Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Arbor Data Sheet ATLAS ® Intelligence Feed A smarter response to security threats Security threats can take many forms—from downed networks to unauthorized use to data theft—and today’s businesses must be on constant guard against attackers that are highly organized and resourceful. Advanced threats are a challenge for both network and security teams as they combine multiple types of very targeted attacks executed at different times at multiple points on the network. Organizations need to quickly and accurately identify an attack or breach has occurred so that they can implement mitigation strategies before the organization is impacted. Addressing Advanced Threats Key Features and Benefits High-Fidelity Up-to-Date Protection The ATLAS Intelligence Feed is continuously updated with the latest threat information to maintain the most accurate detection policies across all Pravail and Peakflow products. Broad Attack Identification The ATLAS Intelligence Feeds uses information from multiple resources, including real attack data from ATLAS, to help identify hundreds of thousands of attacks. Fast Attack Response The ATLAS Intelligence Feed policies provide valuable context to each attack, enabling a faster, more informed response. Research-based Reputation Analysis Reputation information is used to rapidly and constantly update the ATLAS Intelligence Feed ensuring that legitimate traffic is not flagged as malicious. The ATLAS Intelligence Feed from Arbor Networks arms customers with policies and countermeasures that enable them to quickly address attacks as part of an advanced threat. The ATLAS Intelligence Feed is a service of the Arbor Security Engineering and Response Team (ASERT) and enables customers to directly benefit from the depth and breadth of Arbor’s research capability. Arbor Networks has a strong portfolio of products designed for both enterprise and service provider networks. As new attack information is discovered, the ATLAS Intelligence Feed is updated and changes are delivered automatically to Arbor products via a subscription over a secured SSL connection arming them with the latest threat intelligence to thwart modern day attacks or advanced threats. Dynamics of an Effective Security Feed A security intelligence feed is only as good as the information used to create it. The changing nature of advanced threats requires a dedicated security research team with cutting-edge tools and processes for analyzing not only the underlying code of the attack, but the full architecture of how the attack is designed, weaponized and executed. Arbor’s world class team of security researchers are dedicated to discovering and analyzing emerging Internet threats and developing targeted defenses. Arbor uses a sophisticated combination of attack data collection, partner information and analysis tools to create ATLAS Intelligence Feed policies that not only provide detection of advanced threats but also the context required for informed mitigation decisions. ATLAS Honey Pots Spam Traps Security Community ASERT Security Intelligence Arbor Products Peakflow® Pravail® Security Analytics Pravail® Network Security Intelligence Pravail® Availability Protection System How Does the ATLAS Intelligence Feed Protect Organizations From DDoS and Botnets? The ATLAS Intelligence Feed has been proven effective by many Arbor Networks customers at blocking the latest targeted, complex and sophisticated attacks. To more accurately detect threats to the network, the ATLAS Intelligence Feed: • Identifies threats regardless of attack volume; no waiting for an attack to reach a volume threshold before defending. • Uses multiple levels of protection aligning with confidence levels. • Applies attack intelligence contributed from advanced controlled detonation of millions of malware samples. • Includes reverse engineering of specific malware as well as all malware related to a botnet. • Actively monitoring Internet threats around the clock utilizing Arbor’s global honeypot network. • ATLAS is a collaborative project with more than 300 customers who have agreed to share anonymous traffic data totaling an amazing 90 Tbps, or approximately one-third of all Internet traffic. One of the key technologies behind the ATLAS Intelligence Feed is Arbor’s dynamic reputation intelligence. Reputation intelligence augments the existing data within the ATLAS Intelligence Feed policies to keep network users from visiting sites known to be hosting malware or operating as command and control servers. Unlike other reputation service offerings, Arbor’s feed is updated frequently to account for rapidly changing attacker behavior, which helps ensure more effective and accurate attack detection. Other critical assets for ASERT’s ATLAS Intelligence Feed delivery include: ATLAS What separates Arbor from other vendors is how we leverage this pervasive service provider footprint to benefit all of our customers. ATLAS is a collaborative project with more than 300+ customers who have agreed to share anonymous traffic data with totaling an amazing 90 Tbps or approximately one-third of all Internet traffic. From this unique vantage point, Arbor is ideally positioned to deliver intelligence about DDoS, malware and botnets that threaten Internet infrastructure and network availability. Arbor customers enjoy a considerable competitive advantage by giving them both a micro view of their own network combined with a macro view of global Internet traffic; this is a powerful combination of network security intelligence that is unrivaled today. Red Sky Alliance Arbor Networks is a founding member of the Red Sky® Alliance—a private social network of trusted security experts that collaborate on the identification and neutralization of malware and other advanced threats. Red Sky members share actionable intelligence to effectively combat complex and stealthy attacks that often go undetected by traditional security defenses. The intelligence from the Red Sky Alliance complements Arbor’s existing real-time security intelligence gathered via ATLAS, providing an unparalleled level of visibility into both DDoS and advanced threats. Key Uses for Security Intelligence Each product within the Arbor Networks’ portfolio is designed to address a different problem or audience. However, all of the products can consume the ATLAS Intelligence Feed—though they analyze the information differently. Some of the products analyze NetFlow and some of the products look at network packets. Policies within the Feed will include relevant information for each product. • Pravail® Availability Protection System: Beyond blocking availability threats based on bandwidth thresholds, the Pravail Availability Protection System uses the ATLAS Intelligence Feed policies to identify multiple types of DDoS attacks including ‘low and slow’ attacks aimed at the application layer. In addition, the ATLAS Intelligence Feed helps the Pravail Availability Protection System detect and stop certain categories of botnets from compromising the network. By stopping these availability and botnet threats from entering the network, it enables other security devices to do the jobs they were intended to do. • Pravail® Network Security Intelligence: Security intelligence provided by ATLAS Intelligence Feed detects security events immediately upon compromise. With Pravail Network Security Intelligence, organizations can monitor traffic and activity going to and from the most critical assets, with the context and information to escalate events for further investigation. • Pravail® Security Analytics: ATLAS security intelligence within Pravail Security Analytics enables organizations to dig deeply into attack events for forensic analysis. The attack indicators present in the feed help identify what the attack is/was capable of in the network and where it spread. In addition, as new ATLAS Intelligence Feed indicators are added, existing data captures can be “looped” back through to uncover attacks that may have occurred in the past as well as where those attacks might have spread. • Peakflow®: Security intelligence from the ATLAS Intelligence Feed provides Peakflow customers with the ability to quickly detect large scale DDoS attacks before they cause service outage to customers. Arbor has a long history in botnet research and DDoS mitigation. However, as DDoS has moved from just a diversion to be a feature of malware and botnets used in cybercrime and APT attacks, Arbor has expended its ASERT team and research capabilities to tackle additional threat types. • Peakflow® Threat Management System: ATLAS Intelligence Feed policies in the Peakflow Threat Management System give organizations detailed information about DDoS attacks to quickly and confidently begin blocking them. This accuracy is critical in blocking malicious attacks that can result in costly downtime. Breaking Down the Intelligence Feed There are two subscriptions available for the ATLAS Intelligence Feed—Standard and Advanced. With two subscriptions, customers can choose the level of attack detection and/or protection that fits their needs. There are several features that make ASERT uniquely capable of detecting millions of advanced threats including targeted attacks, campaigns, malware and mobile botnets. These features include: ATLAS Intelligence Feed: Standard With the standard feed customers can detect and/or address some of the most prevalent attacks targeting business today, including malware, botnets and denial of service. The policies and countermeasures are constantly updated to with new attack information to provide broad, accurate detection. Examples of the policies and countermeasures included this feed are included below. Category Pravail Sub-Category of Threats APS Command and Control • Peer to Peer • HTTP • IRC DDoS Reputation Threats • Attacker • Target Malware • Webshell • Ransomware • RAT • Fake Anti Virus • Banking • Virtual Currency • Spyware • Drive By • Social Network IP Geo Location • Identify location by country for sources of inbound • Identify location by country for destinations of outbound traffic NSI • Valuable partnerships such as the Red Sky Alliance, which provides access to more than 23 million PCs being actively monitored for threat intelligence. Peakflow SA SP How Arbor Networks is Uniquely Positioned to Address Advanced Threats TMS • Reputation monitoring and active tracking of attack campaigns based on real world indicators from the Red Sky alliance. • A rich malware analysis backend system comprised of both external partner technology along with internally built analysis and processes. ASERT uses this threat data and analysis to develop the ATLAS Intelligence Feed, which is used by Arbor customers to detect events occurring in, on and around the network. The combination of this microview (on the network) and the macroview of global internet traffic (delivered via the ATLAS portal), gives customers a distinct advantage for addressing advanced threats. • DDoS Bot • Dropper • Ad Fraud • Worm • Credential Theft • Backdoor • Other • Exploit Kit • Point of Sale DDoS RegEx • Identifies DDoS attackers based upon IP address indicators from ATLAS • Identifies DDoS targets based on indicators from ATLAS HTTP Flooder Web Crawler Identification • Identify inbound connections to web services from known search engines ET Pro • IDS Signatures Comes standard with SA deployments Figure 1 Example threats identified using the AIF Standard feed. All countermeasures and policies are continuously updated, so above list may change at any time. *IP-Geo Location updated in SP and TMS products via product patch. * * ATLAS Intelligence Feed: Advanced The Advanced ATLAS Intelligence Feed is designed for organizations that are concerned with stealthy, more subtle attacks. With a subscription to this feed, customers get all of the countermeasures and policies included in the Standard feed, as well as additional policies for uncovering attack behaviors indicative of ongoing, campaign-style attacks— those that are highly customized to a specific business and are difficult to detect because they may appear legitimate. Examples of countermeasures and policies included in this subscription are included below. Category Sub-Category of Threats Location Based Threats • Traffic Anonymization Services • TOR • Proxy • Sinkholes • Scanner • Other Email Threats • Spam • Phishing Targeted Attacks • APT • Hacktivism • RAT • Watering Hole • Rootkit Mobile • Mobile C&C • Spyware • Malicious App Pravail APS NSI Peakflow SA SP TMS Figure 2 Example threats identified using the ATLAS Intelligence Feed Advanced feed. Countermeasures and policies are continuously updated, so the above list may change at any given time. The Advanced subscription is currently not available to Peakflow or Peakflow Threat Management System customers. Corporate Headquarters 76 Blanchard Road Burlington, MA 01803 USA Toll Free USA +1 866 212 7267 T +1 781 362 4300 North America Sales Toll Free +1 855 773 9200 Europe T +44 207 127 8147 Asia Pacific T +65 68096226 www.arbornetworks.com © 2014 Arbor Networks, Inc. All rights reserved. Arbor Networks, the Arbor Networks logo, Peakflow, ArbOS, Pravail, Cloud Signaling, Arbor Cloud, ATLAS, We see things others can’t.™ and Arbor Networks. Smart. Available. Secure. are all trademarks of Arbor Networks, Inc. All other brands may be the trademarks of their respective owners. DS/AIF/EN/1114-LETTER Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context — so customers can solve problems faster and help reduce the risk to their business.