EXCLUSIVE: Arbor Networks Peakflow X 3.7

Arbor's ATLAS (active threat level analysis system) occupies the right-hand side of the Dashboard and is the result of agreements between Arbor and around 70 per cent of the world's ISPs where it uses its Peakflow SP products to provide visibility into more than three-quarters of global Internet traffic. This information is also freely available at http://atlas.arbor.net and provides global threat statistics and shows which countries they are originating from - the country descriptions have been provided by the CIA and make for interesting reading.

The behaviour of the Peakflow X systems is determined by policies containing multiple rules. System rules detect host and port scans along with flood attacks whilst ATF (active threat feed) rules use fingerprints to detect threats such as known malware, worms, botnet traffic, P2P protocols and web mail. User defined rules allow you to define traffic that you specifically want to watch. Peakflow X can also integrate with Active Directory and Novell's eDirectory allowing it to track users based on their login credentials.

Each rule is accompanied by a graph of traffic activity, a table showing the clients generating this traffic and audit trail updates. The More button alongside each rule explains what the traffic is, how Arbor detects it and how to create rules to block it. Rules can be used to send out alerts and these can be via email, SNMP trap or syslog entry. The Risk Index tab shows which hosts are causing the most problems and you can click on their IP address and see why the associated host has received this score, the alerts that have been activated by it and how the score has been calculated.

The Network section is a brand new feature which provides traffic graphs for the entire internal network plus details of the top interfaces on routers and switches. Selecting an interface shows more information on the hosts along with all related protocols and services. As you'd expect, reporting is extensive and Arbor provides a raft of predefined base reports that can be modified with filters. A handy Smart bar at the top of the interface provides options for exporting the report into PDF or CSV formats, emailing it or printing it and a scheduler is provided for running selected reports regularly.

Peakflow X is simple enough to deploy and configure and this latest version delivers even more essential network and security monitoring facilities. There are still a few minor rough edges but we did like the new web interface as despite the huge amount of information Peakflow X can generate it manages to make it very accessible allowing you to see at a glance where your biggest security problems are.