D ATA S H E E T

A10 Defend DDoS Detector

Precise, Highly Scalable Network-wide Anomaly Detection

Platforms

A10 Defend DDoS Detector (formerly Thunder TPS), a part of

Physical Appliances
A10 Defend suite, is the high-performance flow-based network
anomaly detection that provides precise and faster DDoS
detection with automated traffic behavior profiling. With
Virtual Appliance
A10 Defend DDoS Orchestrator and Mitigator, it enables intelligent
automated DDoS defense suited for network-wide protection. Related
Products & Services
Detecting Modern
DDoS Attacks
In today's hyper-connected world, service providers and large enterprises A10 Defend DDoS Mitigator
face a constant barrage of threats. Among them, distributed denial-of-
service (DDoS) attacks stand out for their sheer power and potential to
disrupt critical service and infrastructure. DDoS attacks flood victims’
networks with a large volume of malicious traffic, aiming to take down A10 Defend DDoS
Orchestrator
services, disrupt operations, and ultimately damage reputation.

Modern DDoS attacks present immense challenges to organizations.

Attackers have an arsenal of tools at their disposal, from DDoS toolkits,
online services (DDoS-as-a-service) and weaponized IoT devices to DDoS A10 Defend Threat Control
botnets. They often exploit vulnerabilities in open internet servers, launching
reflection-amplification attacks that magnify the attack volume and hide
their true source. To further complicate matters, they might employ carpet
bombing attacks, spreading the attack across multiple targets — a range DSIRT Support
of IP addresses — potentially triggering many alerts and exhausting DDoS
scrubbing capacity. This combination of techniques makes DDoS defense
incredibly challenging.

Talk with A10

©️2025 A10 Networks, Inc. All rights reserved.
A10Networks.com/a10-defend
 A10 DEFEND DDOS DETECTOR | DATA SHEET

Precision Matters
While simple volumetric attacks might be detectable It offers unmatched performance and capacity that allows
by monitoring traffic volume, this approach may not be organizations to have fewer flow-based detectors and
effective against today's sophisticated threats. Traditional simplifies the deployment. Combined with A10 Defend
solutions struggle with high false positives, delayed DDoS Orchestrator and Mitigator, a whole DDoS protection
detection, and resource-draining mitigation. This leaves the cycle is streamlined and can be seamlessly executed with
service network vulnerable and wastes precious resources intelligent automation, from detection, traffic diversion to
and time during critical moments. scrubbing center, as well as mitigation and reporting after
the incident.
Due to the increasing volume and complexity of modern-
day DDoS attacks, DDoS protection has also evolved. A The A10 Defend suite, consisting of Detector, Mitigator,
holistic DDoS protection suite is needed. A10 Defend DDoS Orchestrator, and Threat Control, helps organizations
Detector, part of the holistic A10 Defend suite, is a high- enable more effective DDoS protection and/or create
performance network-wide DDoS detection solution with profitable DDoS scrubbing services for their customers.
higher precision and intelligence. A10 Networks is available when you need help most. A10
Networks support provides 24x7x365 services, including
A10 Defend DDoS Detector is a standalone network flow- emergency assistance from the A10 DDoS Security Incident
based traffic anomaly detection technology that collects Response Team (DSIRT) to immediately help you understand
network flows information via NetFlow or IPFIX from and respond to DDoS incidents.
routers, tracks the traffic behavior and patterns and creates
a baseline profile using unique indicators. It supports
continuous traffic-pattern learning, eliminating tedious and
time-consuming work while ensuring dynamic thresholds
for precise anomaly detection and faster mitigation.

A10 Defend DDoS Protection Suite

A10 Defend DDoS Detector A10 Defend DDoS Mitigator

High-performance NetFlow, sFlow, IPFIX-based DDoS High precision, automated, scalable, and intelligent
detector to easily manage the scale and heterogenous DDoS mitigation solution is delivered as hardware or
nature of SP networks, resulting in a unified DDoS virtual appliances ranging from 1 Gbps to over 1 Tbps.
protection solution.

A10 Defend DDoS Orchestrator A10 Defend Threat Control​

Enables organizations to gain a global view of their Standalone SaaS plat​form proactively establishes
environments to rapidly identify and remediate DDoS a robust first layer of defense by offering actionable
attacks and ensure that policies are consistently analytics and blocklists.
enforced from a central point.​

©️2025 A10 Networks, Inc. All rights reserved. 2

 A10 DEFEND DDOS DETECTOR | DATA SHEET

Benefits

Maximize Simplify
Service Availability Deployment and Operation

Downtime results in immediate productivity and revenue DDoS protection deployment and operation can be a very
loss for any business. It’s critical for organizations to complicated process and no organization has unlimited
protect their network infrastructure, mission-critical trained personnel or resources available as SecOps teams
applications, and their subscribers and tenants from typically take care of many other security concerns and
today’s evolving DDoS attacks. Detector provides issues. The A10 Defend DDoS Protection suite offers a
precise traffic anomaly detection by leveraging unique complete solution from automated traffic profiling and
behavioral traffic indicators and continuous learning, monitoring, precise DDoS detection, minimizing false
which helps organization take appropriate actions and negatives and positives, along with seamless orchestration
remedies before the DDoS attack impacts their networks and traffic diversion, multi-modal mitigation with intelligent
and customers’ services. automation and auto-generating incident reporting. In
addition, A10's DSIRT is available to work live with SecOps
team at any stage of an DDoS attack incident.

Defeat
Modern Attacks $

Modern DDoS attacks have evolved far beyond simple

Reduce
volumetric flooding. They are now sophisticated, multi- Security OPEX
layered, and often leverage several techniques to evade When monitoring network-wide and large traffic volumes,
detection. For example, a reflection-amplification attack network flow-based DDoS detection is the right choice for
is a commonly used technique that typically exploits operational and cost effectiveness.
vulnerabilities in internet servers to amplify the attack
traffic, making it harder to identify the true source. A Detector is extremely efficient. It delivers unmatched high
carpet-bombing attack is another technique to spread performance in a small form factor, up to 6 million flows per
attack destinations to a wide range of IP addresses, making second in 1 RU, that allows coverage of a wide area of the
it harder to identify the target and possibly generating network (or consolidation of dozen of legacy flow-based
an unmanageable number of alerts. Sometimes these detectors into one). This results in a reduction of OPEX with
techniques can be combined. Detector has multiple significantly lower power usage, rack space, and cooling
detection mechanisms and can precisely detect such requirements.
complex targeted volumetric attacks.
Detector’s scale and intelligent automation orchestrated by
Orchestrator, simplifies the full DDoS protection workflow
and lifecycle from detection and mitigation to reporting,
while strengthening the security posture. The A10 Defend
DDoS solution maximizes effectiveness of the SecOps team
and reduces operational costs, resulting in better ROI.

©️2025 A10 Networks, Inc. All rights reserved. 3

 A10 DEFEND DDOS DETECTOR | DATA SHEET

Reference Architectures
Orchestrator
Reactive Deployment
API Communication Larger networks benefit from on-demand
mitigation, triggered manually or by flow
analytical systems. Detector is available as a
standalone appliance (hardware or virtual).
API, sFlow,
Detector Mitigator Syslogs The flow-based DDoS detection is tightly
Suspected integrated with Orchestrator and Mitigator
Traffic
Clean
UI for a intelligent and automated DDoS defense
BGP / Traffic solution. Mitigator is capable of sending
BGP FlowSpec
GUI, REST API BGP FlowSpec for better collaborating with
Flow
Information upstream routers.

Edge Router Access Router Firewall Services

Detection-only Deployment
DDoS Signal,
API
Orchestrator To build a DDoS protection strategy and
Alert System milestone, it’s recommended to get a good
API Communication
understanding of network traffic and
anomalous activities. The A10 Defend suite
Detector can be deployed in detection-only mode using
Detector and Orchestrator to provide insights
UI into network traffic for the monitored entity
and make the organization aware of real
GUI, REST API DDoS activities based on collected network-
Flow
Information flow information. In the case where Detector
has detected a DDoS attack, the detailed
information is available in Orchestrator, or the
alert can be forwarded to organization’s alert
Edge Router Access Router Firewall Services
system.

©️2025 A10 Networks, Inc. All rights reserved. 4

 A10 DEFEND DDOS DETECTOR | DATA SHEET

Features
High Performance Precise
Detection Behavioral Anomaly Detection

Detector provides unmatched performance for network flow No organization can afford service downtime; thus, DDoS
collection and DDoS detection, processing up to 6 million detection plays a crucial role for minimizing the impact
flows per second (fps) on a hardware appliance and up to from imminent DDoS attacks. DDoS Detector tracks the
1.5 million fps on a virtual appliance. Detector can allow network traffic pattern using unique traffic and behavioral
monitoring of up to 3,000 protected objects with zone indicators, not only packet rate (pps) or volume (bps), but
configuration or covering hundreds of class-B or thousands also protocol or behavior-based rate such as TCP empty
of class-C network subnets in a network object configuration ACK rate and SYN/FIN ratio, and automatically learns and
with unique automated network discovery technology. This builds behavioral traffic profiles for each service defined
enables fewer devices to manage and simplifies deployment under the zone object. This technique provides precise
and management as 10 or more legacy flow-based DDoS detection by reducing false negatives and enabling faster
detection systems can be consolidated into one A10 Defend time-to-detect operation.
DDoS Detector.

Smart Automatic
Victim Identification Baselining and Profiling

Detector’s network region object uses the victim Baselining traffic patterns is the foundation of effective
identification technology that is suitable for service DDoS detection. Traditionally, baselining network traffic was
providers who need an automated DDoS defense solution a manual burden, hindering agility and accuracy. Detector
to protect their enterprise subscribers and network and provides automated baselining that continuously learns
service infrastructure against volumetric DDoS attacks traffic patterns and adapts using various and unique traffic
as well as carpet-bombing attacks. It uses intelligent indicators. This eliminates tedious work while ensuring
automation to adaptively slice the monitored network dynamic thresholds. Whether facing seasonal spikes or
entities and hierarchically profile each entity of active emerging threats, real-time adjustments help ensure
subnet or IP based on real-time traffic distribution. precise anomaly detection and faster mitigation. Automation
Narrowing down the scope of the victim helps conserve delivers speed and efficiency as well as flexibility and
DDoS scrubbing center resources and enables efficient granular control. Customized baselines and thresholds can
operations. When it comes to detection strategy, it uses be leveraged for specific subscribers, services, or even
advanced baselining using a characteristic histogram in individual servers for pinpoint precision for simple and faster
parallel with automatic baselining using volume-centric detection. Through automated baselining for streamlined
traffic indicators, ensuring high-precision DDoS detection. defense, an organization can focus on what matters most —
protecting their network and business.

Intelligent
Automation

The A10 Defend suite provides a complete and automated DDoS protection solution for service providers and large
enterprises who are securing services and subscribers from DDoS attacks. A10 Defend DDoS Detector works in concert with
DDoS Mitigator and Orchestrator in a reactive or on-demand deployment. When an attack is detected and reported by a
Detector, Orchestrator instructs Mitigator to initiate the mitigation along with sending a BGP notification for redirecting the
suspicious traffic. Then Mitigator applies adaptive countermeasures including five levels of progressive mitigation policies
with auto-escalation and machine learning powered automated zero-day attack pattern recognition before delivering the
clean traffic to the intended destination.

©️2025 A10 Networks, Inc. All rights reserved. 5

 A10 DEFEND DDOS DETECTOR | DATA SHEET

A10 Defend DDoS Detector Physical Appliance Specifications

Thunder Thunder Thunder Thunder
DDoS Detector
3350-E 5845-40G 5845 7445
Flow Detection Performance
Flows Per Second (fps) 1 Million 3 Million*3 3 Million 6 Million

Network Interface
1 GE Copper 6 0 0 0

1 GE Fiber (SFP) 2 0 0 0

1/10 GE Fiber (SFP+) 8+4*1 48 48 48

1/10 GE Fiber (Fixed) 0 0 0 0

40 GE Fiber (QSFP+) 0 0 0 0

100 GE Fiber 0 4 (QSFP28) 4 (QSFP28) 4 (QSFP28)

Management Ports Ethernet mgmt. port, RJ-45 console port

Hardware Specifications
Processor Intel Xeon Intel Xeon Intel Xeon 2 x Intel Xeon
8-core 18-core*3 18-core 18-core

Memory (ECC RAM) 16 GB 64 GB *3 64 GB 128 GB

Storage SSD SSD SSD SSD

Hardware Acceleration Software 2 x FTA-4, SPE 2 x FTA-4, SPE 3 x FTA-4, SPE

Dimensions (inches) 1.75 (H) x 17.5 (W) x 18(D) 1.75 (H) x 17.5 (W) x 30 (D) 1.75 (H) x 17.5 (W) x 30 (D) 1.75 (H) x 17.5 (W) x 30 (D)

Rack Units (mountable) 1U 1U 1U 1U

Unit Weight 18 lbs 34.3 lbs 34.3 lbs 35.7 lbs

Dual 750W RPS Dual 1500W RPS Dual 1500W RPS Dual 1500W RPS
Power Supply (DC option available)
80 Plus Platinum efficiency, 100-240 VAC, 50-60 Hz

Power Consumption (typical/max)*2 151W / 205W 585W / 921W 585W / 921W 784W / 1,078W

Heat in BTU/Hour (typical/max) *2

516 / 700 1,997 / 3,143 1,997 / 3,143 2,676 / 3,679

Cooling Fan (front-to-back airflow) Hot swap smart fans

Operating Ranges Temperature 0° - 40° C | Humidity 5% - 95%

Regulatory Certifications FCC Class A, UL, CE, FCC Class A, UL, CE, FCC Class A, UL, CE, FCC Class A, UL,
UKCA, CB, VCCI, BSMI, CB, VCCI, KCC, BSMI, UKCA, CB, VCCI, KCC, BSMI, CE, CB, VCCI, BSMI,
RCM | RoHS RCM | RoHS RCM | RoHS RCM | RoHS

Standard Warranty 90-day hardware and software

Hardware specifications and performance numbers are subject to change without notice and may vary depending on configuration and environmental conditions.
As for network interface, it’s highly recommended to use A10 Networks qualified optics/transceivers to ensure network reliability and stability.

*1 10Gbps speed only | *2 With base model |

*3 The number of flows per second (fps), and the number of active CPU core counts and memory size may vary depending on the module license .| ^ Certification in process

©️2025 A10 Networks, Inc. All rights reserved. 6

 A10 DEFEND DDOS DETECTOR | DATA SHEET

A10 Defend DDoS Detector Virtual Appliance Specifications

DDoS Detector Virtual Appliance

Supported Hypervisors VMware ESXi 6.7 or higher (SR-IOV)

Hardware Requirements See installation guide

Standard Warranty 90-day software

Virtual Appliance License and Sizing Recommendations*

Zone Object Configuration

Flows Per Second (fps) 150K 500K 1.5M

vCPU 2 3 5

vRAM 16 GB 32 GB 64 GB

vDisk 40 GB 40 GB 40 GB

Network Object Configuration

Flows Per Second (fps) 150K 500K 1.5M

vCPU 6 8 24

vRAM 16 GB 32 GB 64 GB

vDisk 40 GB 40 GB 40 GB

* Using A10 Defend DDoS Detector (formerly Thunder TPS) standalone Detector image.

©️2025 A10 Networks, Inc. All rights reserved. 7

 A10 DEFEND DDOS DETECTOR | DATA SHEET

Detailed Feature List

Features may vary by appliance.

Detection/Analysis High-performance, Scalable Platform

• Network flow-based anomaly detection • Advanced Core Operating System (ACOS)
• Individual detection policies for more than 256K servers and services • Linear application scaling
• Continuous behavioral learning and profiling • ACOS on data plane
• Automated adaptive thresholds • Linux on control plane
• Custom thresholds • IPv6 feature parity
• Behavioral traffic indicators and top talkers • Security policy engine (SPE) enabling hardware acceleration for policy enforcement*
• Inbound and outbound detection • High-performance hardware blocking*
• Service discovery
• Victim network/host dentification
Carrier-grade Hardware*
• Advanced hardware architecture
Protected Objects • Hot-swap redundant power supplies (AC and DC)
• Protected zone for per-service level monitoring • Smart fans (hot swap)
• Protected zone for per-IP level monitoring • Solid-state drive (SSD)
• Network object for subnet and IP level monitoring • Tamper detection
• 40 GbE and 100 GbE ports

Actions
• Anomaly notification signal (start / stop) Security and Capability Assurance Certifications*
• Reporting and visibility • Common Criteria EAL 2+
• Fully automated mitigation using A10 Defend Orchestrator and Mitigator • FIPS 140-1 Level 1 Compliance (all)
• Manual mitigation using A10 Defend Orchestrator and Mitigator

Management
• Dedicated on-box management interface (GUI, CLI, SSH, Telnet)
• A10 Defend Orchestrator for comprehensive management
• SNMP, syslog, email alerts
• REST API (aXAPI)
• LDAP, TACACS+, RADIUS support
• Configurable control CPUs

Telemetry
• Rich traffic and DDoS statistics counters
• sFlow
• NetFlow v5, v9, IPFIX
• Custom counter blocks for flow-based export
• High-speed logging
• CEF logging
• REST API (aXAPI)

* Features and certifications may vary by appliance.

Learn More ©2025 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, Thunder, Harmony and SSL
Insight are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All
About A10 Networks other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies
in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication
Contact Us without notice. For the full list of trademarks, visit: A10Networks.com/a10trademarks.
A10Networks.com/contact Part Number: A10-DS-15138-EN-02 Jan 2025