Disruptive Approach for Finding and Analyzing Advanced Attacks
Effective security requires searching for and finding attacks faster – not waiting and reacting after a significant breach is discovered. Arbor Networks SA captures and analyzes terabytes of network traffic data – in real time – so security teams can instantly identify attack activities that indicate the system has been compromised and take steps to remediate.
Features & Benefits
REAL TIME ATTACK DETECTION
When an attack has compromised your perimeter, quickly identifying it before it can do any damage is important. SA appliances can capture an analyze traffic in real time. This means your security team can constantly monitor critical assets and immediately identify malicious activity.
COMPREHENSIVE ANALYSIS FOR ATTACK TIMELINES
Advanced threats are often comprised of multiple types of threats. In many cases, once an attacker gets a foothold into the network they will launch additional attacks to escalate privileges and/or access other system. The SA platform leverages full packet captures to analyze beyond individual threats and instead create a detailed timeline of when the compromise first occurred, what communications occurred and what other systems were impacted.
POWERFUL VISUALIZATIONS AND INTERACTIONS
Effective analysis requires ongoing interaction with your data. SA gives you the tools to interact with your data like never before. First, powerful visualizations display data from multiple perspectives (attacker, target, location or attack type) enabling security analysts to quickly compare attack statistics from different periods or locations, over years or terabytes of traffic. Second, you can play, pause and rewind data to easily investigate threats and build attack timelines.
REANALYZE OLD DATA WITH NEW INTELLIGENCE
Determining initial compromise can be critical during attack investigations. The SA platform relies on a process called looping to identify previously undetected attacks. New security intelligence information is run against stored packet captures to determine if an attack compromised the system at an earlier date.
GLOBAL ATTACK INTELLIGENCE, LOCAL PROTECTION
The threat intelligence that keeps SA at the cutting edge of network security comes from data derived from Arbor’s ATLAS® (Active Threat Level Analysis System). Using this system, Arbor monitors Internet traffic to detect new threats that are targeting the enterprise. This data is analyzed by security experts within Arbor’s Security Engineering & Response Team (ASERT) and developed into effective analytics or detection methodologies.
RAPID DEPLOYMENT FOR MINIMIZED RISK
SA appliances are quick to set up and can immediately start capturing and analyzing packets in real time. By arming incident response teams with the tools to confidently and quickly identify attacks putting the business at risk, organizations can minimize the impact of advanced threats