The introduction of AIF comes at a time when organizations are feeling ill-prepared for the variety of threats targeting their networks. According to a recently-released global survey of CISOs and senior IT executives that was sponsored by Arbor and conducted by the Economist Intelligence Unit, only 17 percent of business leaders feel fully prepared for an incident. The report, titled Cyber Incident Response: Are business leaders ready? (http://www.arbornetworks.com/
Dynamic, Global Attack Intelligence
Arbor Networks has built a massive, global intelligence network centered around ATLAS, a unique collaboration with nearly three hundred service provider customers who have agreed to share anonymous traffic data with Arbor. This massive traffic data set, totaling 80Tbps, is combined with information from a global honeypot network of sensors in dark IP address space as well as strategic partnerships, such as the Red Sky Alliance.
This rich data set is then turned into actionable intelligence from ongoing research and analysis performed by Arbor’s Security Engineering & Response Team (ASERT). ASERT is one of the largest dedicated research organizations in the security industry, combining 25 security analysts with a diverse set of expertise, including Fortune 25 Computer Emergency Response Teams (CERTs) to former law enforcement, threat mitigation vendors and well-known malware researchers. Viewing the attack landscape with this security lens, and utilizing custom tools for malware indexing and botnet simulation, ASERT develops threat intelligence for customers, complete with the security context required to detect and stop specific threats, and continuously enhance their security posture over time.
“Many vendors can identify attacks and create signatures that can recognize and block these attacks but this is an outdated and reactive approach. What ASERT does is not only identify attacks, but analyze and catalog attack infrastructures and methods so that more proactive security policies can be deployed by customers. Context matters. We’re not just looking at a botnet or piece of malware, but reverse engineering entire botnets and malware families,” said Arbor Networks Director of Security Research, Dan Holden.
In addition to updating security policies in Arbor’s products, ASERT shares this operational intelligence with hundreds of international CERTs and with thousands of network operators around the world. Examples of ASERT’s unique insight and analysis can be found on theirblog (http://www.arbornetworks.com/
True Reputation Analysis Enhances ATLAS Intelligence Feed
On a daily basis, ASERT gathers approximately over 100,000 malware samples from ATLAS and other sources, with a focus on Advanced Persistent Threats, geo-political campaigns, financial fraud and DDoS. The malware samples are then run through an automated threat analysis system where they are classified. Unique attacks are stored in a database with millions of such analyses. When a new botnet or application-
Unlike many other solutions, which rely on signatures for policy creation, ASERT assigns reputation policies based on actual malware reverse engineering and botnet analysis. Rather than relying purely on signatures or commonly used industry lists, ASERT has engineered an extremely high-fidelity threat identification technology that can be fully relied upon. ASERT collects security data from hundreds of thousands of malware samples and other threat intelligence. The data and indicators are analyzed using a rich malware analysis and patent pending backend system comprised of both external partner technology along with internally built analysis and processes. Key indicators of an attack are extracted; these can include IP addresses, ports, domain names, URLs or regular expressions. To ensure the most comprehensive analysis, ASERT compares the identified attack indicators with other industry reports, as well as data from the Red Sky Alliance. The team then classifies and categorizes these indicators into policies that are uploaded at multiple daily intervals to Pravail appliances via the ATLAS Intelligence Feed. AIF provides the backbone of security data for Pravail, enabling rapid detection of attack activity with valuable detail to help prioritize and enable remediation.
About Arbor Networks
Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,”
To learn more about Arbor products and services, please visit our website at arbornetworks.com. (http://arbornetworks.com/)
Trademark Notice: Arbor Networks, Peakflow, ArbOS, ATLAS, Pravail, Arbor Cloud, Cloud Signaling, the Arbor Networks logo and Arbor Networks: Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brand names may be trademarks of their respective owners.
Product Information Contact:
Mr. Mahmoud Samy
Mobile: +971 (50) 4522823/ +971 (55) 4522823