BGP signal collector that gathers routing intelligence and network topology data from strategic vantage points across the internet. Pulse feeds routing anomalies into the Augur intelligence layer for threat prediction and provides topology data to Aegis for optimal enforcement point placement.
Key Features
Routing Anomaly Detection
Pulse monitors BGP routing updates to detect anomalies that indicate potential threats. BGP hijacking attempts, traffic redirection patterns, and routing instabilities provide early warning of attacks before they impact services. These routing anomalies feed into Augur for correlation with other signals.
Network Topology Intelligence
Comprehensive mapping of network topology and autonomous system relationships enables intelligent policy placement. Aegis uses this topology data to determine optimal enforcement points, ensuring that protective policies deploy at the most effective locations for threat mitigation.
IP and ASN Reputation
Routing pattern analysis generates reputation data for IP addresses and autonomous systems. Historical routing behavior, hijacking incidents, and traffic manipulation attempts contribute to reputation scores that inform threat predictions and policy decisions.
BGP Data Standards Support
Pulse supports industry-standard BGP data formats including MRT dumps and BMP streams, enabling integration with existing routing infrastructure and providing standardized data ingestion for analysis.
Historical Routing Analysis
The BGP time machine capability enables analysis of historical routing data to understand attack patterns, track threat actor infrastructure, and investigate security incidents after they occur.
Detection Capabilities
BGP Hijacking Prevention
Real-time monitoring of BGP announcements detects hijacking attempts where attackers announce unauthorized routes to intercept traffic. Pulse identifies suspicious route origins, AS path anomalies, and unexpected RPKI validation failures, feeding this intelligence to Augur for threat assessment.
Traffic Redirection Detection
Subtle routing changes that redirect traffic through unexpected paths indicate preparation for man-in-the-middle attacks or DDoS campaigns. Pulse detects these routing shifts and correlates them with other signals to predict attacker intentions.
DDoS Preparation Detection
Attackers often manipulate routing to position amplification infrastructure before launching DDoS attacks. Pulse identifies unusual routing patterns associated with known attack infrastructure, providing advance warning that enables defensive preparations.
Attack Infrastructure Tracking
By tracking routing announcements and withdrawals of malicious infrastructure, Pulse helps identify attacker resources and patterns. This intelligence contributes to IP and ASN reputation scoring that informs policy decisions across the platform.
Integration
Pulse operates as a signal collector within the Perforlabs Predictive Defense Fabric, feeding routing intelligence to Augur for AI-powered threat prediction. The routing anomalies detected by Pulse combine with network flow data from Flux and DNS patterns from Pythia to enable comprehensive threat assessment. Topology data from Pulse enables Aegis to deploy policies at optimal enforcement points, while feedback from xfw about network-level attacks helps refine routing anomaly detection.
Use Cases
- Network operators ensuring BGP hijacking prevention through routing anomaly detection
- Security teams tracking threat actor infrastructure and predicting attacks
- Service providers using topology data for optimal DDoS mitigation policy placement
- Detection of complex attacks that manipulate both routing and traffic patterns
- Incident investigation using historical routing data and BGP time machine capabilities
Technical Details
Pulse deploys at strategic network vantage points to gather comprehensive routing intelligence. Integration with existing BGP infrastructure requires no changes to production routing systems, enabling passive monitoring that provides visibility without operational risk. The system scales to handle full internet routing tables while maintaining the real-time analysis required for effective threat detection.