Arbor Networks, which made its mark helping companies prevent denial-of-service attacks from knocking out their websites and corporate networks, has introduced a cloud-strategy that makes use of a hybrid approach, with an on-premise appliance that the company's executives say could enable engineers to bolt on new threat detection capabilities.
The Burlington, Mass.-based company is looking to expand beyond protection from distributed denial-of-service attacks (DDoS) and slowly adding threat intelligence, malware detection and incident response capabilities to its platform. The firm is even considering the addition of suspicious file analysis to its platform, following in the footsteps of FireEye, Palo Alto Networks and Sourcefire, which are modernizing advanced threat detection capabilities.
The company acquired Packetloop, a Sydney-based firm in September to expand into packet analysis as part of digital forensics investigations. Packetloop fills Arbor's gap for internal threat detection. It can help forensics teams identify anomalous activity that signals data theft from botnet activity. The firm has been focused on defending the data pipeline between businesses and their cloud services.
[Related: 5 Reasons DDoS Attacks Are Gaining Strength]
Arbor worked very closely with Internet service providers, establishing a presence, and currently boasts a nearly 70 percent install base among tier 1 and tier 2 providers globally, said Jeremy Nicholls, Arbor's global vice president of channel sales and alliances. The Pravail appliance line is 100 percent channel and will remain that way, but the company is attempting to build out its capabilities, adding components that make it a broader platform.
Nicholls, who replaced channel veteran Bill Lipson in October, said the biggest opportunity for growth is at enterprise data centers that are currently relying on firewalls and other standard network devices for DDoS protection and often forced to depend on Internet service providers for help after an attack disrupts services.
"We've done a huge investment in enterprise high-touch teams and are bringing that back in engagements with the channel to help bring in leads and opportunities with them," Nicholls told CRN. "The channel is also closing deals that we haven't had to engage with at all."
The market for DDoS protection technology has increased significantly following a string of high profile attacks against banks, websites and e-commerce firms mainly conducted by hacktivist groups. The financial industry is concerned about threats that can disrupt trading and roil financial markets. Meanwhile, gaming sites have long been a big buyer of DDoS mitigation appliances. Their Web-based services are critical because any downtime can cost millions in lost revenue, Nicholls said.
The market has been getting more competitive with Cambridge, Mass.-based Akamai buying Prolexic earlier this month to extend its DDoS protection capabilities to enterprise data center deployments. Meanwhile, Belmont, Calif.-based Defense.net is developing new ways to address DDoS, the company said in August.
NEXT: Channel Sees Opportunity In Broader Threat Platform
The company's current growth engine is based on its Pravail Availability Protection appliances, said Arbor Networks' Matt Moynahan, senior vice president of product management corporate development. Arbor added network security intelligence for network monitoring to identify suspicious activity and malware infections on the network. Packetloop will build on the threat intelligence, giving teams the ability to drill down and address threats, Moynahan said.
"The channel is getting more sophisticated and we recognize that. If the client is going to give up shelf space, it better not be a one-trick pony," Moynahan told CRN. "We're going to take our history of taking flow data and stitching it together to create an incredibly rich picture of the threats in and around the network."
Solution providers said the threat landscape requires perimeter-based protection that can provide a variety of capabilities, from detecting external probes of the corporate network for weaknesses to malicious traffic flowing out of the network pipelines that signals malware infections.
Businesses want multithread solutions, said Lanny Cornwell, CTO of Warrenton, Va.-based systems integrator F1 Computer Solutions, Inc. Cornwell said it is rare for clients to call for point product for a single threat.
"They get piece of mind that as their service provider we're providing that layered approach to security they need and are actively taking care of their resources based on their risk profile," Cornwell said.
Most resellers and managed service providers will work with businesses to cater a technology to fit their requirements rather than force feeding a solution, said Kaleb Jacob, founder of Manchester, N.H.-based Eagle Network Solutions, an Arbor Networks partner. Jacob said his firm, which also partners with Juniper Networks, is expanding into services and on-site support for small businesses. System availability and application reliability often comes first, followed by security requirements, Jacob said.
"We'll do a risk assessment and get an adequate snapshot of their profile to advise them where their security priories need to be," Jacob said.
PUBLISHED DEC. 17, 2013