ESG's Jon Oltsik talks with Arabella Hallawell Of Arbor Networks about SOAPA and Cybersecurity. This is part 2 of a 2-part series.
Read the related ESG Blog: SOAPA Video with Arbor Networks (Part 2)
Jon: Welcome back to Part 2 of our SOAPA video with Arbor Networks, and I'm here with Arabella Hallawell from Arbor. Welcome back.
Arabella: Thanks, Jon, for having me again.
Jon: My pleasure. So, I wanted to ask you about integration. So, one of the things I know about Arbor is that you are not only doing this network security analytics, but you have a rich history in threat intelligence, and those are two data sources that are very closely integrated in SOAPA. So, what are you doing there? What value does that bring to customers?
Arabella: Arbor has a different vantage point than some other security vendors out there, in terms of, we have a rich history with a lot of service providers around the globe. So, we're very fortunate that we get a huge amount of unique visibility, as well as Internet telemetry. We're able to see over 140 terabytes per hour of Internet traffic.
Arabella: So, we're able to see a lot of global visibility, and ebbs and flows of, basically, attack peaks and flows, so that gives us a really interesting vantage point. And then, when it comes to actually understanding the attack traffic infrastructure that's being used, the botnets that come on and controls, and again, it's that our team is a little different from some other security vendors in terms of their traffic and routing experts, as well as security experts. And so, what they do is, they look at a lot of both the traffic infrastructure, and we have a lot of both unique tools and visibility there, but we also then combine it with being able to look at, what's the malware going into, you know, the malware of botnets, including Mirai. And so, ultimately, what we do is, we update this information into our solutions on an hourly basis, but we also make this available to our customers in the form of different threat briefs and advisories.
Jon: So, I'm, as a customer, you're spoon-feeding this to me, and then I can compare that to what I'm seeing on my internal network. Is that correct?
Arabella: Absolutely. Many organizations, particularly when it comes to DDOS in this new age of Mirai and RIPA, where you have the ability for huge tsunamis to come out of nowhere, you do need these early warning services, but then you also need the expertise to know, well, what am I dealing with, who's behind it, what do I do. And so, that's really where our research works hand-in-glove with our solutions. So, it's both in product, but we also help our customers in terms of very detailed threat advisories. But also, when they're actually under attack, we work with them, hand in... you know, hand-in-hand combat to help them because, oftentimes, these attacks are getting much more sophisticated, and they use a variety of resources and even different providers. So, we work very closely with our customers who are under attack, as well.
Jon: Yeah. You mentioned, in the first part, the cyber security skills shortage, and threat intelligence is an esoteric. It's a very advanced area. Very few companies have professional threat hunters. So, to the extent that your ACER team can contextualize that data, give it to your customers in a consumable form, that's good stuff.
Well, let me take you in a different direction now. SOAPA is really, it stands for Security Operations and Analytics Platform Architecture, so we tend to think of the security world, but we also know that security operations really is a cooperative process with IT Ops. Now, Arbor's a division of NetScout. What are you doing to kind of bridge those two worlds, the NetScout world and the Arbor world, into some kind of a security and IT, or maybe network operations, kind of solution?
Arabella: NetScout focuses on service assurance, so helping teams, applications teams, IT teams, make sure that their applications and services are up and running, troubleshooting. And we're seeing, increasingly, that security is a key fabric there in terms of making sure that application is running, is up, and you also get visibility across that entire ecosystem, from your on-premise network to your cloud network, and everything that comes in between, including these new IoT devices that come on board. Where NetScout has fundamentally innovated for network teams is really with its Y-data, its rich data called ASI, and that's very transformational technology because organizations can get such richness of data in terms of that end point to connection data.
So, what we've done is, we've actually connected their sort of core ASI technology to our security suite, as well as with their service assurance suite. And so, increasingly, organizations can take advantage of that same rich data, but for dual purposes. Maybe it's a service assurance issue, but maybe it's a security issue, and so we're really making sure this sort of transformational smart data fabric could be used for either purpose.
Jon: Okay. So, it's all built on top of the data, and so you have services to collect, and process, and centralize that data, and then you can analyze it for different purposes.
Jon: Are you seeing your customers do that?
Jon: Or is it, are we at the beginning of that trend, or well along the way?
Arabella: So, we are definitely seeing our customers adopt that technology for different forms, including applications as they move to new types of cloud environments, as well as new types of infrastructure like SDN. In terms of using it for security purposes, absolutely, we're seeing more and more that security is seen as a key part of the everyday fabric of IT and application management.
Jon: Yeah, and we encourage customers to do that. Sometimes, there's a little bit of a 'separation of church and state' mentality, but these two organizations have to collaborate more to really improve upon security processes.
Arabella: Yeah, and I think IoT and cloud are both great examples of that. And, in fact, we did a recent spectrum proof of concept with a customer, and we saw some issues, and then, ultimately, you know, they then sort of showed it to their network team and they realized that they actually had a camera that was doing some sort of strange things. It actually wasn't a security issue, it was more of a troubleshooting issue, but again, it goes back to, you know, do you know what systems are actually on your network, what they're doing, and that.
Jon: Basic security hygiene, to start.
Arabella: Both basic security hygiene, but also, are you able to see all of that conversation data happening within your internal network. For most organizations, they've had good technology kind of at the perimeter, good technology at the end point, but the stuff in the middle, all these different devices having conversations with each other, that's often been silent. And that's really the opportunity for NetScout and Arbor, is to look at all of those internal network conversations, figure out what's needed from a service assurance perspective, but also from a security perspective. And if there's something really bad and we're seeing, you know, some kind of big attack bubble up, we can take measures to mitigate and, you know, help prevent it for them, where possible.
Jon: Well, that's certainly what we're after with SOAPA. So, I could talk to you all day, but our time is short, so thank you very much for participating.
Jon: And look at our website for more resources on SOAPA.