• Home
• Summary
  • Attacks
  • Botnets
  • DoS Attacks
  • Fastflux Bots
  • Global Activity Maps
  • Phishing
  • Risk Index
  • Scans
• About
• FAQ
• Contact

With more than 70% of the Internet being protected by Arbor's Peakflow platform, Arbor is uniquely positioned to work with its service provider customers to create the Active Threat Level Analysis System (ATLAS) - the Internet's first globally scoped threat analysis network. Arbor collectively analyzes the data traversing disparate "darknets" to develop a truly globally scoped view into malicious traffic traversing the backbone networks that form the Internet's core. With this vantage point, Arbor is uniquely positioned to deliver enterprise and service provider-specific intelligence about malware, exploits, phishing and botnets beyond that being delivered by any other entity today. ATLAS delivers an unprecedented view into Internet scale activity and the ability to discern what new attacks are on the horizon.

The ATLAS portal today is a public resource that delivers a sub-set of the intelligence derived from the ATLAS sensor network on host/port scanning activity, zero-day exploits and worm propagation, security events, vulnerability disclosures and dynamic botnet and phishing infrastructures. It includes:

• Global Threat Map: Real-time visibility into globally propagating threats
• Threat Briefs: Summarizing the most significant security events that have taken place over the past 24 hours
• Top Threat Sources: Multi-dimensional visualization of originating attack activity
• Threat Index: Summarizing Internet malicious activity by offering detailed threat ratings
• Top Internet Attacks: 24-hour snapshot of the most prevalent exploits being used to launch attacks globally
• Vulnerability Risk Index: Determines the most dangerous vulnerabilities being exploited on the Internet today

Data is captured by using a distributed network of sensors running a number of data capture and analysis tools. These sensors can:

• Interact with attackers to discover what activity they are attempting
• Capture full payloads and classify them
• Characterize scan traffic

All of this data is sent back to a central location for storage and further analysis and presentation to the ATLAS user. ATLAS brings together a number of data sources, including:

• Honeypot-captured payloads
• IDS logs
• Scan logs
• Internet DoS statistics
• News & vulnerability reports
• Captured malware samples
• Phishing infrastructure data
• Botnet command & control data

A team of Internet security experts, Arbors Security Engineering & Response Team, ASERT, then brings their knowledge to bear in analyzing this globally collected data. This analysis is shared with Arbor customers in the form of reports, briefs and incident follow-up.

Next steps for the ATLAS initiative include the availability of a subscription service for service providers and enterprises that contextualizes the intelligence based on physical (global, regional, country or city) and entity (service provider, ASN, organization, industry vertical, IP) perspectives. Additionally, the ASERT will overlay context to the content, transforming ATLAS-gathered data into actionable business intelligence for service providers and enterprises.

Finally, Arbor will incorporate ATLAS intelligence into Arbors industry-leading Peakflow SP and Peakflow X network visibility and anomaly detection products. This additional intelligence will enhance network security engineers and operators ability to better understand the scope of internal threats to a specific network in the context of other networks and the Internet as a whole.