Arbor Networks, Inc., a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, announced today a new reputation-based threat feed as part of its ATLAS® Intelligence Feed (AIF) service. AIF is a research-driven feed of security policies designed to update Arbor’s Pravail products quickly and accurately by identifying threats based on real-world attack activity, reputation and behavior.
The introduction of AIF comes at a time when organizations are feeling ill-prepared for the variety of threats targeting their networks. According to a recently-released global survey of CISOs and senior IT executives that was sponsored by Arbor and conducted by the Economist Intelligence Unit, only 17 percent of business leaders feel fully prepared for an incident. The report, titled Cyber Incident Response: Are business leaders ready? also found that 41 percent of business leaders noted that a better understanding of potential threats would help them feel better prepared to respond to those threats. The ATLAS Intelligence Feed helps to address this problem of visibility and threat context that business leaders are looking for.
Dynamic, Global Attack Intelligence
Arbor Networks has built a massive, global intelligence network centered around ATLAS, a unique collaboration with nearly three hundred service provider customers who have agreed to share anonymous traffic data with Arbor. This massive traffic data set, totaling 80Tbps, is combined with information from a global honeypot network of sensors in dark IP address space as well as strategic partnerships, such as the Red Sky Alliance.
This rich data set is then turned into actionable intelligence from ongoing research and analysis performed by Arbor’s Security Engineering & Response Team (ASERT). ASERT is one of the largest dedicated research organizations in the security industry, combining 25 security analysts with a diverse set of expertise, including Fortune 25 Computer Emergency Response Teams (CERTs) to former law enforcement, threat mitigation vendors and well-known malware researchers. Viewing the attack landscape with this security lens, and utilizing custom tools for malware indexing and botnet simulation, ASERT develops threat intelligence for customers, complete with the security context required to detect and stop specific threats, and continuously enhance their security posture over time.
“Many vendors can identify attacks and create signatures that can recognize and block these attacks but this is an outdated and reactive approach. What ASERT does is not only identify attacks, but analyze and catalog attack infrastructures and methods so that more proactive security policies can be deployed by customers. Context matters. We’re not just looking at a botnet or piece of malware, but reverse engineering entire botnets and malware families,” said Arbor Networks Director of Security Research, Dan Holden.
In addition to updating security policies in Arbor’s products, ASERT shares this operational intelligence with hundreds of international CERTs and with thousands of network operators around the world. Examples of ASERT’s unique insight and analysis can be found on their blog. Recently published research includes a detailed look at Point of Sale malware, NTP reflection/amplification DDoS attacks and the Zeus Gameover banking Trojan.
True Reputation Analysis Enhances ATLAS Intelligence Feed
On a daily basis, ASERT gathers approximately over 100,000 malware samples from ATLAS and other sources, with a focus on Advanced Persistent Threats, geo-political campaigns, financial fraud and DDoS. The malware samples are then run through an automated threat analysis system where they are classified. Unique attacks are stored in a database with millions of such analyses. When a new botnet or application-layer attack is detected, an attack policy is created, distributed and installed in Arbor’s Pravail products via the ATLAS Intelligence Feed.
Unlike many other solutions, which rely on signatures for policy creation, ASERT assigns reputation policies based on actual malware reverse engineering and botnet analysis. Rather than relying purely on signatures or commonly used industry lists, ASERT has engineered an extremely high-fidelity threat identification technology that can be fully relied upon. ASERT collects security data from hundreds of thousands of malware samples and other threat intelligence. The data and indicators are analyzed using a rich malware analysis and patent pending backend system comprised of both external partner technology along with internally built analysis and processes. Key indicators of an attack are extracted; these can include IP addresses, ports, domain names, URLs or regular expressions. To ensure the most comprehensive analysis, ASERT compares the identified attack indicators with other industry reports, as well as data from the Red Sky Alliance. The team then classifies and categorizes these indicators into policies that are uploaded at multiple daily intervals to Pravail appliances via the ATLAS Intelligence Feed. AIF provides the backbone of security data for Pravail, enabling rapid detection of attack activity with valuable detail to help prioritize and enable remediation.
Arbor’s Pravail Product Family
“Organizations are looking for solutions that help them deal with the problem of advanced threats hidden within their networks. Arbor has a unique combination of NetFlow, packet capture and global threat intelligence from their ATLAS infrastructure to address today's dynamic threats that evade signature-based solutions,” said John Grady, research manager for Security Products at IDC.
Informed by the knowledge and expertise of ATLAS and ASERT, Arbor’s Pravail products are designed to protect enterprises against advanced threats and DDoS attacks.
Pravail® Network Security Intelligence acts as the central nervous system for security deployments. It sits inside the network and collects information on network traffic patterns and security events that are occurring throughout the network, alerting security teams to those events that indicate an attack or breach is in progress. Pravail Network Security Intelligence helps customers protect intellectual property and data from theft or loss caused by advanced malware threats, internal network misuse or abuse, or via infected mobile devices connected to the network.
About Arbor Networks
Arbor Networks, Inc. (arbornetworks.com) helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context - so customers can solve problems faster and help reduce the risk to their business.
Trademark Notice: Arbor Networks, Peakflow, ArbOS, ATLAS, Pravail, Arbor Cloud, Cloud Signaling, the Arbor Networks logo and Arbor Networks: Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brand names may be trademarks of their respective owners.
Product Information Contact:
Mr. Mahmoud Samy, Arbor Networks Dubai, UAE
Mobile: +971 (50) 4522823