Arbor has a long history in botnet research and DDoS mitigation. However, as DDoS has moved from just a diversion to be a feature of malware and botnets used in cybercrime and APT attacks, Arbor has expanded its research team and research capabilities to tackle additional threat types.
What separates Arbor’s security intelligence from other vendors is how the team uses its pervasive service provider footprint and critical partnerships to obtain and analyze security events. The rich data that comes from this intelligence is passed on to customers through the ATLAS® Intelligence Feed, giving them both a micro view of their own network combined with a macro view of global Internet traffic; this is a powerful combination of network security intelligence that is unrivaled today.
Critical components include:
ATLAS is the world’s first and largest globally scoped threat analysis network. Launched in 2007 in partnership with a group of Arbor service provider customers, ATLAS delivers unparalleled visibility into the backbone networks that form the Internet’s core. As the power of this data became evident, participation has grown to 300 customers who have agreed to share anonymous traffic data, totaling an amazing 90 Tbps or approximately one-third of all Internet traffic. With the actionable intelligence provided by ATLAS, Arbor customers can make timely and informed decisions about their network security, as well as service creation, market analysis, capacity planning and application trends.
Red Sky Alliance
Arbor Networks is a founding member of the Red Sky® Alliance—a private social network of trusted security experts that collaborate on the identification and neutralization of malware and other advanced threats. As a member, Arbor has access to more than 23 million PCs being actively monitored for threat intelligence.
The research team uses a rich malware analysis backend system comprised of both external partner technology along with internally developed analysis and processes.
ATLAS Intelligence Feed Benefits Across the Ecosystem
With ATLAS and the ATLAS Intelligence Feed, Arbor delivers unparalleled visibility into the backbone networks that form the Internet’s core down to the local networks in today’s enterprise.
Service providers can leverage ATLAS intelligence to make timely and informed decisions about their network security, service creation, market analysis, capacity planning, application trends, transit and peering relationships and potential content partner relationships.
Enterprise security teams can leverage the global threat intelligence of the ATLAS data to stay ahead of advanced threats and save significant time by eliminating the need to manually update the latest attack detection signatures. This unique feed includes geo-location data and automates the identification of attacks against infrastructure and services from known botnets and malware while ensuring that updates for new threats are automatically delivered without software upgrades.
ATLAS Security Portal
Arbor makes a subset of ATLAS intelligence available to the public through the ATLAS Security Portal. This portal displays host/port scanning activity, zero-day exploits/worm propagation, security events, vulnerability disclosures and dynamic botnet/phishing infrastructures. Additional portal features include:
- Global Threat Map – Real-time visibility into globally propagating threats
- Threat Briefs – Summaries for the most significant security events within the past 24 hours
- Top Threat Sources – A view of originating attack activity, based on country, ASN or host
- Threat Index – A summary of malicious activity traversing the Internet on that date
- Top Internet Attacks – A 24-hour snapshot of the major exploits launching attacks globally
- Vulnerability Risk Index – The most dangerous vulnerabilities being exploited on the Internet today