According to a recent report by the Ponemon Institute1, the barrage of security events facing the modern enterprise means only 29 percent of alerts are investigated and 40 percent of those that are, turn out to be false positive. This means that the bulk of security events which would indicate an ongoing breach are never investigated, leading to an average of 170 days to detect an advanced attack. This enables an intruder to steal sensitive data and damage internal systems.
“The reality today is that exfiltration tools have become powerful enough that even small delays in detection can lead to catastrophic breach losses,” said Eric Hanselman, Chief Analyst, 451 Research. “Attackers already know that overwhelmed security teams and infrastructure are prime targets to infiltrate without detection. The ability to eliminate the noise of known threats is essential to enabling security teams and their analysis tools to focus on quickly identifying real threats.”
ThreatARMOR filters traffic from known-bad IP addresses, hijacked IPs, and untrusted countries greatly reducing the number of security alerts. By eliminating automated probes and scans, DDoS attacks from untrusted countries and hijacked IPs, and phishing and botnet connections, ThreatARMOR allows security teams to enable enhanced detection features on their existing security tools and focus on meaningful security alerts that indicate an active breach also improving the efficacy of SIEM tools.
ThreatARMOR 10G enables customers with large networks and data centers to:
· Filter traffic from known bad IP addresses at full 10Gb line speeds – helping to stop malware downloads, network reconnaissance, and other exploits from those known bad addresses
· Identify and prevent infected internal devices from communicating to known botnet C&C servers
· Remove traffic by geography from entire countries that likely have no valid reason to access the network
· Filter unused or unassigned IP addresses, and hijacked domains often used in DDoS attacks
ThreatARMOR saves customers the time and cost of reviewing the flood of unnecessary notifications generated by their security systems, which can overwhelm security teams and risk critical alerts being missed. Enterprises spend approximately 21,000 hours per year on average dealing with false positive cyber security alerts, according to a Ponemon Institute report2 published in 2015.
“DDoS and malware attacks continue to grow in frequency and volume, which means enterprises are being overwhelmed by security alerts. This makes it almost impossible to identify the critical early signs of a targeted attack on an organization’s network,” said Scott Register, Vice President of Product Management at Ixia. “ThreatARMOR delivers a future-proofed platform that pre-filters known-bad and unwanted IP addresses from impacting the security infrastructure for the most demanding high-end enterprise and data center networks, improving the efficiency of security tools and helping teams find breaches faster.”