Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Summary
Catalyst
Arbor Networks Spectrum is a network-based platform that has been designed to make the
investigation of security threats faster and more effective for both expert and less experienced
security analysts. In the context of today's complex threat detection and management environment,
Arbor Spectrum is a proactive, analytics-based hunting solution that is tasked with identifying all forms
of threat activity including zero-day and advanced and persistent threats. It interrogates business
networks to piece together the core components of attack campaigns and focuses on the faster
detection and identification of the threats that each business faces and the risks to normal business
activities they represent. Arbor Spectrum leverages Arbor's ATLAS intelligence threat feed to match
attacks found and validated in the global Internet to traffic within a corporate network.
Key messages
All perimeter incursions leave traces of their activities on the network and attackers
find it difficult to avoid leaving their footprint; Arbor Spectrum uses the network to
build a detailed picture of each attack and the threats involved.
Arbor Spectrum combines real-time network packet inspection and flow data with the
use of archived threat information.
In addition to core network sources, threat intelligence is gathered from the Arbor
ATLAS Intelligence Feed and other third-party resources.
Its workflow-based approach helps security teams to manage all elements of the
threat lifecycle, including incident discovery, investigation, and forensics.
Ovum view
Information security and improving the way that data is protected are issues that every organization
needs to address. Attackers continue to find new ways of getting past traditional layered security
defenses and, despite increases in security spending, breach numbers continue to rise.
The response requirement is twofold. Security managers need to have better and more accurate
information about the threats that are coming their way, including the targeted information needed to
prioritize incidents. Secondly, accepting that every organization and its systems and networks will at
some stage be infected by malware or breached by social-engineering campaigns, more effort needs
to be focused on finding the threats as they occur and dealing with the remediation issues before
major data losses occur. In this context, network traffic is a reliable source of meaningful indicators of
compromise.
threats (APTs), and their ability to spot serious attempts to steal sensitive data among all the other
noise generated by everyday traffic flowing across their networks.
Arbor Spectrum combines the delivery of global attack intelligence with the network visibility needed
to identify suspicious activity as it happens. Its network-based platform has been designed to make
security investigations more focused and help security managers deal with the threats that matter
most to their organizations. Arbor Spectrum's core capabilities include the ability to investigate all
network traffic which, alongside its access to a complete network threat archive, helps identify good
and bad behavior patterns. Its workflow-based functionality enables security teams to pivot between
threat discovery, incident investigation, and the forensics of recovery from within a common user
interface. Multiple threat intelligence sources from Arbor and third parties are available to improve
threat detection, and flexible deployment options allow organizations to install Spectrum quickly
across the entire enterprise network.
SWOT analysis
Strengths
Arbor Spectrum provides protection for medium-to-large enterprises, including
data center environments
Arbor Spectrum offers a combination of network-based packet analysis and flow protection that suits
medium-to-large enterprises and includes data center environments. Its packet collectors can be
deployed at the Internet and data center edge as well as within the network core, and its flow
capabilities provide broad visibility across enterprise networks. Its combined and integrated
architecture offers a comprehensive approach to threat analysis and security management.
Weaknesses
Spectrum controller and collector licenses can only be used on Arbor
appliances
Virtual software licenses for the Arbor Spectrum controller and collector functions are on the roadmap
and expected to be accessible sometime during the second half of 2016. Once available, they should
add flexibility of use within network function virtualization (NFV) and software-defined network (SDN)
environments.
Opportunities
Arbor Spectrum combines the use of new and established Arbor products and
services
Arbor Spectrum offers real-time traffic flow analysis and threat detection. It also utilizes Arbor ATLAS
intelligence and user-supplied threat feeds to identify threat indicators. The Arbor ATLAS
infrastructure sees more than one-third of the world's Internet traffic and, operating alongside the
company's advanced malware research and botnet infiltration services, generates an extensive range
of threat detection data.
Threats
Establishing differentiation from other threat detection approaches will require
market education
Most next-generation security vendors claim the ability to detect zero-day threats and deal with
advanced forms of malware. For enterprise clients it is becoming increasingly difficult to determine
which of the many solutions available will suit their protection requirements. The Arbor Spectrum
approach of using the network to piece together a larger picture of threats and attack campaigns is
positioned as a discernable differentiation from competitor solutions that focus on logs, alerts, and
alarms and that only provide a singular threat indicator. However, more education is needed to
highlight the completeness of the Spectrum solution and its ability to prioritize severe threat activity on
behalf of the security professions who benefit from its services.
Data sheet
Key facts about the solution
Table 1: Data sheet: Arbor Networks Inc.
Product name
Product classification
Advanced threat
protection
Version number
2.1
Release date
April 2016
Industries covered
All
Geographies covered
Global
Platforms supported
Microsoft Windows,
Linux, Solaris, AIX,
HP/UX, Mac OS, and
z/OS
Languages supported
English
Licensing options
Deployment options
On-premise
Routes to market
URL
www.arbornetworks.com
Company headquarters
Burlington,
Massachusetts, US
European headquarters
Bracknell, Berkshire, UK
Burlington,
Massachusetts, US
Asia-Pacific headquarters
Singapore
Source: Ovum
Appendix
Methodology
Ovum SWOT Assessments are independent reviews carried out using Ovum's evaluation model for
the relevant technology area, supported by conversations with vendors, users, and service providers
of the solution concerned, and in-depth secondary research.
Further reading
On the Radar: iboss Network Security, IT0022-000111 (August 2014)
"Trend Micro ups network security clout with TippingPoint buy," IT0022-000549 (December 2015)
Author
Andrew Kellett, Principal Analyst, Infrastructure Solutions
andrew.kellett@ovum.com
Ovum Consulting
We hope that this analysis will help you make informed and imaginative business decisions. If you
have further requirements, Ovum's consulting team may be able to help you. For more information
about Ovum's consulting capabilities, please contact us directly at consulting@ovum.com.
distributed or transmitted in any form or by any means without the prior permission of Informa
Telecoms and Media Limited.
Whilst reasonable efforts have been made to ensure that the information and content of this product
was correct as at the date of first publication, neither Informa Telecoms and Media Limited nor any
person engaged or employed by Informa Telecoms and Media Limited accepts any liability for any
errors, omissions or other inaccuracies. Readers should independently verify any facts and figures as
no liability can be accepted in this regard - readers assume full responsibility and risk accordingly for
their use of such information and content.
Any views and/or opinions expressed in this product by individual authors or contributors are their
personal views and/or opinions and do not necessarily reflect the views and/or opinions of Informa
Telecoms and Media Limited.
CONTACT US
www.ovum.com
askananalyst@ovum.com
INTERNATIONAL OFFICES
Beijing
Dubai
Hong Kong
Hyderabad
Johannesburg
London
Melbourne
New York
San Francisco
Sao Paulo
Tokyo