Arbor applies analytics to security

Available as a cloud-delivered service or for on-premise use, Arbor’s Pravail Security Analytics service gives security professionals a powerful new tool to help identify subtle and sophisticated threats

  • 10 years ago Posted in

A year ago one of the questions going round security circles concerned why there was no application of big data analytics tools to security threat identification and management, especially as the threats were becoming far more sophisticated and subtle.

Well, now they are starting to appear, and what is more they are starting to appear as cloud-delivered services.    

One such comes from Arbor Networks, a provider of DDoS and advanced threat protection solutions, which has recently introduced Pravail Security Analytics. This is designed to provide advanced threat detection, incident response and security forensics.

The technology behind it was developed by Packetloop, a Sydney, Australia-based innovator in the field of Big Data Security Analytics. The company was acquired by Arbor in September 2013.

“Arbor is able to offer enterprise security teams the richest set of data regarding the activities happening on their network,” said Arbor Networks President Matthew Moynahan. “Pravail Security Analytics is a powerful solution that will allow our customers to see attacks on their global networks faster and in more detail than seen before. We’re focused on bringing meaningful context to massive amounts of data so that security teams can focus on the critical few, react faster and identify the threats lurking within their network environment before they impact the business.”

The attack intelligence used by the system comes from Arbor’s Atlas Active Threat Level Analysis System. This is a collaboration with nearly 300 service providers who share anonymous data with Arbor on up to 70TB/sec of global Internet traffic. This collective view delivers globally scoped insight into the attack landscape.

This data is analyzed by Arbor’s security research team, which then develops detection methodologies and creates fingerprints that identify threats and malicious activity occurring within the enterprise.

Today’s breed of attacker now uses stealthy and sophisticated methods to penetrate an organisation’s perimeter, and the indicators of compromise are often impossible to identify before it is too late. Defending against requires high speed analysis of the complete record of all traffic on a company’s network.

Pravail Security Analytics can be used for real-time attack response decisions, and by storing the data for future reviews, it can be looped to identify previously undetected attacks using the latest threat intelligence.

Organisations can securely upload packet captures to the system in the Cloud, meaning they can be cost-effectively analysing data within minutes of a threat being identified. For organisations that cannot upload their packet captures for compliance or regulatory reasons, Pravail can also be deployed as an on-premise solution using distributed Collector appliances operating in real time. The Collector appliances can be used to scale out storage or processing capabilities for high speed capture points, or for deployment into multiple locations to provide distributed coverage.

The technology in the Collectors can scale to meet network speeds, length of packet capture retention (for looping) and real-time processing speed. This means that full real-time functionality of Pravail Security Analytics is available for network speeds in excess of 10Gbps.

Controllers can also be scaled. They store all the metadata and make it available for analysis and can scale to support decades of processed data. At this time Controllers are only available in a physical appliance or by using the cloud platform.

A production demonstration of the Cloud solution is available that can be used with pre-existing data sets. This enables the user to test drive the solution firsthand. A free trialof the Cloud solution is also available, enabling users to analyse their own network packet captures for threats, anomalies and misuse. The free trial allows users to upload up to 1GB of their data for thirty days.

Next generation product set provides end-to-end, digitally sovereign cloud services.
Cockroach Labs has formed a new partnership with Crayon, a global provider of software and cloud...
Console Connect and Wasabi Technologies to support businesses with fast and secure cloud migration...
West Midlands Trains is owned by Transport UK. Operating London Northwestern Railway and West...
AWS becomes the Official Generative AI Provider of the DFL as part of its long-term innovation...
Alliance will focus on modernising IT infrastructures by streamlining connectivity to multiple...
New serverless Inference-as-a-Service offering available from Vultr across six continents and 32...
Google Cloud and Akeneo have formed a technology partnership that will boost Akeneo’s innovation...