Looking to protect enterprises from cyber attacks, Ixia has added ThreatAmor to its visibility architecture portfolio.
ThreatArmor is a natural complement to an existing security infrastructure, says Ixia, and helps an organisation to decrease the volume of security alerts generated, freeing up resources to focus on critical issues.
A network attack surface is the sum of every access avenue an individual can use to gain access to an enterprise network.
Enterprise security tools inspect all traffic, including that which should not be on the network in the first place - such as traffic from known malicious IPs, hijacked IPs, and unassigned or unused IP space/addresses.
Ixia says ThreatArmor blocks this bad traffic, thus reducing a network attack surface and reducing the burden on the existing security infrastructure.
According to Ixia, ThreatArmor enables enterprise customers to:
- Block traffic from known bad IP addresses at line-rate speeds onsite without sending traffic outside the private network for inspection
- Add malicious IP addresses for blocking, either manually or automatically from SIEM tools
- Identify and stop infected internal devices from communicating to known botnet C&C servers
- Block traffic by geography from entire countries that have no valid reason to access the network
- Block unused IP space/unassigned IP addresses and hijacked domains from the network
“What’s killing security is not technology, it’s operations,” says Jon Oltsik, ESG senior principal analyst and the founder of the firm’s cybersecurity service.
“Companies are looking for ways to reduce their overall operations requirements and need easy to use, high performance solutions, like ThreatArmor, to help them do that,” he says.
According to a Ponemon Institute report published earlier this year, enterprises spend approximately 21,000 hours per year on average dealing with false positive cyber security alerts.
In order to address this, ThreatArmor eliminates unwanted traffic before it can impact an existing enterprise security infrastructure and reduces alert fatigue on security teams.
“As many recent breaches demonstrate, indications of intrusions and data exfiltration attempts are usually flagged through internal security alerts long before the intrusion is actually discovered.
“But determining the critical alerts is like trying to find a needle in a haystack, given the sheer number of security alerts that must be analysed daily,” says Dennis Cox, Ixia chief product officer.
“ThreatArmor delivers a new level of visibility and security by blocking unwanted traffic before many of these unnecessary security events are ever generated.
“And its protection is always up to date thanks to our Application and Threat Intelligence programme," Cox says.
The new offering is also backed by Ixia’s application and threat intelligence (ATI) research centre.
The ATI programme has provided threat intelligence to service providers and security equipment manufacturers for more than a decade, helping them to test the efficacy of their cyber security products and systems.
When it comes to ThreatArmor, the ATI programme develops threat intelligence and provides a detailed ‘Rap Sheet’ - which documents the malicious activity of each included IP address.
Rap Sheets provide proof of malicious activity for all blocked sites, supported with on-screen evidence of the activity such as malware distribution or phishing, and includes the date of the most recent confirmation along with screen shots, Ixia says.
With this reporting on blocking actions, customers can support IT compliance audits. Threat intelligence and Rap Sheet updates are pushed continuously to all ThreatArmor devices for ongoing and consistent threat protection, says Ixia.
“ThreatArmor allows organisations of all sizes to elegantly deflect potential threats on a global scale and basis,” says Christian Pfalz, Dimension Data sales manager.
“By using ongoing threat intelligence to deflect unwanted traffic before it accesses the network, this new element stands to reduce the strain and improve ROI on businesses’ existing security resources quite dramatically," he says.