The Internet is a vast, largely open global network, but it doesn’t always have to be that way, especially when it comes to security. Network security vendor Ixia today announced its ThreatArmor security appliance, which aims to protect organizations by limiting the attack surface.
“For most organizations, there are big chunks of the Internet where they just don’t do business,” Scott Register, senior director of product management at Ixia, told eWEEK. “So for a health care company in California, there is a very small chance that a connection coming in from Burkina Faso is valid.”
The Ixia ThreatArmor appliance is a front line of defense for enterprises blocking inbound connections from places with known malware as well as those with which an organization doesn’t do business. ThreatArmor also blocks outbound connections from internal hosts to bad sites, Register said.
The ThreatArmor system is based on IP address and not any specific URL address filtering. Multiple types of technologies, including next-generation firewalls (NGFW), security proxies and application delivery controllers (ADC) all provide different types of filtering, though Register said that Ixia is taking a different approach. NGFWs and ADCs are generally focused on deep packet inspection, URL filtering, threat analysis and detection, he said.
“We do none of that; we only do IP-based blocking,” Register said. “We are differentiated by doing very high-speed, IP-based blocking, which reduces load on those devices and the SIEMs [security information and event management] systems they feed into.”
Ixia’s ThreatArmor makes other types of security platforms like ADC and NGFWs more efficient by letting them do their very advanced and sophisticated inspection on a more focused subset of traffic—that is, only traffic that has a higher probability of being relevant or belonging on the network in the first place, Register said.
The IP-based blocking system developed by Ixia provides users with what the company is branding as a “Rap Sheet” for every IP address. The concept comes from law enforcement, where a rap sheet is an individual’s criminal record.
“We go out and individually validate every blocked IP,” Register said.
For every site that ThreatArmor blocks, the system shows users why they can’t get to the address and what malware is being served from a given address. If the IP address has pushed down the malware installer, ThreatArmor has screenshots of the installer.
“If we block something, we give you 100 percent clear proof why it’s blocked,” Register said. “If we don’t have that proof, we don’t block it.”
There are also manual overrides as part of the system, and there is also the ability to do manual blocking.
From a hardware perspective, ThreatArmor is a 1RU 19-inch appliance that is available in 1 Gigabit Ethernet copper interfaces as well as a 10 Gigabit fiber interface versions.
Ixia is not providing full details on the silicon or firmware that powers the ThreatArmor appliance. “We typically don’t reveal internal details of our systems; we consider those trade secrets,” Register said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.