|[April 02, 2014]
Arbor Networks Unique Global Attack Intelligence Integrated into Local Protection
BURLINGTON, Mass. --(Business Wire)--
Networks, Inc., a leading provider of DDoS and advanced threat
protection solutions for enterprise and service provider networks,
announced today a new reputation-based threat feed as part of its ATLAS®
Intelligence Feed (AIF) service. AIF is a research-driven feed of
security policies designed to update Arbor's Pravail products quickly
and accurately by identifying threats based on real-world attack
activity, reputation and behavior.
The introduction of AIF comes at a time when organizations are feeling
ill-prepared for the variety of threats targeting their networks.
According to a recently-released global survey of CISOs and senior IT
executives that was sponsored by Arbor and conducted by the Economist
Intelligence Unit, only 17 percent of business leaders feel fully
prepared for an incident. The report, titled Cyber
Incident Response: Are business leaders ready? also found that 41
percent of business leaders noted that a better understanding of
potential threats would help them feel better prepared to respond to
those threats. The ATLAS Intelligence Feed helps to address this problem
of visibility and threat context that business leaders are looking for.
Dynamic, Global Attack Intelligence
Arbor Networks (News - Alert) has built a massive, global intelligence network centered
around ATLAS, a unique collaboration with nearly three hundred service
provider customers who have agreed to share anonymous traffic data with
Arbor. This massive traffic data set, totaling 80Gbps, is combined with
information from a global honeypot network of sensors in dark IP address
space as well as strategic partnerships, such as the Red Sky Alliance.
This rich data set is then turned into actionable intelligence from
ongoing research and analysis performed by Arbor's Security Engineering
& Response Team (ASERT). ASERT is one of the largest dedicated research
organizations in the security industry, combining 25 security analysts
with a diverse set of expertise, including Fortune 25 Computer Emergency
Response Teams�(CERTs)�to former law enforcement, threat mitigation
vendors and well-known malware researchers. Viewing the attack landscape
with this security lens, and utilizing custom tools for malware indexing
and botnet simulation, ASERT develops threat intelligence for customers,
complete with the security context required to detect and stop specific
threats, and continuously enhance their security posture over time.
"Many vendors can identify attacks and create signatures that can
recognize and block these attacks but this is an outdated and reactive
approach. What ASERT does is not only identify attacks, but analyze and
catalog attack infrastructures and methods so that more proactive
security policies can be deployed by customers. Context matters. We're
not just looking at a botnet or piece of malware, but reverse
engineering entire botnets and malware families," said Arbor Networks
Director of Security Research, Dan Holden (News - Alert).
In addition to updating security policies in Arbor's products, ASERT
shares this operational intelligence with hundreds of international
CERTs and with thousands of network operators around the world. Examples
of ASERT's unique insight and analysis can be found on their blog.
Recently published research includes a detailed look at Point
of Sale malware, NTP
reflection/amplification DDoS attacks and the Zeus
Gameover banking Trojan.
True Reputation Analysis Enhances ATLAS Intelligence Feed
On a daily basis, ASERT gathers approximately over 100,000 malware
samples from ATLAS and other sources, with a focus on Advanced
Persistent Threats, geo-political campaigns, financial fraud and DDoS.
The malware samples are then run through an automated threat analysis
system where they are classified. Unique attacks are stored in a
database with millions of such analyses. When a new botnet or
application-layer attack is detected, an attack policy is created,
distributed and installed in Arbor's
Pravail products via the ATLAS Intelligence Feed.
Unlike many other solutions, which rely on signatures for policy
creation, ASERT assigns reputation policies based on actual malware
reverse engineering and botnet analysis. Rather than relying purely on
signatures or commonly used industry lists, ASERT has engineered an
extremely high-fidelity threat identification technology that can be
fully relied upon. ASERT collects security data from hundreds of
thousands of malware samples and other threat intelligence. The data and
indicators are analyzed using a rich malware analysis and patent pending
backend system comprised of both external partner technology along with
internally built analysis and processes. Key indicators of an attack are
extracted; these can include IP addresses, ports, domain names, URLs or
regular expressions. To ensure the most comprehensive analysis, ASERT
compares the identified attack indicators with other industry reports,
as well as data from the Red Sky Alliance. The team then classifies and
categorizes these indicators into policies that are uploaded at multiple
daily intervals to Pravail appliances via the ATLAS Intelligence Feed.
AIF provides the backbone of security data for Pravail, enabling rapid
detection of attack activity with valuable detail to help prioritize and
Arbor's Pravail Product Family
"Organizations are looking for solutions that help them deal with the
problem of advanced threats hidden within their networks. Arbor has a
unique combination of NetFlow, packet capture and global threat
intelligence from their ATLAS infrastructure to address today's dynamic
threats that evade signature-based solutions," said John Grady, research
manager for Security Products at IDC (News - Alert).
Informed by the knowledge and expertise of ATLAS and ASERT, Arbor's
Pravail products are designed to protect enterprises against advanced
threats and DDoS attacks.
Security Intelligence�acts as the central nervous system for
security deployments. It sits inside the network and collects
information on network traffic patterns and security events that are
occurring throughout the network, alerting security teams to those
events that indicate an attack or breach is in progress. Pravail Network
Security Intelligence helps customers protect intellectual property and
data from theft or loss caused by advanced malware threats, internal
network misuse or abuse, or via infected mobile devices connected to the
Security Analytics brings meaningful context to massive amounts of
data so that security teams can focus on the critical few, react faster
and identify the threats lurking within their network environment before
they impact the business. It can be used for real-time attack response
decisions, and by storing the data for future reviews, it can be looped
to identify previously undetected attacks using the latest threat
intelligence. Pravail Security Analytics also enables customers to
perform forensic analysis to determine effectiveness of controls,
tighten security and support various compliance requirements.
A free demo
of the Pravail Security Analytics cloud solution is available that
leverages pre-existing data sets. This enables the user to test drive
the solution and see its powerful capabilities firsthand. A free
trial of the cloud solution is also available, enabling users to
quickly analyze their own network packet captures for threats, anomalies
and misuse. The free trial allows users to upload up to 1GB of their
data for 30 days.
Pravail Availability Protection System helps secure the enterprise
perimeter from threats to the availability of a business' applications
and services -- in essence, its livelihood. Specifically, the Pravail
Availability Protection System helps protect enterprises against
application-layer DDoS attacks, and was built to stop attacks promptly
without upfront configuration or any user interaction. It delivers DDoS
attack identification and mitigation capabilities that can be rapidly
deployed, even during an attack.
About Arbor Networks
Arbor Networks, Inc. helps secure the world's largest enterprise and
service provider networks from DDoS attacks and advanced threats.�Arbor
is the world's leading provider of DDoS protection in the enterprise,
carrier and mobile market segments, according to Infonetics (News - Alert) Research.
Arbor's advanced threat solutions deliver comprehensive network
visibility through a combination of packet capture and NetFlow
technology, enabling the rapid detection and mitigation of malware and
malicious insiders. Arbor also delivers market-leading analytics for
dynamic incident response, historical analysis, visualization and
forensics. Arbor strives to be a "force multiplier," making network and
security teams the experts.�Our goal is to provide a richer picture into
networks and more security context - so customers can solve problems
faster and help reduce the risk to their business.
To learn more about Arbor products and services, please visit our
website at arbornetworks.com.
Arbor's research, analysis and insight, together with data from the ATLAS®
global threat intelligence system, can be found at the ATLAS
Trademark Notice: Arbor Networks, Peakflow, ArbOS, ATLAS, Pravail,
Arbor Cloud, Cloud Signaling, the Arbor Networks logo and Arbor
Networks: Smart. Available. Secure. are all trademarks of Arbor
Networks, Inc. All other brand names may be trademarks of their
Photos/Multimedia Gallery Available: http://www.businesswire.com/multimedia/home/20140402005515/en/
[ InfoTech Spotlight's Homepage ]