Download ATLAS® Intelligence Feed

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

Distributed firewall wikipedia , lookup

Cyberwarfare wikipedia , lookup

Computer and network surveillance wikipedia , lookup

Computer security wikipedia , lookup

Signals intelligence wikipedia , lookup

Denial-of-service attack wikipedia , lookup

Mobile security wikipedia , lookup

Cybercrime countermeasures wikipedia , lookup

Transcript 
Arbor Data Sheet
ATLAS ® Intelligence Feed
A smarter response to security threats
Security threats can take many forms—from downed networks to unauthorized use to
data theft—and today’s businesses must be on constant guard against attackers that
are highly organized and resourceful. Advanced threats are a challenge for both network
and security teams as they combine multiple types of very targeted attacks executed
at different times at multiple points on the network. Organizations need to quickly and
accurately identify an attack or breach has occurred so that they can implement
mitigation strategies before the organization is impacted.
Addressing Advanced Threats
Key Features and Benefits
High-Fidelity Up-to-Date Protection
The ATLAS Intelligence Feed is
continuously updated with the latest
threat information to maintain the most
accurate detection policies across all
Pravail and Peakflow products.
Broad Attack Identification
The ATLAS Intelligence Feeds uses
information from multiple resources,
including real attack data from ATLAS,
to help identify hundreds of thousands
of attacks.
Fast Attack Response
The ATLAS Intelligence Feed
policies provide valuable context to
each attack, enabling a faster, more
informed response.
Research-based Reputation Analysis
Reputation information is used to
rapidly and constantly update the ATLAS
Intelligence Feed ensuring that legitimate
traffic is not flagged as malicious.
The ATLAS Intelligence Feed from Arbor Networks arms customers with policies and
countermeasures that enable them to quickly address attacks as part of an advanced
threat. The ATLAS Intelligence Feed is a service of the Arbor Security Engineering and
Response Team (ASERT) and enables customers to directly benefit from the depth
and breadth of Arbor’s research capability.
Arbor Networks has a strong portfolio of products designed for both enterprise and service
provider networks. As new attack information is discovered, the ATLAS Intelligence Feed is
updated and changes are delivered automatically to Arbor products via a subscription over
a secured SSL connection arming them with the latest threat intelligence to thwart modern
day attacks or advanced threats.
Dynamics of an Effective Security Feed
A security intelligence feed is only as good as the information used to create it. The
changing nature of advanced threats requires a dedicated security research team with
cutting-edge tools and processes for analyzing not only the underlying code of the attack,
but the full architecture of how the attack is designed, weaponized and executed.
Arbor’s world class team of security researchers are dedicated to discovering and
analyzing emerging Internet threats and developing targeted defenses. Arbor uses a
sophisticated combination of attack data collection, partner information and analysis tools
to create ATLAS Intelligence Feed policies that not only provide detection of advanced
threats but also the context required for informed mitigation decisions.
ATLAS
Honey Pots
Spam Traps
Security Community
ASERT Security Intelligence
Arbor Products
Peakflow®
Pravail® Security
Analytics
Pravail® Network Security Intelligence
Pravail® Availability Protection System
How Does the ATLAS
Intelligence Feed Protect
Organizations From DDoS
and Botnets?
The ATLAS Intelligence Feed has
been proven effective by many Arbor
Networks customers at blocking
the latest targeted, complex and
sophisticated attacks.
To more accurately detect threats
to the network, the ATLAS
Intelligence Feed:
• Identifies threats regardless of
attack volume; no waiting for an
attack to reach a volume threshold
before defending.
• Uses multiple levels of protection
aligning with confidence levels.
• Applies attack intelligence contributed
from advanced controlled detonation
of millions of malware samples.
• Includes reverse engineering of
specific malware as well as all
malware related to a botnet.
• Actively monitoring Internet threats
around the clock utilizing Arbor’s
global honeypot network.
• ATLAS is a collaborative project with
more than 300 customers who have
agreed to share anonymous traffic
data totaling an amazing 90 Tbps,
or approximately one-third of all
Internet traffic.
One of the key technologies behind the ATLAS Intelligence Feed is Arbor’s dynamic
reputation intelligence. Reputation intelligence augments the existing data within the
ATLAS Intelligence Feed policies to keep network users from visiting sites known to be
hosting malware or operating as command and control servers. Unlike other reputation
service offerings, Arbor’s feed is updated frequently to account for rapidly changing
attacker behavior, which helps ensure more effective and accurate attack detection.
Other critical assets for ASERT’s ATLAS Intelligence Feed delivery include:
ATLAS
What separates Arbor from other vendors is how we leverage this pervasive service
provider footprint to benefit all of our customers. ATLAS is a collaborative project with
more than 300+ customers who have agreed to share anonymous traffic data with
totaling an amazing 90 Tbps or approximately one-third of all Internet traffic. From this
unique vantage point, Arbor is ideally positioned to deliver intelligence about DDoS,
malware and botnets that threaten Internet infrastructure and network availability. Arbor
customers enjoy a considerable competitive advantage by giving them both a micro view
of their own network combined with a macro view of global Internet traffic; this is a
powerful combination of network security intelligence that is unrivaled today.
Red Sky Alliance
Arbor Networks is a founding member of the Red Sky® Alliance—a private social network
of trusted security experts that collaborate on the identification and neutralization of
malware and other advanced threats. Red Sky members share actionable intelligence to
effectively combat complex and stealthy attacks that often go undetected by traditional
security defenses. The intelligence from the Red Sky Alliance complements Arbor’s
existing real-time security intelligence gathered via ATLAS, providing an unparalleled
level of visibility into both DDoS and advanced threats.
Key Uses for Security Intelligence
Each product within the Arbor Networks’ portfolio is designed to address a different
problem or audience. However, all of the products can consume the ATLAS Intelligence
Feed—though they analyze the information differently. Some of the products analyze
NetFlow and some of the products look at network packets. Policies within the Feed
will include relevant information for each product.
• Pravail® Availability Protection System: Beyond blocking availability threats based
on bandwidth thresholds, the Pravail Availability Protection System uses the ATLAS
Intelligence Feed policies to identify multiple types of DDoS attacks including ‘low and
slow’ attacks aimed at the application layer. In addition, the ATLAS Intelligence Feed
helps the Pravail Availability Protection System detect and stop certain categories
of botnets from compromising the network. By stopping these availability and botnet
threats from entering the network, it enables other security devices to do the jobs
they were intended to do.
• Pravail® Network Security Intelligence: Security intelligence provided by ATLAS
Intelligence Feed detects security events immediately upon compromise. With Pravail
Network Security Intelligence, organizations can monitor traffic and activity going to
and from the most critical assets, with the context and information to escalate events
for further investigation.
• Pravail® Security Analytics: ATLAS security intelligence within Pravail Security Analytics
enables organizations to dig deeply into attack events for forensic analysis. The attack
indicators present in the feed help identify what the attack is/was capable of in the
network and where it spread. In addition, as new ATLAS Intelligence Feed indicators
are added, existing data captures can be “looped” back through to uncover attacks that
may have occurred in the past as well as where those attacks might have spread.
• Peakflow®: Security intelligence from the ATLAS Intelligence Feed provides Peakflow
customers with the ability to quickly detect large scale DDoS attacks before they cause
service outage to customers.
Arbor has a long history in botnet
research and DDoS mitigation.
However, as DDoS has moved from
just a diversion to be a feature of
malware and botnets used in cybercrime
and APT attacks, Arbor has expended
its ASERT team and research capabilities to tackle additional threat types.
• Peakflow® Threat Management System: ATLAS Intelligence Feed policies in the
Peakflow Threat Management System give organizations detailed information about
DDoS attacks to quickly and confidently begin blocking them. This accuracy is critical
in blocking malicious attacks that can result in costly downtime.
Breaking Down the Intelligence Feed
There are two subscriptions available for the ATLAS Intelligence Feed—Standard and
Advanced. With two subscriptions, customers can choose the level of attack detection
and/or protection that fits their needs.
There are several features that
make ASERT uniquely capable
of detecting millions of advanced
threats including targeted attacks,
campaigns, malware and mobile
botnets. These features include:
ATLAS Intelligence Feed: Standard
With the standard feed customers can detect and/or address some of the most
prevalent attacks targeting business today, including malware, botnets and denial of
service. The policies and countermeasures are constantly updated to with new attack
information to provide broad, accurate detection. Examples of the policies and
countermeasures included this feed are included below.
Category
Pravail
Sub-Category of Threats
APS
Command and
Control
• Peer to Peer
• HTTP
• IRC
DDoS Reputation
Threats
• Attacker
• Target
Malware
• Webshell
• Ransomware
• RAT
• Fake Anti Virus
• Banking
• Virtual Currency
• Spyware
• Drive By
• Social Network
IP Geo Location
• Identify location by country for
sources of inbound
• Identify location by country for
destinations of outbound traffic
NSI
• Valuable partnerships such as the
Red Sky Alliance, which provides
access to more than 23 million
PCs being actively monitored for
threat intelligence.
Peakflow
SA
SP
How Arbor Networks is Uniquely
Positioned to Address Advanced
Threats
TMS
• Reputation monitoring and active
tracking of attack campaigns based
on real world indicators from the
Red Sky alliance.
• A rich malware analysis backend
system comprised of both external
partner technology along with internally built analysis and processes.
ASERT uses this threat data and analysis to develop the ATLAS Intelligence
Feed, which is used by Arbor customers
to detect events occurring in, on and
around the network. The combination
of this microview (on the network) and
the macroview of global internet traffic
(delivered via the ATLAS portal), gives
customers a distinct advantage for
addressing advanced threats.
• DDoS Bot
• Dropper
• Ad Fraud
• Worm
• Credential Theft
• Backdoor
• Other
• Exploit Kit
• Point of Sale
DDoS RegEx
• Identifies DDoS attackers based upon
IP address indicators from ATLAS
• Identifies DDoS targets based on
indicators from ATLAS HTTP Flooder
Web Crawler
Identification
• Identify inbound connections to web
services from known search engines
ET Pro
• IDS Signatures
Comes standard with
SA deployments
Figure 1 Example threats identified using the AIF Standard feed. All countermeasures
and policies are continuously updated, so above list may change at any time.
*IP-Geo Location updated in SP and TMS products via product patch.
*
*
ATLAS Intelligence Feed: Advanced
The Advanced ATLAS Intelligence Feed is designed for organizations that are concerned
with stealthy, more subtle attacks. With a subscription to this feed, customers get all of
the countermeasures and policies included in the Standard feed, as well as additional
policies for uncovering attack behaviors indicative of ongoing, campaign-style attacks—
those that are highly customized to a specific business and are difficult to detect because
they may appear legitimate. Examples of countermeasures and policies included in this
subscription are included below.
Category
Sub-Category of Threats
Location Based
Threats
• Traffic Anonymization Services
• TOR
• Proxy
• Sinkholes
• Scanner
• Other
Email Threats
• Spam
• Phishing
Targeted Attacks
• APT
• Hacktivism
• RAT
• Watering Hole
• Rootkit
Mobile
• Mobile C&C
• Spyware
• Malicious App
Pravail
APS
NSI
Peakflow
SA
SP
TMS
Figure 2 Example threats identified using the ATLAS Intelligence Feed Advanced feed. Countermeasures and
policies are continuously updated, so the above list may change at any given time. The Advanced subscription
is currently not available to Peakflow or Peakflow Threat Management System customers.
Corporate Headquarters
76 Blanchard Road
Burlington, MA 01803 USA
Toll Free USA +1 866 212 7267
T +1 781 362 4300
North America Sales
Toll Free +1 855 773 9200
Europe
T +44 207 127 8147
Asia Pacific
T +65 68096226
www.arbornetworks.com
© 2014 Arbor Networks, Inc. All rights
reserved. Arbor Networks, the Arbor Networks
logo, Peakflow, ArbOS, Pravail, Cloud Signaling,
Arbor Cloud, ATLAS, We see things others
can’t.™ and Arbor Networks. Smart. Available.
Secure. are all trademarks of Arbor Networks,
Inc. All other brands may be the trademarks
of their respective owners.
DS/AIF/EN/1114-LETTER
Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks
and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile
market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive
network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection
and mitigation of malware and malicious insiders. Arbor also delivers market-leading analytics for dynamic incident
response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier,” making network
and security teams the experts. Our goal is to provide a richer picture into networks and more security context —
so customers can solve problems faster and help reduce the risk to their business.
Related documents
Expert System
Expert System
天 津 大 学 文 件
天 津 大 学 文 件
Short Assignment #4 - Dr. John D. Cressler
Short Assignment #4 - Dr. John D. Cressler
What is AI? - faculty.cs.tamu.edu
What is AI? - faculty.cs.tamu.edu
What is AI? - TAMU Computer Science Faculty Pages
What is AI? - TAMU Computer Science Faculty Pages
Back on its feet
Back on its feet
intelligence artificielle
intelligence artificielle
Artificial Intelligence in Music and Art
Artificial Intelligence in Music and Art
Intelligent Information Processing
Intelligent Information Processing
Artificial Intelligence
Artificial Intelligence
Artificial Intelligence Education Special Track:
Artificial Intelligence Education Special Track: