Arbor Networks, announced a new reputation-based threat feed as part of its ATLAS Intelligence Feed (AIF) service. AIF is a research-driven feed of security policies designed to update Arbor’s Pravail products by identifying threats based on real-world attack activity, reputation and behavior.
The introduction of AIF comes at a time when organizations are feeling ill-prepared for the variety of threats targeting their networks. According to a recently-released global survey of CISOs and senior IT executives that was sponsored by Arbor and conducted by the Economist Intelligence Unit, only 17 % of business leaders feel fully prepared for an incident.
Arbor Networks has built a massive, global intelligence network centered around ATLAS, a unique collaboration with nearly three hundred service provider customers who have agreed to share anonymous traffic data with Arbor. This massive traffic data set, totaling 80Tbps, is combined with information from a global honeypot network of sensors in dark IP address space as well as strategic partnerships, such as the Red Sky Alliance.
This data set is then turned into actionable intelligence from ongoing research and analysis performed by Arbor’s Security Engineering & Response Team (ASERT). “Many vendors can identify attacks and create signatures that can recognize and block these attacks but this is an outdated and reactive approach. What ASERT does is not only identify attacks, but analyze and catalog attack infrastructures and methods so that more proactive security policies can be deployed by customers. Context matters. We’re not just looking at a botnet or piece of malware, but reverse engineering entire botnets and malware families,” said Arbor Networks Director of Security Research, Dan Holden.
In addition to updating security policies in Arbor’s products, ASERT shares this operational intelligence with hundreds of international CERTs and with thousands of network operators around the world.On a daily basis, ASERT gathers approximately over 100,000 malware samples from ATLAS and other sources, with a focus on Advanced Persistent Threats, geo-political campaigns, financial fraud and DDoS. The malware samples are then run through an automated threat analysis system where they are classified. Unique attacks are stored in a database with millions of such analyses. When a new botnet or application-layer attack is detected, an attack policy is created, distributed and installed in Arbor’s Pravail products via the ATLAS Intelligence Feed.