Ixia's ATIP Security Processor Accelerates Threat Detection

New enhancements to Application and Threat Intelligence process technology debut along with a new centralized cloud management interface for security appliances.

Intrusion detection

Network security vendor Ixia announced a series of new product capabilities on Nov. 9 in a bid to help enterprises detect potential threats quicker and better manage a fleet of security appliances.

The newly enhanced Application and Threat Intelligence Processor (ATIP) is part of Ixia's Vision One platform that was first announced in March 2016. The Vision One platform provides network visibility and is an evolution of technology that Ixia gained by way of its $160 million acquisition of BreakingPoint in 2012.

Steve McGregory, Senior Director, Application and Threat Intelligence at Ixia explained that the ATIP is able to look at network data packets at high rates of speed. McGregory noted that a key issue for many organizations is the time it takes to actually realize an intruder compromise of some sort has occurred. The 2016 IBM sponsored Ponemon Cost of a Data Breach study, for example, reported that the average time to identify a breach is 201 days.

"We have now enabled ATIP to key in on Indicators of Compromise (IOCs)," McGregory told eWEEK. "Indicators of Compromise are not necessarily anomalies on a network, but they are things that are associated with data exfiltration, as well as techniques used by hackers to spread throughout a network."

The ATIP is not a physical piece of silicon, but rather is a software processing feature that is enabled on the Vision One appliance. McGregory explained that the Vision One has integrated physical processors including FPGAs (Field-Programmable Gate Arrays) and ATIP runs on the network processors.

Data from the Vision One, including ATIP can be sent by users to a supplementary system or tool, for further analysis. McGregory said that he expects that organizations will make use of a third-party Security Information and Event Manager (SIEM) platform to complement the Vision One.

Ixia is also introducing new cloud management capabilities for its ThreatArmor network appliance. The ThreatArmor appliance is a security gateway that benefits from Ixia's threat intelligence services. The appliance is intended to be deployed in front of an enterprise's existing firewall. With ThreatArmor, known malicious traffic is removed from an enterprise network, McGregory explained.

"The new ThreatArmor Central is a cloud-management system for ThreatArmor," McGregory said. "ThreatArmor has its own user interface, but when you deploy multiple devices, it became hard to manage."

McGregory noted that Ixia itself has a fleet of 27 ThreatArmor appliances deployed to protect its own infrastructure that was a management problem for the company. With ThreatArmor Central McGregory said it's now a whole lot easier to manage Ixia's own deployment as well. The back-end infrastructure for ThreatArmor Central is located on the Amazon Web Services (AWS) cloud.

For ease-of-use, Ixia now is also introducing a mobile application for ThreatArmor, which provides an optimized user-interface for management. Looking forward, McGregory said that Ixia is now working on virtual editions of both the ATIP as well as ThreatArmor.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.