Peakflow SP 5.0 Integrates Fingerprint Sharing
Issue Date: 20 May, 2009
Arbor Networks’ Peakflow SP 5.0 Integrates Fingerprint Sharing For Automated Threat Detection and Mitigation
Integrated Threat Management
System Improves DNS, HTTP, VoIP Service Visibility,
Performance and
Protection
Arbor Networks, a leading provider of secure service control solutions for global business networks, today announced the availability of version 5.0 of Arbor Peakflow SP, the industry’s leading network-wide infrastructure security and traffic-monitoring platform. The new Peakflow SP 5500 device nearly doubles the performance and scalability of the previous version. Peakflow SP now includes ATLAS-enabled fingerprint creation, alerting and mitigation; deeper visibility into the performance and security of business critical applications; and enhanced reporting capabilities that allow service providers to analyse traffic to and from peers, by markets and by geography.
More than 300 customers, including the majority of world’s service providers and many large enterprises, rely on Arbor’s Peakflow SP platform for cost-effective, pervasive and intelligent visibility into network and application level traffic, as well as the ability to quickly recognise and mitigate security threats. Peakflow SP remains a strategic investment for service providers, allowing them to utilise the same solution for infrastructure visibility and security to deliver new, differentiated, revenue-generating managed services such as MPLS VPN visibility and DDoS managed security services.
“As enterprises struggle with the size and complexity of today’s network security threats such as distributed denial of service attacks, they are increasingly turning to their service providers for help. The providers see this as a new revenue opportunity and are aggressively marketing clean pipes services to their enterprise customers,” said Robert Ayoub, industry manager with the Frost & Sullivan North America Information and Communication Technologies Practice. “Arbor is uniquely positioned to take advantage of this trend because they enable providers to deliver these security services by leveraging existing investments in Arbor technology.”
Key Enhancements to Peakflow SP 5.0
"Version 5.0 of Peakflow SP includes significant security enhancements that automate fingerprint delivery and attack mitigation, delivering enhanced visibility and protection of critical Network and Hosting services,” said Dennis Brouwer, vice president, Global Network Solutions at Savvis. “Not only are these important technical capabilities, but they save time and staffing resources. In addition, we expect significant cost savings and network optimisation from the improved peering analysis and reporting. The Peakflow platform continues to evolve and deliver real value for Savvis' global network."
Enhanced Threat Detection and Mitigation via ATLAS Fingerprints
Working with its service provider customers, Arbor has created the world's largest distributed darknet sensor network. This network, together with anonymised traffic data from 100+ customer networks, form the core of the ATLAS Internet monitoring system. ATLAS data enables Arbor’s security researchers to develop a globally-scoped view of malicious traffic traversing the backbone networks that form the Internet's core. With this unique vantage point, Arbor is uniquely positioned to deliver intelligence about malware, exploits, phishing and botnets. In Peakflow SP 5.0, this information is aggregated, analysed and fed back to customers via Fingerprints, or network behavioural patterns of attacks. The combination of ATLAS data and Fingerprints provides much finer detection of threats such as botnet command and control (C&C) sites, phishing sites, worms and more. No other company has either aggregated this much real-time information about what is happening across the Internet or developed the means for fully integrated threat detection and mitigation.
Additional threat detection and mitigation capabilities include:
§ Real-Time Mitigation Dashboard - A single console provides a real-time view into mitigation alerts and statistics; allows drill down for configuration of counter measures; and provides the ability to capture and view raw packet decodes for detailed forensics or troubleshooting.
§ Unified Alerting and Workflow - A single interface combines all threshold, DDoS, BGP and ATLAS fingerprint alerts. The new user interface also has real-time search, annotation and classification capabilities which streamline the workflow and reduce time to problem resolution.
“Peakflow SP 5.0 raises the bar for service provider security by leveraging the global insight of Arbor's ATLAS Internet monitoring system and its Active Threat Feed (ATF) based fingerprints to automate both detection and mitigation of today’s most sophisticated threats,” said Danny McPherson, Arbor Networks chief security officer.
“This release also enhances service visibility, monitoring and protection, enabling providers to define triple-play services within Peakflow SP for security, performance and growth monitoring, and to protect critical infrastructure like Domain Name System (DNS) servers. Peakflow SP is a robust platform that delivers incredible return on investment to network operators around the world via critical infrastructure protection, operational cost savings and enhanced revenue generation,” continued Danny McPherson.
Deeper Insight into Network Traffic for Cost Savings and Revenue Generation
One of the main traditional value propositions of Peakflow SP is its ability to conduct robust peering/transit analysis. Peakflow SP 5.0 enhances this functionality by delivering new features that allow providers to gain deeper visibility into the traffic that enters and leaves their network. This is essential for proper network engineering, cost optimization and security, and it also enables the potential to uncover new service opportunities. Key features include:
§ On-Demand Packet Analysis - Providers gain deeper visibility into the network and traffic for troubleshooting, fault prevention, performance monitoring and security forensics.
§ Global Geography Reports - Analyse peering traffic by geography, market, most used services and threat activity.
§ Expanded Transit Peering Reports - Gain a better understanding as to where their customer traffic is destined beyond initial peers.
Service Visibility, Performance and Protection via Integrated Threat Management System
With the 5.0 release, the fully integrated Peakflow SP Threat Management System (TMS) device now provides application/service layer visibility, threat detection and mitigation, allowing service providers to improve service visibility, monitor key performance metrics and protect services from threats via new functionality such as:
§ Expanded Visibility & Reporting –Peakflow SP, along with TMS, now automatically recognises 90 applications or allows the operator to define custom applications/services based upon a combination of IP addresses, TCP ports, application IDs, packet payload and Fingerprint definitions. There are also many new HTTP, VoIP and DNS specific reports that provide deeper visibility into the applications and services running on the network.
§ Performance Monitoring - Peakflow SP TMS not only determines what applications and services are running on the network, but also how these services are performing. By monitoring key performance metrics such as jitter, response time, packet loss and more, Peakflow SP TMS can automatically recognise and help solve service performance problems.
§ Service Protection - Peakflow SP TMS leverages the expanded visibility and performance-monitoring capabilities of Peakflow SP 5.0 by conducting service specific mitigation. For example, after a custom service is defined, Peakflow SP TMS can detect service anomalies and automatically protect the availability of the service by rate limiting non-malicious traffic (e.g., a flash crowd event) or blocking malicious traffic (e.g., a DoS attack).
Peakflow SP 5.0 will be generally available on June 1.
ENDS
About Arbor Networks
Arbor Networks is a leading provider of security and network management solutions for global business networks, including more than 70 percent of the world’s Internet service providers and many of the largest enterprise networks in use today. Arbor’s secure service control solutions give customers a single, unified view into their networks’ performance, helping them to quickly detect anomalous behaviour, mitigate threats and enforce policy. This translates into actionable business intelligence to generate new forms of revenue and to maintain a competitive advantage.
Arbor also maintains ATLAS – a unique collaborative effort with 100+ service providers across the globe sharing real-time security, traffic and routing information. No other entity today has both aggregated this much real-time information about what is happening across the Internet and developed the means for cross-provider collaboration that informs numerous business decisions.
For technical insight into the latest security threats and Internet traffic trends, please visit the ASERT blog.
ends