol, and application-layer attacks

BGP Traffic Diversion

Redirect attacked prefixes to a scrubbing path or alternative path without complete blackholing. Support for multiple routing platforms.

  • Three diversion mechanisms โ€” Withdraw, Prefix-List, Route-Map
  • Audited SSH โ€” execution of SSH commands with live output preview
  • Auto-Trigger โ€” automatic diversion policy activation upon distributed attack detection
  • Auto-Revert โ€” automatic policy rollback after a configurable time window
  • CIDR Confirmation โ€” mandatory CIDR range confirmation gate
  • Per-peer selection โ€” select from which eBGP peers to withdraw the prefix
  • One-click Divert โ€” direct button in the Distributed Alerts dashboard
  • Policy duplication โ€” copy a policy to multiple routers with one click
  • Event history โ€” full audit trail with SSH output

SIEM and NIS2 Compliance

  • Incident reporting โ€” compliant with Art. 23 NIS2, tracking 24h / 72h / 1 month deadlines
  • Policy management โ€” versioned security policies
  • Risk management โ€” risk assessment framework with a scoring system
  • Training log โ€” security training tracking
  • Audit logs โ€” tamper-evident logging of all security actions
  • Log collection โ€” RFC 3164 Syslog collector for multi-vendor devices
  • Rule engine โ€” PCRE pattern matching with severity levels
  • Notifications โ€” real-time alerts via email and webhook

BGP and Peering Management

  • Configuration sync โ€” agentless โ€” direct SSH config pull from multi-vendor routers
  • Dynamic peer mapping โ€” automatic BGP neighbor to physical interface matching
  • Diagnostics โ€” automatic ARP, interface connectivity checks
  • Bandwidth monitoring โ€” per-interface bandwidth charts with VLAN-tagged flow support
  • Route-map analysis โ€” match/set clauses, local-pref, and prepend visualization
  • Billing and bandwidth โ€” 95th percentile, CIR, and PIR tracking per peer
  • SSH Terminal โ€” secure, audited web access to routers
  • Configuration backup โ€” versioned backups with unified diff
  • Routing table โ€” efficient full table (1M+ routes) handling

Network Vulnerability Scanner

  • CVE Detection โ€” Nmap-based scanning with vulnerability detection
  • Port scanning โ€” monitoring of 55+ high-risk ports
  • Parallel processing โ€” batch engine for large network ranges
  • SIEM integration โ€” vulnerabilities automatically generate security events
  • Reports โ€” automated email reports grouped by severity

Customer Portal (ISP/IXP Edition)

  • Traffic visibility โ€” customers see their own network traffic charts and stats
  • DDoS alerts โ€” attack history on customer prefixes
  • PDF Reports โ€” downloadable security reports
  • Data isolation โ€” strict data separation based on assigned CIDRs

Network Traffic Analysis

  • Multi-protocol support โ€” NetFlow v5/v9/IPFIX, sFlow, PCAP
  • Advanced search โ€” filtering by IP (CIDR), port, protocol, ASN, geolocation, and time range
  • Top talkers โ€” identification of largest traffic sources
  • Interactive visualization โ€” Grafana-style zoom
  • Sankey diagrams โ€” network traffic distribution visualization
  • Forensic analysis โ€” on-disk flow log searching (nfdump)
  • CGNAT Lookup โ€” reverse-lookup of NAT translations
  • Data export โ€” CSV, JSON, PDF

AI Assistant

  • Natural language queries โ€” questions about network status, historical analysis, trend identification
  • Automated troubleshooting โ€” diagnostic and operational support
  • MCP integration โ€” extensible tool system: Traffic Search, CGNAT Lookup, BGP Status, Vulnerability Analysis
  • Supported AI backends โ€” ITCare AI API and internal secure network AI servers

Supported Platforms

Native integration with leading vendor devices (no router-side agents required โ€” all SSH communication is handled by the application-side agent).

  • Linux FRR (Free Range Routing vtysh / BGP daemon) โ€” SSH (application-side agent)
  • Huawei NE8000 (VRP) โ€” native SSH
  • Cisco ASR (IOS-XE) โ€” native SSH

Technical Specs & Deployment

  • Architecture:
    Backend: PHP 8+ โ€ข Databases: MariaDB, PostgreSQL + TimescaleDB โ€ข Data Collection: pmacct + nfdump
  • Hardware Requirements:
    Minimum: 4 cores, 12GB RAM, 256GB SSD (up to 10 Gbit/s) โ€ข Production: 16+ cores, 64GB RAM, 2TB NVMe
  • Deployment Options:
    On-Premises, Managed Service, Hybrid Deployment (Edge Collectors)

Competitive Advantages

vs. Commercial DDoS

No per Gbps fees, self-hosted, integrated SIEM, no recurring subscriptions.

vs. Open Source

Designed specifically for ISP/IXPs, automatic mitigation, production-ready, NIS2 compliance out-of-the-box.

vs. Traditional SIEM

Native network support, real-time mitigation, no data ingestion fees, 70โ€“80% lower TCO.

Licensing Models

Perpetual License

One-time Core System purchase. Unlimited users and traffic.

Subscription License

Annual or monthly billing. All modules included.

Managed Service

Monthly fee per location. Hardware, software, 24/7 support (SLA).

Enterprise

Custom pricing. Dedicated support team. Feature development priority.

Ready to see it in action?

Request a Demo