Christophe Olivier
Sr. Product Manager - Network Visibility and Virtualization Solution
Blog

Threat Insights- Security Without a Dedicated Security Tool

October 2, 2018 by Christophe Olivier

Cyber Security Ventures reported that ransomware will attack a business every 14 seconds by the end of 2019. Ransomware can infiltrate an organization in several ways- by email, malicious links, mobile devices, USBs used by employees, and physical intrusions into a network. Last month, Ixia introduced a new feature that can help you combat a cyberattack and keep your network secure.

The new threat insights feature included in Ixia's SecureStack is a part of the Application and Threat Intelligence (ATI) subscription available through AppStack. This feature helps to secure your network by identifying threats without implementing a dedicated security solution or acquiring an additional threat intelligence feed. Available on your Vision ONE, Vision 7300, or CloudLens with AppStack for virtual environments, threat insights can identify malware, IoT exploits, botnets, hijacked IPs, and phishing activity. This feature leverages the threat information database of Ixia’s Application and Threat Intelligence (ATI) Research Center which consolidates information about exploits, DoS, DDoS, phishing, live malware, and applications. This same database is used by several Ixia products, from BreakingPoint to simulate realistic traffic conditions and relevant attacks, to ThreatARMOR to filter out untrusted countries, malicious sites, and harmful IP addresses.

An overview of the latest threat activity can be accessed through the threat insights GUI available in the AppStack dashboard. For storage and deeper analysis, the threat information can be exported via new IxFlow (Ixia enhanced NetFlow) fields to NetFlow collectors. The possibility to export the threat information via NetFlow allows you to build a security solution by enriching the feed to your NetFlow collector with threat information. Plixer’s Scrutinizer system has already included the new IxFlow fields.

Dashboard overview

The “Top Threat” widget presents a summary of the threat activity in the AppStack dashboard.
 

screenshot of the threat insights dashboard with a pie chart of app distribution and listed top threats from last week

To drill down, and get additional information about the threat activity, expand the widget or click on a threat type. 
The default view is the “Map View” for an overview of the activity by geographies.

screenshot of threat insights map detecting malware

With the “Filter View”, the user can quickly narrow down the search by filtering threats by category, geography, target country, etc.… 

screenshot of threat insights dashboard listing detected threats

In both the Map and Filter views, selecting a specific session triggers a query to the ATI database for additional information from the Rap Sheet. The user can query the database for a specific IP and the query can be issued programmatically for integration with third party applications. 

While Vision ONE users can access the threat information in the dashboard, an active license is required to export the threat insights fields via IxFlow, to get threat database updates (which occur multiple times a day), or to access the Rap Sheet data.

Threat insights identifies threats but does not block them. Ixia’s ThreatARMOR  is an independent threat intelligence gateway that can block untrusted countries, malicious sites, and harmful IP addresses.

You can get an overview of the Threat Insights dashboard by watching the video listed under Related Content below.