ASPA New Products

Coming soon to the ASPA collection

Remote Access Monitoring (PAM)

Managing and monitoring remote access by users and contractors to the organization's critical assets is one of the key security requirements in data centers and enterprise networks. Many remote connections are established through protocols such as RDP, SSH, and VNC, while these protocols by default lack robust capabilities for event logging, auditing, and comprehensive monitoring. A Privileged Access Management (PAM) system enables organizations to enforce complete oversight over remote sessions without requiring changes to existing operational processes. This system provides full session recording, detailed event logging, searchable command history, and the ability to enforce security policies based on executed commands and applications, delivering an advanced layer of supervision and protection for all privileged remote accesses.

Advantages of Remote Access (PAM)

Support for common remote access protocols including RDP, SSH, and VNC
Deployable both transparently and non-transparently within the network without disrupting existing infrastructure
Full session recording and video playback for review and analysis
Ability to search through events, commands, and key activities within recorded sessions
Capability to define and enforce filtering policies for commands and applications
Creation of white lists and black lists to control user access to directories, paths, and commands on each server

ASPA Anti DDoS: Large-Scale Distributed Denial-of-Service Protection System

ASPA Anti Volumetric DDoS: Large-Scale Distributed Denial-of-Service Protection System

In today's world, with the growing reliance on digital infrastructures, defending against cyberattacks such as Distributed Denial-of-Service (DDoS) attacks has become critically important. According to recent reports, the scale of these attacks has increased exponentially in recent years, with attacks reaching rates of several tens of gigabits per second becoming common. Statistics indicate that the frequency of DDoS attacks worldwide reached over 12.5 million incidents in 2024, highlighting the need for intelligent and scalable solutions to detect and mitigate these attacks. DDoS attacks are generally categorized into three main types: volumetric attacks at the network and transport layers, such as UDP Flood, ICMP Flood, SYN Flood, and DNS Amplification, which directly target bandwidth and CPU resources; protocol attacks at the transport layer, such as TCP Connection Exhaustion, which stress server communication resources; and application-layer attacks, such as HTTP Flood, which saturate application resources by sending seemingly legitimate requests. According to Iran's IT Organization DDoS Radar, over 99% of attacks recorded in the one-year period ending in Tir 1404 were volumetric and protocol-based on TCP and UDP protocols. Of these, approximately 54% of attacks were under 2 Gbps, 75% under 10 Gbps, and 93% under 50 Gbps. Therefore, focusing on network and transport layer attacks—which impose significant load on bandwidth, CPU, and memory in defensive systems—is essential. ASPA's Anti Volumetric DDoS product leverages a robust, multi-layered strategy to absorb, analyze, and neutralize attacks before they reach the protected infrastructure. Each node of this product can analyze, process, and scrub up to 40 Gbps of unauthorized traffic while delivering only legitimate traffic.

Features of ASPA Anti DDoS

Absorption and distribution of attack traffic using a global Anycast network, automatically directing it to the nearest data center to prevent attack concentration and resource overflow
Massive bandwidth scaling with dedicated scrubbing capacity beyond each organization's bandwidth to absorb large attacks without service disruption
Intelligent threat detection and removal through continuous monitoring of traffic patterns and rates, compared against predefined baselines
Malicious traffic scrubbing with an advanced filtering engine, including behavior-based machine learning analysis and IP rate limiting to block attackers
Delivery of only clean and verified traffic via a secure channel to the main server, preventing resource consumption by malicious traffic
24/7 always-on protection without manual intervention
Zero-touch deployment and easy implementation through DNS change to Anycast IP ranges
Transparent reporting with dashboards and real-time alerts
Ensured online availability and uptime of protected servers during attacks
Capability to detect and mitigate attacks up to 40 Gbps from over 10 million addresses per node
Layer 3 and 4 filtering (Scrubbing)
Protection against attacks targeting Web, DNS, and SMTP services