Arbor beefs up PeakFlow threat detection

Using network fingerprints

Arbor collects traffic data from more than 100 of its customer networks and uses the anonymized information to get a global view of malicious traffic from malware, phishing attempts, DDOS attacks and more as part of its Atlas Internet monitoring system. The fingerprints of this threat traffic are used to enhance the detection of malicious traffic in real time, Shah said.

"With the PeakFlow 5.0 release, we are taking the intelligence provided by Atlas and incorporating it into PeakFlow SP to do better security protection and better threat mitigation and to add to revenue-generating security services that our service provider customers can offer," Shah said.

PeakFlow SP 5.0 also includes a real-time mitigation dashboard, that provides "a pretty full picture of what is happening," Shah said. "They can see an event, which might be malicious or might be a legitimate spike in traffic." Using Peakflow TMS, a service provider can "start applying the right countermeasures immediately," Shah said. "It's up to providers in terms of how they want to do it."

The options for handling that traffic spike can vary from a fully manual to a fully automated response, Shah said. Arbor provides mitigation templates that set countermeasures based on the type of anomaly and do auto-mitigation to reduce the operational burden to the service provider.  One common approach, Shah said, is a hybrid model which automates responses to common threats but has a manual override for addressing new emerging threats or other phenomenon that require the expertise of a security engineer.

Managed security services

"The platform also provides the tool set or the ability to deliver new revenue-generating services," Shah said. "Our customers have looked to vendors like Arbor and said, 'We have made an investment in Peakflow and Peakflow TMS to secure our network; can we also use that same investment to roll out revenue-generating services to our enterprise customers?' We have a number of providers – over 30 – who have launched service offerings for DDOS protection to enterprises customers based on Peakflow and now are looking at moving beyond the early adopter stage to moving to a larger base of customers."

The new service possibilities include visibility of MPLS-based Virtual Private Networks, Shah said. "The adoption of those on the Peakflow platform is pretty limited, but as Arbor grows and the platform becomes more ingrained, we will be looking at new ways to take that investment and deliver more to the end customer."

Analyst Vorhaus said he expects to see greater integration of the deep packet inspection capabilities Arbor acquired when it bought Ellacoya.

"That is what we are really looking at as the point at which they become a very interesting player," Vorhaus said. "Once there is that clear nexus of the two products – that is the vision now, but when you think about the functionality and the way these things are operated and sold, they are still pretty separate. Ellacoya could bring even greater visibility into what is happening in the network."