We would like to thank Alexandre Aeschbach, Chief Solution Architect at Emitec AG for creating and sharing the integration script with us.
Evergrowing number of threats and attacks starts to represent an issue to overall enterprise security. Various tools are deployed to provide multi-layered security and protect business assets. To not overwhelm security teams with thousands of alerts, a script-based integration between Ixia and Flowmon has been created. Using Threat Intelligence service, known malicious communications are handled with Ixia Threat Armor by blocking them even before they hit your perimeter. Flowmon ADS provides additional threat information and detection of malicious communication which are not detected by traditional and signature-based security solutions. Joining both solutions lowers load on security tools, strengthen enterprise security and makes security team's life easier.
Ixia Threat Armor
Ixia Threat Armor provides front line defense by removing threats and malicious traffic before it hits your infrastructure. The appliance is deployed outside the perimeter and blocks communications with IP addresses in the Rap Sheet database (blacklists). Cloud based ATI (Application Threat Intelligence) service updates threat data (the database) every 5 minutes. The main benefit is lowering load on enterprise firewalls by blocking known malicious traffic and thus negating the need for a possible firewall upgrade.
Flowmon ADS
Flowmon ADS is network security tools which complements traditional security solutions with signature-less anomaly detection. Using Network Behavior Analysis technology, the ADS is able to detect threats which bypasses security solutions deployed on perimeter, end-points as well as signature-based solutions. Flowmon ADS is also fed with Threat Intelligence information to extend its capabilities with detection of malicious communications.
Integration details
The integration is made using Flowmon ADS capability to report detected events via script and Ixia Threat Armor API, which allows to add entries to its database. Upon detection of malicious communication, the Flowmon ADS triggers a script created by Emitec AG. The script uses Ixia Threat Armor API to add malicious IP address to the block list. After that, Ixia Threat Armor blocks the communications with malicious IP address. Using parameter in script it is possible to define expiration date for the IP address added to the block list.
About Partner Emitec AG
Emitec AG is the leading company in Switzerland dealing with Security Testing and Monitoring. Emitec AG is Flowmon Gold Partner.