Arbor Networks has introduced the Pravail® Security Analytics appliance, an on-premise analytics solution that enables security teams to monitor and investigate threat activity as it occurs. Seeing attack data in real-time gives security teams the tools required to actively hunt threats lurking in their networks.
Pravail Security Analytics recognises that targeted attacks against today’s enterprises are rarely a singular event but a long running campaign that starts with a simple compromise and escalates into a larger incident involving unauthorised access and data theft. Pravail Security Analytics swiftly mines terabytes of data from the richest source of network information – full packet captures – to identify activity that indicates the system has been compromised. By monitoring network activity in real time, organisations can quickly identify attackers and track their movements within the network, showing definitively when and how long an attack occurred, as well as what systems were impacted.
“The CISOs I talk to are frustrated by the status quo and are looking to break out of a model that is, by design, alert-driven and reactionary. Pravail Security Analytics gives power and control back to the security team – enabling them to proactively hunt for the attacks that are putting the business at risk versus simply investigating alerts. By focusing their efforts on the hunt, security teams are able to quickly identify and stop the most stealthy attacks, minimising damage to the business,” said Arbor Networks President Matthew Moynahan.
“Preventing the exfiltration of data is futile without the ability to detect before it’s too late. To be successful at hunting for an attacker, security teams need visibility, speed, accuracy and analysis across historical and real-time data. Pravail Security Analytics enables security teams to focus their attention where it matters most,” said IT Harvest founder Richard Stiennon.
Key Product Features
Real-Time Packet Capture and Analysis for Faster Threat Resolution
The Pravail Security Analytics appliances can capture and analyse data as it occurs. For security and incident response teams, this allows for immediate discovery and investigation of threats – speeding overall time to resolution. Attacks can be filtered in real-time to allow security teams to focus on a single attacker or attack in amongst billions of packets.
Data Looping for Enhanced Forensics
Whenever Pravail Security Analytics security intelligence is updated or custom rules are created, stored packet captures of older traffic can be looped through the system to uncover previously undetected threats. By uncovering existing compromise, security and forensic teams have a clearer picture of when an attack may have started. This is essential for building attack timelines as part of forensic and/or incident response investigations, as well as for identifying – and remediating – vulnerable hosts in the network, which strengthens the organsation’s overall security posture.
Maximum Data Control for Custom Visibility
Interact with your data like never before. Zoom from years to minutes, move forward and backward in time to follow threats. View data from different perspectives such as Attacking Source, Target, Attack Type or Location of the Attack.
Comprehensive Availability and Threat Detection
Arbor Networks’ ATLAS® Intelligence Feed is Arbor’s research-based security intelligence service. These policies are developed using a combination of real attack data pulled from multiple sources including ATLAS, the Red Sky Alliance and other partners. This attack data is analysed by Arbor’s expert research team and turned into security policies that are used by Pravail Security Analytics for both DDoS and advanced threat detection.
The ATLAS Intelligence Feed works in tandem with other threat intelligence feeds to provide the most comprehensive detection available for the enterprise. In addition, Pravail Security Analytics includes a custom signature engine that enables organisations to upload their own unique policies.
Cloud Trial and On-Premise Assessments available
Arbor offers multiple options for experiencing the network traffic analytics and attack visualisations provide by Pravail Security Analytics.
On-Premise Attack Discovery and Assessment: In this multi-week trial, organisations will deploy Pravail Security Analytics appliances to capture and analyse network traffic in real time. At the end of the trial period, organisations will have a clear understanding of what attacks are active on their networks, with details on how to begin remediation.
Cloud Trial: For the cloud trial, organisations can upload captured network traffic to the Pravail Security Analytics Cloud for analysis. The cloud trial license gives organisations 30 days to analyse 1Gbps of captured network traffic. At the end of the trial period, organisations can know where attacks exist and start building timelines of when the compromise may have started.