Arbor Networks is a software company founded in 2000 and based in Burlington, Massachusetts, United States, which sells network security and network monitoring software, used – according to the company's claims – by over 90% of all Internet service providers. The company's products are used to protect networks from denial-of-service attacks, botnets, computer worms, and efforts to disable network routers. Wikipedia.
Arbor Networks | Date: 2015-09-04
A system for mitigating network attacks within encrypted network traffic is provided. The system includes a protected network including a plurality of devices. The system further includes attack mitigation devices communicatively coupled to the protected network and to a cloud platform. The attack mitigation devices are configured and operable to decrypt the encrypted traffic received from the cloud platform and destined to the protected network to form a plurality of decrypted network packets and analyze the plurality of decrypted network to detect attacks. The attack mitigation devices are further configured to generate, in response to detecting the attacks, attack signatures corresponding to the detected attacks and configured to send the generated attack signatures to attack mitigation services provided in the cloud platform. The attack mitigation services are configured and operable to drop encrypted network traffic matching the attack signatures received from the attack mitigation devices.
Arbor Networks | Date: 2015-06-11
A method for automatically detecting and configuring Virtual Private Network (VPN) sites is provided. A Border Gateway Protocol (BGP) message is received from a Provider Edge (PE) router. The BGP message includes one or more attributes. The VPN site is identified based on the one or more attributes. Such attributes may include extended community attributes.
Arbor Networks | Date: 2015-04-28
A computer system and method for monitoring traffic for determining denial of service attacks in a network. Data packets are monitored which are attempting to access one or more server devices in a protected network. A Transport Control Protocol (TCP) window advertisement value is determined for the data packets. If a detected TCP window advertisement value for monitored packets is determined less than a TCP window advertisement threshold value then a determination is made as to whether the data rate for the packets is less than a data rate threshold value. The monitored packets are determined malicious if the detected window advertisement value is less than the TCP window advertisement threshold value and the determined data rate is less than the data rate threshold value.
Arbor Networks | Date: 2013-11-18
A method and system for managing data traffic on a cellular network. The method and system includes detecting that an internet service is experiencing excessive amounts of data traffic from a cellular network. Sending, to a cellular device on the cellular network, a modified IP address for the internet service, wherein the modified IP address points away from the internet service. The modified IP address is sent in response to detecting that the internet service is experiencing excessive amounts of traffic from a cellular network and detecting a DNS query from the cellular device for the internet service.
Arbor Networks | Date: 2014-09-24
A method for monitoring traffic flow in a network is provided. A network monitoring probe monitors one or more network traffic flow parameters to detect a denial of service attack. In response to detecting the denial of service attack, a first set of data representing the denial of service attack alert is displayed. Filtering criteria are received from a user. The filtering criteria include at least one of the network flow parameters identified as legitimate network traffic. A second set of data is generated and displayed based on the filtering criteria.
Arbor Networks | Date: 2015-03-31
A computer-implemented system and method for mitigating against denial of service attacks. The system includes a network having a plurality of programmable network switches and a mitigation device connected to one or more of the network switches. The mitigation device includes logic integrated with and/or executable by a processor. The logic being adapted to monitor network traffic from one or more of the network switches and determine network policies to provide protection against denial of service attacks. The mitigation device is configured and adapted to send a software-defined networking (SDN) protocol signal to the one or more of the network switches to program the one or more of the switches to match and drop attacker data traffic contingent upon the determined network policies.
Arbor Networks | Date: 2014-08-26
A method for monitoring control traffic in a network is provided. A network monitoring probe passively monitors one or more network performance metrics related to control traffic. A plurality of threshold values associated with the one or more network performance metrics is received from a user. An alert notification message is sent to the user via an alert engine, in response to determining that at least one of the plurality of threshold values has been reached by the control traffic.
Arbor Networks | Date: 2015-05-12
A system and method for providing redundancy with remote scrubbing center devices. The system includes an edge detection device and a plurality of scrubbing center devices in a telecommunications network for providing redundant scrubbing center functionality for the edge detection device. The edge detection device maintains a network connection with more than one of the plurality of scrubbing center devices whereby each of the more than one of the plurality of scrubbing center devices sends and receives a synchronization signal with each of the one or more edge detection devices as if it was the only remote scrubbing center device coupled to the edge detection device.
Arbor Networks | Date: 2014-11-07
A method for network traffic characterization is provided. Flow data records are acquired associated with a security alert signature. Unidimensional traffic clusters are generated based on the acquired data. A Bloom filter is populated with the acquired flow data records. Clusters of interest are identified from the generated unidimensional traffic clusters. The identified clusters of interest are compressed into a compressed set. A determination is made whether a multidimensional processing of the acquired flow data needs to be performed based on a priority associated with the alert signature. A multidimensional lattice corresponding to the unidimensional traffic clusters is generated. The multidimensional lattice is traversed and for each multidimensional node under consideration a determination is made if the Bloom filter contains flow records matching the multidimensional node under consideration. A determination is made if the unidimensional node corresponding to the multidimentional node is included in the compressed set of unidimensional nodes.
Arbor Networks | Date: 2014-04-23
A method and system for managing data traffic and protecting computing assets. The method and system includes intercepting queries and messages, such as EDNS0 queries, and sending probe queries and reply queries to the originating computing device to determine whether the originating computing device may be sufficiently validated so as to justify forwarding resource-intensive queries and messages to the targeted computing device.