Ixia has recently announced that the company’s threat intelligence gateway – ThreatARMOR– has received HPE ArcSight Common Event Format (CEF) certification. ThreatARMOR enhances HPE ArcSight Enterprise Security Manager (ESM) by providing information about every blocked site, each of which is individually validated by the company’s Application and Threat Intelligence™ (ATI) Research Center. This allows security administrators to fully understand the types of threats against their network and allay any concerns about false positives.
ThreatARMOR enhances the effectiveness and efficiency of security operations teams by blocking interaction with known-bad sites and untrusted countries. Backed by an always-on data feed from Ixia’s ATI Research Center, ThreatARMOR automatically applies a vast threat intelligence database to protect an enterprise network by blocking phishing sites, botnet controllers, and hijacked IP ranges. Scrubbing the network of this type of traffic, ThreatARMOR enables next-gen firewalls and intrusion prevention systems (IPS) to focus on delivering information relating to actionable threats and targeted attacks.
Enhanced Analytics with HPE ArcSight
HPE ArcSight ESM is a comprehensive SIEM solution that provides cost-effective compliance and advanced security analytics to identify threats and manage risk. With the benefit of HPE ArcSight ESM integration, security operators can quickly identify infected endpoints for which ThreatARMOR has blocked botnet command and control (C&C) activity, along with other malicious connections from those systems identified and reported by other security tools. By quickly correlating those events, ThreatARMOR allows users to detect and block the spread of botnets and other infections.
“Ixia is excited to support standards-based reporting of security events that enable customers to easily consolidate data across multiple security devices and obtain actionable insight into their network security via dashboards such as HPE’s ArcSight,” stated Scott Register, vice president of product management at Ixia. “Ixia’s ThreatARMOR combines massive-scale blocking of malicious sites with industry-standard Common Event Format (CEF) reporting, which is integral to an efficient, effective, robust security deployment.”
ThreatARMOR does not require a rules-based configuration and maintains peak performance even if a user specifies dozens of countries or hundreds of thousands of IP addresses to block. Central management and a mobile iOS client are provided with ThreatARMOR at no extra cost for customers with an Application Threat Intelligence subscription from Ixia. In production, ThreatARMOR customers have seen reductions of up to 80 percent in IPS alerts, allowing their operators to pinpoint actionable threat intelligence.