Arbor Networks announces new threat feed
Arbor Reveals Security Research Capability and New Intelligence Feed Built Into Pravail Solutions
Security Firm, Arbor Networks Inc has announced a new reputation-based threat feed as part of its ATLAS Intelligence Feed (AIF) service.
It was recently reported that organisations are unprepared for threats targeting their networks based on a recent global survey of CISOs and senior IT executives, sponsored by Arbor, which said that only 17% of business leaders feel fully prepared for an incident. The ATLAS Intelligence Feed is aimed to help to address this problem and provide visibility and threat context for business leaders.
Dan Holden, director of security research at Arbor Networks said: "Many vendors can identify attacks and create signatures that can recognise and block these attacks but this is an outdated and reactive approach. What ASERT [Arbor's Security Engineering & Response Team] does is not only identify attacks, but analyse and catalog attack infrastructures and methods so that more proactive security policies can be deployed by customers. Context matters. We're not just looking at a botnet or piece of malware, but reverse engineering entire botnets and malware families."
Arbor explains that AIF is a research-driven feed of security policies designed to update Arbor's Pravail products quickly and accurately by identifying threats based on real-world attack activity, reputation and behavior.
According to Arbor, it has built a massive, global intelligence network centered around ATLAS, collaborating with nearly 300 service provider customers who have agreed to share anonymous traffic data. This traffic data set, totals 80Tbps, is combined with information from a global honeypot network of sensors in dark IP address space as well as strategic partnerships, such as the Red Sky Alliance.
This rich data set is then turned into actionable intelligence from ongoing research and analysis performed by ASERT. Viewing the attack landscape with this security lens, and utilising custom tools for malware indexing and botnet simulation, ASERT develops threat intelligence for customers, complete with the security context required to detect and stop specific threats, and continuously enhance their security posture over time.
In addition to updating security policies in Arbor's products, ASERT shares this operational intelligence with hundreds of international CERTs and with thousands of network operators around the world.
On a daily basis, ASERT gathers approximately over 100,000 malware samples from ATLAS and other sources, with a focus on advanced persistent threats, geo-political campaigns, financial fraud and DDoS. The malware samples are then run through an automated threat analysis system where they are classified. Unique attacks are stored in a database with millions of such analyses. When a new botnet or application-layer attack is detected, an attack policy is created, distributed and installed in Arbor's Pravail products via the ATLAS Intelligence Feed.