ThreatARMOR

Block up to 80% of Malicious Traffic—Including Botnets and Ransomware

PROBLEM: PAYING THE PRICE FOR PROTECTION

IT security teams try to sift through the mountains of SIEM alerts, firewall logs, and IPS alarms to find and stop malware infections, ransomware, and data breaches before they wreak havoc—a time-intensive chore. But the Ponemon Institute has documented that the nonstop flood of alerts means that only 29% of security alerts are ever investigated. Vital clues are missed. Also, the average time to detect a breach is 170 days, which is more than enough time for sensitive data to be stolen or encrypted and held for ransom. With the cost of a data breach at $4M worldwide, it is critical to disrupt botnets and bring the mass of security alerts under control.

Ixia Threat Armor

SOLUTION: stop malware. improve visibility.

ThreatARMOR™ cuts straight to the core of the problem by automatically blocking much of the network communication that malware needs to download instructions or transmit sensitive data. It prevents network probes, phishing clicks, and all traffic to and from untrusted countries. This reduces the risk from attacks such as zero-day ransomware mutations along with up to 80% of the malicious connections that threaten the network and generate floods of security alerts. Ixia’s ATI Research Center provides an always-on stream of geolocation and threat intelligence for ThreatARMOR—individually validating every single blocked IP address, every single day. Detailed Rap Sheets provide clear, on-screen proof of malicious activity for all blocked sites to mitigate the risk of false positives. 

Ixia's range of Bypass switches can be combined with ThreatARMOR to enhance the effectiveness and availability of existing and new cyber defenses.

ThreatARMOR is unique

Next-gen firewalls are great at DPI and threat detection, but they are not optimized for massive-scale blocking of malicious, hijacked, and untrusted IP addresses. Even if they can import a threat intelligence feed, their performance suffers dramatically when trying to block the tens of millions of IP addresses in the Rap Sheet database. ThreatARMOR complements next-gen firewalls by offloading massive-scale blocking so that they can allocate more resources to content inspection, user policies, VPN termination, and other features while generating fewer security alerts.

For full specifications, please see the ThreatARMOR data sheet.

Key features

Provides full line-rate performance
Eliminates 30% of alert-generating connection attempts, and yields a 15x return on investment in a single year
Updates threat data every 5 minutes with cloud-based Application Threat Intelligence (ATI) feed
Delivers clear on-screen proof of malicious activity for any blocked sites
Offers on-box and off-box logging of blocked connections and system events
Features easy 30-minute setup, with no ongoing tuning or maintenance required
Provides an intuitive, on-screen dashboard displaying blocked sites, countries of origin, and statistics
Combine with Ixia Bypass switches to provide additional resiliancy of ThreatARMOR and other securtity infrastructure
‘‘

“What’s killing security is not technology, it’s operations,” stated Jon Oltsik, ESG senior principal analyst and the founder of the firm’s cybersecurity service. “Companies are looking for ways to reduce their overall operations requirements and need easy to use, high performance solutions, like ThreatARMOR, to help them do that.”

Jon Oltsik