Advanced Threats: Why You Have to See It to Protect it
Today, Arbor Networks proudly releases Pravail Network Security Intelligence (NSI) to the public. Pravail NSI provides cost-effective, enterprise-wide visibility into the network as well as insight into applications, content and users in order to better secure the network. Rather than providing visibility and intelligence only at the vanishing enterprise perimeter, NSI offers pervasive visibility throughout the enterprise. This is critical as advanced threats have been designed to evade existing perimeter-based security defenses.
As enterprises fight the growing advanced malware threat, they have to re-evaluate existing security tools. Firewalls and IPS devices have designed to protect the perimeter from inbound threats, but the threat has simply evolved from ingress exploit-based threats to targeted, hidden malware surreptitiously stealing confidential data and intellectual property.The stealthy malware requires monitoring the entire network as some only target internal resources. Moreover, the leaky enterprises means data might leave the enterprise through unauthorized points and not only the monitored perimeter.
Through flow-based telemetry and application-layer analytics, NSI provides the security intelligence to detect advanced malware & botnets, remove infected users introduced, identify new users and devices (BYOD), and more — not just at the enterprise perimeter. By seeing the threats throughout the network, enterprises can detect new threats and then can stop them using the right tools. This also means going beyond ports and protocols only and looking deeper into applications and services. The “halcyon” days of just stopping the threat without context or analytics are done. Visibility and security intelligence are key.
The engine driving the visibility and intelligence is the Arbor Threat Feed (ATF). Arbor’s research team, ASERT, monitors over 35 Tbps of global Internet traffic via the ATLAS initiative; furthermore, ATLAS includes a large number of global sensor deployments which capture and examine malware samples. The team leverages the unique data in ATLAS to create fingerprints (ATF) for advanced malware, botnets, phishing attacks, trojans, spam sources, and more. The feed is sent to NSI to then detect these threats in enterprise networks.
Lastly, the Pravail family includes both APS and now NSI. APS is built to stop DDoS attacks and botnets, and the combination of both APS and NSI gives enterprise the complete solution including threat blocking. More is coming in the Pravail family for enterprises, and we are definitely excited about its future.