Security analytics solution identifies attacks in historic data

Arbor Networks is showcasing at Infosecurity Europe 2014 its Pravail Security Analytics, whose unique looping capability can be used to identify and establish an attack timeline for the recently disclosed and much discussed Heartbleed attacks.

The solution can cost-effectively store packet captures for future reviews, and then loop that traffic to identify previously undetected threats using the latest threat intelligence. Looping is a unique feature of Pravail Security Analytics because it allows an organization to very rapidly look within their entire network, including the hardest to capture places, to reveal whether a vulnerability or intrusion has led to a successful breach of their network or data.

For example, now that the Heartbleed vulnerability has been identified, and protections have been updated, Pravail Security Analytics can loop old traffic to establish the attack timeline. These capabilities are all the more important as incident response and security operations teams are increasingly asked to quickly and accurately make calls as to when and how a network or key data has been breached, and what response and steps the organization needs to take next.

Pravail Security Analytics leverages the Emerging Threats ET Pro Ruleset, the benchmark in the industry. It also utilizes Arbor’s ATLAS Intelligence Feed (AIF), a high-fidelity threat identification and remediation feed developed by Arbor’s Security Engineering and Response Team (ASERT). ASERT is one of the largest dedicated research organizations in the security industry, combining 25 security analysts with a diverse set of expertise, including Fortune 25 Computer Emergency Response Teams (CERTs) to former law enforcement, threat mitigation vendors and well-known malware researchers.

ASERT develops threat intelligence, complete with the security context customers require to detect and stop specific threats, and continuously enhances their security posture over time. In addition to the powerful combination of Emerging Threats and AIF, Pravail Security Analytics allows users to define their own threat signatures in snort format and have them executed on the platform. If your team has a bank of custom snort signatures that you use on your network, you can upload them and have them process alongside the Emerging Threats ET Pro Ruleset and the AIF feed.

Last month, Arbor announced the availability of Pravail Security Analytics in the Cloud along with a free trial that enables users to quickly analyze their own network packet captures for threats, anomalies and misuse. The free trial allows users to upload up to 1 GB of their own data for thirty days, demonstrating how powerful data visualizations can surface clear and actionable intelligence. For organizations that cannot upload their packet captures to the Cloud due to compliance or regulatory reasons, or wish to process data in real-time, the on-premise solution is an ideal alternative.

  • Pravail Security Analytics Cloud – Data is uploaded in the form of packet captures and processed in the cloud.
  • On-Premise Collector to Cloud – A collector is deployed on your network and processes real-time data streams. The results are encrypted and streamed to the cloud where they are analyzed.
  • On-Premise Collector to On-Premise Controller – in this model nothing leaves your network. Data is collected and processed within your network and streamed to a Controller within your network.

Don't miss