Ixia rolled out an appliance that uses a combination of IP address blocking and threat intelligence to reduce the...
amount of time and money enterprises now spend investigating security alerts.
The device, ThreatArmor, integrates with Ixia's Application and Threat Intelligence (ATI) program so that it's continually updated with the most recent data about malicious IPs, hijacked IPs and unassigned or unused IP addresses. By having this type of traffic blocked, enterprises can instead focus their security efforts on more critical threats.
Companies are deluged with security alerts
Companies are inundated with security alerts, particularly as their networks become vulnerable to an ever-growing and more sophisticated number of attacks. Yet many of these alerts aren't fueled by legitimate threats. A Ponemon Institute report published earlier this year said companies spend some 21,000 hours each year dealing with false positive cybersecurity notifications.
This amount of wasted time clogs enterprises' operational efficiency and diminishes their ability to counter legitimate attacks, said Jon Oltsik, senior principal analyst at The Enterprise Security Group, based in Milford, Mass.
"Companies are looking for ways to reduce their overall operations requirements," he said. "ThreatArmor] helps organizations automate blocking of IP addresses with high confidence at scale."
Ixia claims that ThreatArmor's IP address blocking capabilities can eliminate 30% of bad false positives -- traffic from known malware sites, for example, or from specific geographic regions that ordinarily would never send traffic to an enterprise's servers.
"The idea is to shrink the attack surface and get rid of unwanted inbound and outbound traffic," said Scott Register, Ixia's senior director of product management. Register said the appliance automatically updates itself every five minutes to ensure its intelligence data is up to date.
Simple approach touted
The appliance holds every IP address allocated across the Internet and can block, at line-rate speeds, as many addresses as needed. "The beauty of Ixia's appliance is its simplicity," Oltsik said. "It isn't intended to do anything but block rogue IP addresses and provide users with the ability to do so via policies."
Rival next-generation firewalls, which perform many of the same functions, are restricted by the number of policies they can support.
ThreatArmor, aimed at midsize and larger enterprises, is priced at $19,995 plus $2,995 for a one-year subscription to the ATI threat intelligence database. Two models are available, for throughputs of up to 4 Gbps and 40 Gbps, respectively.
Eliminating false positives
Putting threat intelligence to work
Changing face of malware detection