DDoS: New Dashboard Tab

DDoS attacks are relentless. A sudden traffic spike, unusual geographic distribution, or anomalous traffic patterns — your team needs to understand what's happening right now. That's why we've added a dedicated Anti-DDoS analytics tab to the Perimetrical dashboard.

What's Included in the New Tab

The Anti-DDoS dashboard consolidates forensic data that was previously scattered across multiple widgets. Now, everything you need to analyze an active attack (or prevent one) is in one place:

• IP addresses: top attacking IPs, geolocation, ASN, reputation score
• Cookies: analysis of cookie patterns (unusual values, poisoned cookies)
• User-Agents: browser/bot fingerprinting, unusual User-Agent patterns
• Headers: suspicious HTTP headers, encoding anomalies, missing/extra headers
• Languages: geographic mismatch (e.g., requests claiming to be from EU but with Chinese language preference)
• Geography: traffic heatmap showing request distribution by country, region, and continent

Each data point is actionable. Click an IP address to see its complete attack profile. Hover over a country to reveal traffic volume and pattern. The dashboard is designed for security teams who need answers in seconds, not reports in hours.

Key Advantages

Streamlined Analysis and Control

DDoS forensics used to require navigating multiple tabs, exporting data, and correlating information manually. Now:

• Single-click blocking: identify a malicious IP and block it instantly without leaving the dashboard
• Pattern visualization: see attack campaigns at a glance (is this a single attacker rotating IPs, or a botnet?)
• Historical comparison: compare today's attack to last week's, identifying similarities

Simplified Information Retrieval

Previously, anti-DDoS data was spread across multiple dashboard sections:

• IP geolocation in one widget
• User-Agent distribution in another
• Traffic patterns in a third
• Header anomalies in a fourth

Correlating this information was time-consuming. The new tab brings everything together.

Enhanced Visibility

We've redesigned the visualizations with input from security teams handling real DDoS incidents:

• Time-series graphs: see how attack intensity changed over the last hour, day, or week
• Comparative analysis: legitimate vs. attack traffic side-by-side
• Percentile breakdowns: what % of traffic is from the top 10 IPs? Top 100? Top 1000?
• Drill-down capability: start with the geographic view, drill down to country, then ASN, then individual IP
• Custom time ranges: analyze attacks within specific windows (e.g., "during the 2:00-2:15 AM spike")

Example Workflow: Investigating a DDoS Attack

Here's how a security team would use the new tab:

1. Alert triggered: "Traffic spike detected: 50,000 req/s from unexpected geography"
2. Open Anti-DDoS tab in the Perimetrical dashboard
3. View the geographic heatmap: "90% of traffic is from Russia and Eastern Europe, vs. normal 5%"
4. Examine top IPs: see that the top 50 IPs are all from a single ASN (malicious hosting provider)
5. Analyze User-Agents: notice that attack traffic uses only 3 User-Agents (bot signature), legitimate traffic uses 50+ (human diversity)
6. Compare headers: attack traffic is missing standard headers (Accept-Language, Accept-Encoding) — telltale bot signature
7. Set a blocking rule: "Block traffic from this ASN with missing Accept-Language header"
8. Execute immediately: traffic drops by 95% within seconds
9. Fine-tune: examine the remaining 5% and refine the rule further

Accessing the Feature

The Anti-DDoS tab is available to all Perimetrical customers. Simply:

1. Log into the Perimetrical dashboard
2. Navigate to your protected domain
3. Click the "Anti-DDoS" tab (new)
4. Start analyzing traffic patterns in real-time

No additional configuration required. The data flows automatically as your traffic passes through Perimetrical's edge network.

Real-World Impact

This new feature has already helped our customers:

• Reduce MTTR (Mean Time To Response): DDoS incidents are now analyzed and mitigated in minutes instead of hours
• Improve accuracy of threat intelligence: teams can now export attack profiles for correlation with internal incident logs
• Reduce false positives: the multi-faceted view (IP + User-Agent + Headers + Geography) helps teams distinguish sophisticated attacks from legitimate spikes
• Enable proactive defense: teams can now identify attack patterns before they peak, blocking traffic before it causes damage

What's Coming Next

We're actively expanding the Anti-DDoS features:

• Machine learning anomaly detection: automatically flag unusual traffic patterns without manual rule creation
• Attack fingerprinting: automatically correlate your attacks with known campaigns (NoName057, Fancy Bear, etc.)
• API integrations: export forensic data to SIEM systems (Splunk, ELK, Datadog) automatically
• Predictive mitigation: forecast attack intensity and suggest preemptive blocking rules

Conclusion

DDoS attacks are a fact of digital life in 2025. The difference between a managed incident and a disaster is visibility and response time. The new Anti-DDoS dashboard tab gives your security team the forensic power they need to understand attacks, block threats, and protect your infrastructure.

Whether you're protecting a critical service, a e-commerce platform, or a streaming application, the Anti-DDoS dashboard is your new command center for threat response.