Product: Arbor Peakflow X 3.4
Family: Arbor Peakflow X
Vendor: Arbor Networks

Product Description: Built to meet the demands of even the largest enterprise networks, Arbor Peakflow X allows organizations to solve the internal security threat while maintaining business continuity. Utilizing Relational Modeling — a breakthrough in network modeling technology — Arbor Peakflow X constructs a network-wide view across an enterprise network, auto-learning host behaviors to determine who talks to who, and how. Using this network-wide perspective, Arbor Peakflow X generates actionable security information allowing network operators to actively defend their network before, during and after worm outbreaks; harden the internal network against future threats; and eliminate insider misuse.

Performance: Arbor Peakflow X scales up to several million hosts in a single deployment, with the ability to monitor and track over five million sessions on a network to provide visibility into what is currently happening and what has happened on the network. Arbor Peakflow also records over 1.2 billion NetFlows.

Interfaces: Copper or Fiber Gigabit Ethernet; Fast Ethernet Management Port; Serial Console Port.

Key Features & Benefits: Arbor Peakflow X has the following characteristics that make it the optimal network behavioral analysis (NBA) security solution for enterprise networks:

• Offers non-intrusive deployment by leveraging existing infrastructure and enterprise-wide network and application visibility
• Stops known and emerging threats such as zero-day attacks
• Segments and hardens critical internal network resources from emerging threats
• Provides continuous protection through automatic update services (Active Threat Feed Service)
• Generates in-depth, easily readable reports for internal and external auditing purposes
• Identifies and tracks network users, employees and contractors and computing resources across the entire enterprise

Arbor Peakflow is the solution of choice by the world’s largest and most demanding network operators. At the center of Arbor Peakflow is technology that leverages anomaly detection to enhance both security and network visibility. Arbor Peakflow uses proprietary anomaly detection algorithms:

• Rate-based anomaly detection - which uses information about the normal state of network operations—traffic volumes for different applications, at different points in the network, across time—and compares it to network traffic conditions at any moment in time. Traffic spikes and other aggregate metrics are used to conclude whether a security event, such as a DDoS attack, is occurring.
• Behavioral anomaly detection - uses information about relationships between hosts on the network, and changes between them, to pinpoint security threats that may blossom in a very short period of time. For example, a host may typically exchange data with five specific machines once a minute during normal operations. If that host starts communicating with hundreds of hosts using new and unusual ports, that is usually indicative of a worm, spyware or some other malicious behavior.
• -Worm Detection - Detects propagating worms such as SQL Slammer or Zotob, through the propagating behavior, which is effective in catching zero-day threats, and through known behaviors, which finds host infected with specific worms.
• Fingerprint Detection - Detects traffic that violates a behavioral fingerprint: malware, phishing, botnet traffic, etc.
• Recon Detection - Detects slow scans, fast scans, “stealth” scans, and host sweeps.

Arbor Peakflow assesses potential threats against a company’s unique network baseline. This virtually eliminates false alarms and makes for extremely fast, accurate determination.

Highlights:

• Proven Internal Threat Detection and Protection
• Arbor has the most widely deployed threat detection and prevention solution in the marketplace today.
• Control User Access - Arbor Peakflow X’s unique Identity Tracking feature provides further visibility into user activity on a network. Identity Tracking maps anomalous behavior and network violations back to the individual employee or contractor -- whether the anomaly is a worm, spreading malware, or a case of an unauthorized employee trying to access confidential information.
• Active Threat Response Service - Adding to this defense, Arbor’s Peakflow Active Threat Feed (ATF) service provides a constantly updated feed of current Internet security threats. Arbor's Security Threat Team pulls information from honeypots, the world's largest network of service provider relationships, and other publicly available sources in order to provide network operators with instant identification — a fingerprint — of emerging threats that are targeting their own company's network.

End-Users: Medium to large enterprise.

Arbor Networks Inc.
430 Bedford Street
Lexington, MA 02420
Tel: 1-781-684-0900