TAMA - proprietary Anti-DDoS

DDoS (distributed denial of service) attacks have become an inherent element of the Internet, regardless of whether we are aware of it as users or not. Such an attack involves saturating specific resources on the side of the server providing the service. If a service or website is unavailable, this can mean that it fell victim to such an attack. As you can easily guess, dealing with such threats has become bread and butter for all service providers on the Internet.

The battle for service availability involves applying every possible method. These range from manual and crude blocking of the attack target (and rescuing casual victims), to automated, sophisticated and multi-faceted filtering processes. Of course, the more convenient (less engaging and intrusive) the solution, the more expensive it becomes, and the distinguishing factors of DDoS attacks is the large gap between its costs, and the resources required to guarantee protection. 

Additionally, the nature of a distributed network of attack sources means that virtually only telecommunications operators (Internet providers) are able to efficiently organize defence measures. EXATEL is not alone in these activities and has even gone a step further.

The EXATEL approach

Attack techniques are constantly evolving; thus, it is necessary to update security measures. EXATEL decided to develop a proprietary solution called TAMA in response to the need to directly impact the evolution of anti-DDoS system development depending on real (and diversified at the same time) requirements of attacked clients.

Owing to the fact that we can continuously analyse network traffic characteristics, if we detect an unusual event (and classify it as malicious) – we are able to immediately respond and efficiently filter out malicious network traffic. We, therefore, enable the normal operation of an attacked website.

tama logotyp

What is TAMA?

TAMA is a scalable and efficient software solution protecting any network against DDoS (Distributed Denial of Service) attacks. EXATEL developed it as a service. Here, protection against volumetric DDoS attacks is based on a central platform.

TAMA consists of several elements:

  • Aperture monitors the network traffic from edge routers, aggregates statistical information and forwards them to the Controller.
  • Controller integrates information from probes in the form of “the current status of the monitored network”, saves them in an analytical database, makes decisions regarding detecting, sustaining and acknowledging an alarm, and starts and stops automatic mitigations.
  • GlaDDoS is a filtering unit. It is scalable. The bandwidth on a single GlaDDoS depends on the settings of the mitigation policy and parameters of the server it is running on. In order to achieve the best performance, our filter units are geographically dispersed.
  • Chell is a management console that enables administrators and operators to handle the security of our clients’ networks.
  • Client portal is an additional element that is used by our clients to observe alarms and mitigation triggered in regard to their facilities and to monitor traffic within their network.

How is the product innovative?

  • The architecture of our solution is based on widely available x86 equipment – and does not incorporate expensive FPGA and ASIC systems
  • Potential bandwidth of 100 Gb/s – owing to the application of effective scaling (vertical and horizontal) techniques
  • Proprietary mechanisms and techniques with machine learning elements
  • Possible multi-tenancy mode operation (simultaneous protection of numerous clients with different policies) and protection of lines regardless of the provider’s actions
  • Development of a fast and flexible decision-making engine to identify and neutralize threats.

What is ARFA?

ARFA is the continuation of the TAMA project – it is a set of additional modules that will be used to enhance the TAMA anti-DDoS solution.

ARFA will enable counteracting:

  • new volumetric attacks (owing to added new techniques in the field of DDoS attack detection and mitigation)
  • attacks on service server resources (including fragmentation attacks)
  • attacks on the application layer
  • BGP hijacking attacks.


The project is co-financed by the National Centre for Research and Development (NCBiR) as part of the “Cybersecurity and e-Identity” program. The value of the project is PLN 11,502,685.00, of which the co-financing value is PLN 8,116,987.00.

Project title: ARFA – a multi-context software development solution against advanced DDoS (Distributed Denial of Service) attacks.

Co-financing agreement number: CYBERSECIDENT / 487721/2021 / IV / NCBR / 2021.

Project implementation period: 01/06/2021 – 31/05/2023.

Does this topic interest you? Check out our Blog

Work on the TAMA EXATEL project

Senior Developer

There are 3 things that I find important for the position of a software developer – who I work with, what I work on and why do I do it? I value cooperation with people who are simply willing to work – who have seen and worked with many systems, but are still constantly learning and looking for new solutions. This is why I work on research and development projects at EXATEL. The people, challenges and the possibility to shape the project – all this gives me satisfaction in my daily activity.

Marcin Skwarek

Frequently asked questions_

What is the process stack within the TAMA project?

How do you test your application? How do you ensure code quality?

How to effectively store IPv4 and IPv6 lists?

How do you document your code?

How do you communicate within the team? Mumble, Zoom, Rocket Chat, Signal? Why not Slack?

How does test automation look like?

How does the TAMA on-premises implementation process look like?

Where do the requirements and new functionality-related ideas come from?

What does the cooperation with clients and possible application expansions look like?

Do you have a good SCRUM? Has it worked for your project?