Orchestration layer that coordinates policy distribution and enforcement across your infrastructure. Aegis receives threat predictions from Augur, translates intelligence into concrete security policies, and distributes these policies to xfw enforcement points and BGP-based filtering systems.
Key Features
Threat-Driven Policy Generation
Aegis receives threat predictions from Augur that include confidence scores, time-to-impact estimates, affected assets, and threat classifications. Based on this intelligence, Aegis generates appropriate security policies that address specific threats while minimizing impact on legitimate traffic.
Topology-Aware Placement
Using network topology data from Pulse, Aegis determines optimal enforcement point placement for each policy. This topology awareness ensures that protective measures deploy at the most effective locations, whether at network edges, critical junctions, or in front of specific assets.
Multi-Mechanism Enforcement
Aegis distributes policies to xfw enforcement points for kernel-level packet filtering and also triggers BGP-based filtering using Flowspec or RTBH mechanisms for volumetric attacks. This dual-enforcement approach addresses both precision filtering and large-scale traffic mitigation requirements.
Policy Lifecycle Management
Aegis manages the complete policy lifecycle including generation based on threat intelligence, validation through simulation to estimate false positive rates, distribution to enforcement points, continuous monitoring of effectiveness, automatic expiration when threats subside, and adaptation based on observed outcomes.
Policy Validation and Simulation
Pre-Deployment Testing
Before deploying policies to production, Aegis can simulate their impact using historical traffic patterns and current network state. This simulation estimates potential false positive rates and traffic impact, enabling informed decisions about policy deployment.
Effectiveness Assessment
Aegis receives enforcement telemetry from xfw about blocked threats, allowed traffic, and policy match rates. This feedback enables continuous assessment of policy effectiveness and informs decisions about policy modification or expiration.
Automated Adaptation
Policies adapt based on observed effectiveness. If a policy generates excessive false positives, Aegis can refine its parameters. If threats evolve to evade policies, Aegis generates updated policies based on new intelligence from Augur.
Enforcement Mechanisms
xfw Policy Distribution
Aegis distributes detailed packet filtering policies to xfw enforcement points across infrastructure. These policies specify match criteria based on IP addresses, ports, protocols, packet characteristics, and connection states, along with corresponding actions such as block, rate limit, or redirect.
BGP-Based Filtering
For volumetric attacks that require upstream filtering, Aegis triggers BGP-based mitigation using Flowspec to distribute fine-grained filtering rules or RTBH to black-hole attack traffic before it reaches infrastructure. This capability enables coordination with upstream providers for large-scale attack mitigation.
Coordinated Response
When threats require multi-layered response, Aegis coordinates both xfw enforcement and BGP filtering to provide comprehensive protection. This coordinated approach addresses both precision filtering for targeted attacks and capacity-based mitigation for volumetric threats.
Multi-Tenancy Support
Service Provider Capabilities
Aegis supports multi-tenant deployments where service providers protect multiple customers simultaneously. Policy isolation ensures that customer-specific policies deploy only to relevant enforcement points, while centralized management provides operational efficiency.
Per-Tenant Configuration
Each tenant can have custom policy parameters, threat sensitivity levels, and enforcement preferences. Aegis maintains this separation while enabling efficient resource sharing and coordinated defense across the infrastructure.
Integration
Aegis operates as the orchestration layer within the Perforlabs Predictive Defense Fabric. It receives threat predictions from Augur based on signals from Pulse, Flux, and Pythia. Aegis translates this intelligence into concrete policies, uses Pulse topology data for optimal placement, distributes policies to xfw enforcement points, and receives effectiveness telemetry back from xfw for continuous improvement.
Technical Architecture
Aegis uses a distributed architecture with centralized policy management to ensure consistent security posture across infrastructure while maintaining low latency for policy updates. The system scales to support thousands of enforcement points while processing threat intelligence and deployment decisions in real time.
Use Cases
- Large-scale networks requiring coordinated defense across multiple locations
- Service providers protecting customer infrastructure with multi-tenant isolation
- Enterprises with distributed infrastructure needing automated incident response
- Organizations requiring both precision filtering and volumetric attack mitigation
- Critical infrastructure operators needing rapid policy deployment with minimal latency