Arbor Networks SP Insight

Big Data Analytics at the Speed of Thought for Faster Network Insights and Smarter Business Decisions

Arbor Networks SP Insight builds on Arbor Networks’ SP network industry-leading visibility platform, adding powerful new big data capabilities that create a photographic memory of network traffic data plus new visual analytics for exploring it at the speed of thought. Leverage Arbor SP’s unique flow annotations and enrichment to create context by matching this memory to your network topology, customers and traffic patterns – enabling you to conduct agile, multi-dimensional searches of raw and enriched data with unlimited filtering, the ability to maintain granularity over time, detailed retrospective drill-downs and effortless pivots from graphical to tabular visualizations – all while maintaining state on the event and period of interest.

SP Insight Graphic

Features & Benefits

Extends and Enhances Existing Arbor Networks SP Deployments

Arbor Networks SP’s value is extended and enhanced to retain high-fidelity, long-term storage of your annotated raw flow data and allow multi-dimensional, visual analysis.

Big Data Lake Provides Photographic Memory of Network Traffic

Store all raw network flows, with annotations and metadata for as long as your organization needs to retain them for real-time or historical, unstructured analysis.

Single Pane of Glass for Agile Analysis

Visualize complex queries and casual explorations in graphical and tabular formats from a single UI.

Atlas Portal

On November 30, 2016 Arbor Networks retired the public facing ATLAS portal site while the new ATLAS customer portal is being finalized. The Subscriber Reputation Feed (SRF) was also discontinued on this date. SRF subscribers will continue to receive data until the feed is discontinued. Data sharing with Computer Emergency Response Teams (CERTs) should not be affected by this change. Additionally, Arbor Customer and ATLAS subscribers now have the opportunity to subscribe to Arbor’s Security Engineering & Response Team (ASERT) threat research.

Arbor Networks’ Active Threat Level Analysis System (ATLAS®) is a view into the threat landscape and overall health of the internet. Arbor continuously collaborates with our customers to create and improve our mechanisms for delivering data, intelligence and policy in response to the ever evolving global threat landscape. We are working on a number of initiatives to improve the data sources for ATLAS and enhance the ATLAS user experience. As we focus our collective resources toward these new initiatives, it is necessary to retire resources that no longer represent the innovation that has always been the backbone of Arbor.

All traffic to the public facing ATLAS portal will be redirected to the newly updated Digital Attack Map, a collaboration with Jigsaw, a division of Google. The data presented in the newly enhanced Digital Attack Map represents a sampling of the attacks observed by the ATLAS system, presenting high level trends around significant attacks. The new system architecture moves all of this data from batch processing to real-time streaming, thereby ensuring that the data is up to date, and as accurate as possible. The data visualization gives users the ability to explore current and historical trends in DDoS attacks, see attacks by country, and make the connection to related news events on a daily basis.

If you have any questions, please don’t hesitate to reach out to your Arbor representative.

ASERT Threat Subscription Service

Arbor’s ASERT team is pleased to provide an automated threat research subscription service to our customer and partners. As a customer, you may sign up to receive weekly bulletins and/or situational threat briefs via email.

Click here to submit a subscription application

Note: To be approved, registrants must use their professional email addresses, and be either a customer or partner of Arbor Networks.

Subscription and Account Management

Once approved, you can change your account settings and access a repository of past ASERT Briefs here.

If you have any questions about your subscription status, please contact your account manager or Arbor representative. For technical support or help with any issues related to the subscription service, please email This email address is being protected from spambots. You need JavaScript enabled to view it..

How Arbor's Advanced Threat Platform Works

The Arbor Advanced Threat Platform delivers complete visibility into all activity on the network with real time flow and packet analysis, and fast and easy search into months of past activity. This disruptive approach allows an organization to see and search across the entire network—connecting visibility into global attacks on the Internet with activity on the Internal network. 

The security threat landscape has fundamentally changed. It is no longer advanced malware being missed by traditional defenses that represent the greatest risk to organizations. 

The majority of successful advanced threat attacks in the past two years never exploited a critical vulnerability, and many did not use malware as any of the tools to bypass the target’s defenses. 

Arbor has developed a new platform for the security team that allows them to surface and then search to detect, investigate and prove threats within and across the network like never before. 

See global, orchestrated attacks in real-time across your entire network. Arbor’s real time global threat intelligence harvested from its service provider network will be connected to an organization’s internal traffic patterns to detect the most damaging and dangerous threats. 

Search and surface anything within the network. Disrupts current security forensics models by providing complete visibility into all past and present network activity, at a fraction of the cost. 

Prove threats on your network faster. Designed with the security user in mind, smart, real-time workflows and analytics empower and scale security teams to investigate and prove threats 10x faster and more efficiently than existing solutions on the market today. 

Attack Campaigns: The Real Advanced Threat

Advanced threats have evolved from advanced malware to highly orchestrated attacks.

Here’s how Arbor uses advanced threat protection techniques to help fight off any APT threat. Traditional forms of advanced threat prevention are insufficient to defend against organized human adversaries using sophisticated combinations of tools and techniques across complex IT environments.

For years, the industry has concluded that an APT threat involves some sort of malware in order to be successful. While malware can be used to exploit a target, a change in the APT threat landscape has taken place, which extends beyond the need for malware or 0-day exploits; attack campaigns.

Attack campaigns are not just a one-and-done attack hoping to compromise an endpoint, but rather an objective focusing on a specific motive and mission with the intention to persevere until the campaign is deemed successful.

APT threat attack campaigns are:

  • Carefully planned incursions that draw on many APT threat attack tools and techniques
  • Crafted by well-funded human organizations
  • Tools and techniques of are designed by default to by-pass conventional advanced threat prevention controls
  • Proliferate on the network and create multiple paths or scenarios to complete the mission. Attack campaigns do not follow a simple sequence through an attack cycle
  • A simple criticality/severity scoring fails to highlight the real risk from the people behind an APT threat

Looking at the anatomy of an attack with a stealthier adversary, it’s easy to see where an attacker is best able to move within the network and to avoid detection from advanced threat prevention methods:

Arbor Networks Spectrum Attack Campaign

Turn traffic Into your security superpower.

Advanced malware is no longer the most dangerous enemy in the world of advanced threats. The new adversaries are human orchestrated attack campaigns — a series of hidden events engineered to create chaos. To find these new enemies, you must look within network traffic flowing through the complex boundaries of your organization.

Arbor Spectrum is a high-performance internal network traffic security solution that helps organizations detect and confirm hidden threats faster and more accurately than ever before. By merging an organization’s own threat and network activity with Arbor’s proven traffic intelligence and behavioral indicators, Arbor Spectrum enables security teams to discover the most damaging threats as they happen.

Epic Range, Faster Proof

Epic Range

See suspicious and malicious activity anywhere in your network
Unique to Arbor, ATLAS has a direct line to one-third of all Internet traffic — it is the backbone of our solutions and is unlike anything else on the market. With Arbor Spectrum you will discover the most damaging threats to your network as they happen, by merging your own threat and network activity with Arbor’s ATLAS traffic intelligence and our network and traffic behavioral indicators.

Faster Proof

Intelligently detect and confirm threats 10x faster.
Designed with the security user in mind and engineered from over a decade’s expertise in understanding Internet traffic behavior, Arbor Spectrum’s real-time workflows and analytics coupled with high-performance search of months of network data, empower security teams to detect and confirm threats 10x faster than existing solutions.

DDoS attacks continue to rise in size, frequency and complexity. Are you prepared to stop them before they impact the availability of your business?

DDoS attacks continue to rise in size, frequency and complexity. Are you prepared to stop them before they impact the availability of your business?

Businesses have never been more connected and dependent on the availability of websites and online services.

At a time when availability has never been more important, a DDoS attack has never been more innovative, dynamic or consequential. It won’t come as any surprise to security professionals that the modern DDoS attack is increasing in sophistication, scale and frequency.

So what changed? We’ve seen a renaissance in DDoS attack tools and techniques that has led to tremendous innovation. The barrier to entry has been obliterated by new tools that enable anyone with an Internet connection and a grievance to launch a DDoS attack. This is a true game changer in terms of the threat landscape and what businesses should consider themselves a potential target of attack. It used to be certain verticals would be likely targets for a DDoS attack; finance, gaming and e-commerce at the top of the list. Today, any business, for any reason, any real or perceived offense or affiliation, can become a target of a DDoS attack.

Beyond the democratization of DDoS are the advancements in attack techniques and targets. A DDoS attack today is in fact a series of attacks that target not just connection bandwidth, but multiple devices that make up your existing security infrastructure, such as Firewall/IPS devices, as well as a wide variety of applications that the business relies on, like HTTP, HTTPS, VoIP, DNS and SMTP.

DDoS attacks will generally fall into one of three categories:

Volumetric DDoS Attacks

Attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the Internet.

TCP State-Exhaustion DDoS Attacks

This type of DDoS attack attempts to consume the connection state tables which are present in many infrastructure components such as load-balancers, firewalls and the application servers themselves.

Application Layer DDoS Attacks

This is the most deadly kind of DDoS attack. It can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate).

Arbor provides the industry's most comprehensive suite of DDoS attack protection products and services for the Enterprise, Cloud / Hosting and Service Provider markets. Whether it be fully managed DDoS protection services; virtual, in-cloud or on-premise DDoS mitigation appliances; or embedded DDoS solutions within existing Cisco ASR 9000 routers, Arbor has the deployment model, scalability and pricing flexibility to meet the DDoS protection needs of any organization operating online today.

Understand The Attack, Know Your Risk, Stop The Threat

Threats are coming at your network from every possible angle. You're dealing more alerts than you can handle. What's really needed to stay ahead of attackers? Context. It can help gauge risk, prioritize your security team's time and narrow their focus on the most serious threats.

Security intelligence from Arbor Networks not only identifies attacks, but understands and catalogs the attack infrastructure, methods and other indicators so that broader, more proactive measures can be taken with confidence.

Arbor does this through a unique combination of global traffic insight and elite security research by Arbor's Security Engineering Response Team. Arbor's ATLAS infrastructure collates data from multiple sources, one of which is a collaborative effort with more than 330 service provider customers who have agreed to share anonymous traffic totaling 120Tbps of global insight. ATLAS also utilizes data from Arbor dark address monitoring probes, BGP routing information as well as third-party data feeds. This gives ASERT unique insight into botnets, malware campaigns and DDoS attacks on a global basis.

Through the powerful combination of ATLAS data and ASERT research, Arbor delivers actionable, defensible security intelligence to help your teams quickly identify the most serious threats that are targeting—and have already compromised—your business.

Network Visibility Products

See Your Network. Solve Your Problems. Grow Your Business.

Solving your business problems starts with proper network visibility. Deploy Arbor Networks’ SP how you want it – software, virtually, appliances – and realize pervasive visibility with ease. This is the only solution built for operators and proven to scale cost-effectively across your entire global network. Arbor analyzes packets, NetFlow, SNMP and BGP routes from across the network transforming the data into insights. Then, you can take action based on these insights to solve your business problems from network planning and engineering to threat detection and mitigation.


xSP datasheet solutionsdiagram new

Mobile Packet Core Visibility & Threat Detection

Today, a majority of the world’s network service providers use Arbor Networks SP solution for network visibility and advanced threat protection for their fixed networks. As the lines blur between fixed and mobile connectivity, Arbor’s Mobile Network Analysis product enables multi-service network operators to deploy a single solution providing pervasive network visibility and advanced threat protection for their fixed, HSPA/LTE and cloud infrastructures.

Features & Benefits

A Single Solution for Pervasive Network Visibility and Threat Management

Arbor’s MNA product is a fully integrated extension to the SP solution that delivers real-time traffic visibility and network awareness into the mobile packet core so unwanted traffic is detected early and fast—before it threatens service performance and availability.

infographic mna 1 web

MNOs who already own the Arbor Networks SP solution can take advantage of economies of scale and benefits such as:

  • Integrated, best-in-class fixed and mobile network visibility, telemetry and advanced threat protection from a single vendor.
  • Broader detection of network-based threats originating both from within (user-originated) and outside (Internet-originated) the mobile packet core.
  • Reduced total cost of ownership due to familiarity with the Arbor platform, user interface and ATLAS® intelligence feeds—enabling faster rollout in the short-term and greater solution lifecycle and operating efficiencies over the long-term.

Visibility Into The Mobile Packet Core

You cannot address what you do not know. MNA is designed to shine a bright light in a mostly invisible part of the mobile network. It passively collects IPv4/v6 control plane traffic traversing the HSPA/LTE packet core (including GRX/IPX roaming traffic) from existing taps and probes. It stores this time-series data for centralized analytics and visualization, so operators have up-to-the-minute telemetry on all network GTP-c flows including:

  • The frequency and severity of any packet core signaling anomalies.
  • The specific infrastructure nodes causing or affecting the anomalies.
  • The associated signaling messages and ‘transaction’ cause values.

infographic mna 2 web

Threat Detection For The Mobile Packet Core

Having pervasive visibility into the packet core control plane means knowing what represents normal user signaling activity and, most important, recognizing abnormal activity. Arbor Networks MNA exposes anomalous network behavior so operators can efficiently determine whether the events are non-malicious or malicious in nature and can take action if they pose a threat to service availability and performance. Highly configurable detection and alerting algorithms help network managers quickly parse information such as:

  • Signaling storms and malformed signaling: possibly indicating a misconfigured Internet server, errant application or DNS attack.
  • Excessive or abnormally low signaling volumes: which could point to a distressed node or a volumetric/‘low and slow’ malicious attack.
  • Spikes in signaling cause values (e.g., "service not supported" or "context not found") suggeting a sudden influx of misconfigured end-user devices or possibly an attempt to compromise network infrastructure.