ITCSECadmin

Network Security Platform

DDoS Detection · BGP Blackholing & FlowSpec · Traffic Diversion · SIEM · NIS2 Compliance

What is ITCSECadmin?

ITCSECadmin is a modular, self-hosted network security platform designed for Internet Service Providers (ISPs), Internet Exchange Points (IXPs), and enterprise networks. The platform combines DDoS protection, BGP traffic diversion, SIEM, network monitoring, multi-vendor BGP management, vulnerability scanning, and AI analytics into a single unified interface.

< 2 sec.

attack detection time

< 5 sec.

blackhole activation

< 10 sec.

BGP traffic diversion

70–80%

TCO reduction

< 0.1%

false positives

99.99%

availability

Key Benefits

All-in-one

DDoS protection, BGP Traffic Diversion, SIEM, network monitoring, multi-vendor BGP management, vulnerability scanning, and AI analytics in one platform — no need to pay for multiple separate tools.

Full Data Control

Self-hosted solution, with no dependency on external clouds. Ideal for air-gapped environments and networks with high security requirements. Zero external calls in operational mode.

Real-time Threat Detection

DDoS attack detection in under 2 seconds with automatic mitigation via BGP blackholing or traffic diversion to a scrubbing path.

BGP Traffic Diversion without Blackholing

Redirect attacked traffic to a scrubbing path without complete blackholing. Native integration with multi-vendor devices. Auto-trigger and auto-revert based on detected distributed attacks.

BGP FlowSpec — Surgical Mitigation

Per-flow rules (RFC 5575) injected via ExaBGP v5: drop or rate-limit only the attack traffic — by prefix, port, protocol, or TCP flags. Legitimate traffic to the same IP keeps flowing, no scrubbing center required.

NIS2 Compliance

Built-in compliance module: incident reporting (Art. 23), risk management, security policies, training logs, and a tamper-evident audit log.

Artificial Intelligence

Integrated AI assistant supporting network analysis, troubleshooting, and operational decision-making in natural language.

Lower Total Cost of Ownership

TCO reduction by 70–80% compared to commercial solutions. No per-Gbps fees, no data ingestion subscriptions.

Modules and Features

DDoS Protection

  • Real-time traffic analysis — supports NetFlow v5/v9/IPFIX, sFlow, and PCAP
  • Hierarchical detection thresholds — at network, protocol, port, and TOS levels
  • Country Risk Scoring — traffic weighting based on the source country risk profile
  • Automatic mitigation — BGP blackholing with community tagging and FlowSpec integration — multi-vendor support
  • White/Blacklist management — IP whitelisting and blacklisting
  • Various attack types support — volumetric, protocol, and application-layer attacks
  • Egress spoofing monitor (BCP38) — detection of forged-source traffic leaving your network, with source-MAC attribution pinpointing the offending port
  • SYN-ACK reflection detection — identifies your own hosts being abused as reflection victims, with guidance to divert rather than blackhole
  • Configurable detection rules (no-code) — thresholds and rules managed from the admin panel, no code changes; built-in rule library (brute force, port scan, SYN flood, DNS abuse, and more)
  • Shape-aware response — single IP → RTBH blackhole, distributed attack → BGP diversion, low volume → FlowSpec; alert-only by default until an operator enables a rule
  • What-If simulator — preview the blackhole and scoring outcome before any action is taken

BGP FlowSpec (ExaBGP v5)

Surgical mitigation without blackholing — BGP FlowSpec rules (RFC 5575) injected directly to upstream peers. Drop or rate-limit only the attack traffic, while legitimate traffic to the same IP continues uninterrupted.

  • Per-flow rules — match by destination/source prefix, protocol, port, TCP flags, DSCP, and fragmentation
  • Drop / rate-limit actions — null-route only matching flows or limit kbps per BGP neighbor
  • Per-threshold mitigation mode — blackhole, flowspec, both, or none
  • Non-blocking injection queue — the detection pipeline never waits for BGP announcements
  • Automatic withdrawal — rules expire after a configurable lifetime once the threat subsides
  • Full per-neighbor, per-rule status — pending / active / withdrawn / failed, with manual inject/withdraw controls
  • exabgp.conf generator — one-click config preview and write, plus a real-time CLI connectivity test
  • No scrubbing center — no extra fees or third-party licensing

BGP Traffic Diversion

Redirect attacked prefixes to a scrubbing path or alternative path without complete blackholing. Support for multiple routing platforms.

  • Three diversion mechanisms — Withdraw, Prefix-List, Route-Map
  • Audited SSH — execution of SSH commands with live output preview
  • Auto-Trigger — automatic diversion policy activation upon distributed attack detection
  • Auto-Revert — automatic policy rollback after a configurable time window
  • CIDR Confirmation — mandatory CIDR range confirmation gate
  • Per-peer selection — select from which eBGP peers to withdraw the prefix
  • One-click Divert — direct button in the Distributed Alerts dashboard
  • Policy duplication — copy a policy to multiple routers with one click
  • Event history — full audit trail with SSH output
  • Intelligent selective advertisement — the attacked prefix stays reachable through critical peers (Google, Meta, Akamai, Amazon, Cloudflare) via a maintainable ASN allowlist, and is withdrawn only from everyone else
  • Multi-vendor — Linux FRR, Huawei NE8000 (VRP), and Cisco ASR (IOS-XE)

SIEM and NIS2 Compliance

  • Incident reporting — compliant with Art. 23 NIS2, tracking 24h / 72h / 1 month deadlines
  • Policy management — versioned security policies
  • Risk management — risk assessment framework with a scoring system
  • Training log — security training tracking
  • Audit logs — tamper-evident logging of all security actions
  • Log collection — Syslog collector (RFC 3164/5424) for multi-vendor devices
  • Multi-vendor parsers — dedicated parsers for Juniper JunOS (UI_COMMIT, UI_AUTH, BGP session states, link up/down), Cisco IOS/IOS-XE, and Linux syslog, with a generic RFC 3164 fallback
  • Correlation — link syslog events with NetFlow/sFlow traffic data
  • Rule engine — PCRE pattern matching with severity levels
  • Notifications — real-time alerts via email and webhook

BGP and Peering Management

  • Configuration sync — agentless — direct SSH config pull from Huawei NE8000, Cisco ASR, and Juniper MX routers, plus agent-based sync for Linux FRR
  • Dynamic peer mapping — automatic BGP neighbor to physical interface matching
  • Diagnostics — automatic ARP, interface connectivity checks
  • Bandwidth monitoring — per-interface bandwidth charts with VLAN-tagged flow support
  • Route-map / policy analysis — match/set clauses, local-pref, and prepend visualization across FRR, NE8000, ASR, and Juniper MX (including default vs. community-triggered prepends)
  • Billing and bandwidth — 95th percentile, CIR, and PIR tracking per peer
  • SSH Terminal — secure, audited web access to routers
  • Configuration backup — versioned backups with unified diff
  • Routing table — efficient full table (1M+ routes) handling

Network Monitoring (NMS)

  • SNMP interface monitoring — per-interface counter polling (bits/packets, errors, utilization) with historical trend charts
  • Per-device dashboards — interface tables and link status at a glance
  • Service & uptime checks — track availability of monitored services with full result history
  • Time-series storage — interface counters and check results persisted in TimescaleDB for long-term trending

Network Vulnerability Scanner

  • CVE Detection — Nmap-based scanning with vulnerability detection
  • Port scanning — monitoring of 55+ high-risk ports
  • Parallel processing — batch engine for large network ranges
  • SIEM integration — vulnerabilities automatically generate security events
  • Reports — automated email reports grouped by severity

Customer Portal (ISP/IXP Edition)

  • Traffic visibility — customers see their own network traffic charts and stats
  • DDoS alerts — attack history on customer prefixes
  • PDF Reports — downloadable security reports
  • Data isolation — strict data separation based on assigned CIDRs

Network Traffic Analysis

  • Multi-protocol support — NetFlow v5/v9/IPFIX, sFlow, PCAP
  • Advanced search — filtering by IP (CIDR), port, protocol, ASN, geolocation, and time range
  • Top talkers — identification of largest traffic sources
  • Interactive visualization — Grafana-style zoom
  • Sankey diagrams — network traffic distribution visualization
  • Forensic analysis — on-disk flow log searching (nfdump)
  • CGNAT Lookup — reverse-lookup of NAT translations
  • Data export — CSV, JSON, PDF

AI Assistant

  • Natural language queries — questions about network status, historical analysis, trend identification
  • Automated troubleshooting — diagnostic and operational support
  • MCP integration — extensible tool system: Traffic Search, CGNAT Lookup, BGP Status, Vulnerability Analysis
  • Supported AI backends — ITCare AI API and internal secure network AI servers

Supported Platforms

Native integration with leading vendor devices (no router-side agents required — all SSH communication is handled by the application-side agent).

  • Linux FRR (Free Range Routing vtysh / BGP daemon) — SSH (application-side agent)
  • Huawei NE8000 (VRP) — native SSH
  • Cisco ASR (IOS-XE) — native SSH
  • Juniper MX (JunOS) — native SSH
  • MikroTik RouterOS — SSH configuration sync

Technical Specs & Deployment

  • Architecture:
    Backend: PHP 8+ • Databases: MariaDB, PostgreSQL + TimescaleDB • Data Collection: pmacct + nfdump
  • Hardware Requirements:
    Minimum: 4 cores, 12GB RAM, 256GB SSD (up to 10 Gbit/s) • Production: 16+ cores, 64GB RAM, 2TB NVMe
  • Deployment Options:
    On-Premises, Managed Service, Hybrid Deployment (Edge Collectors)

Competitive Advantages

vs. Commercial DDoS

No per Gbps fees, self-hosted, integrated SIEM, no recurring subscriptions.

vs. Open Source

Designed specifically for ISP/IXPs, automatic mitigation, production-ready, NIS2 compliance out-of-the-box.

vs. Traditional SIEM

Native network support, real-time mitigation, no data ingestion fees, 70–80% lower TCO.

Licensing Models

Perpetual License

One-time Core System purchase. Unlimited users and traffic.

Subscription License

Annual or monthly billing. All modules included.

Managed Service

Monthly fee per location. Hardware, software, 24/7 support (SLA).

Enterprise

Custom pricing. Dedicated support team. Feature development priority.

Ready to see it in action?

Request a Demo