Ixia ThreatARMOR review

Ixia’s ThreatARMOR gives your firewalls a helping hand

Editor's Choice
  • Simple deployment, Instant protection, Detailed rap sheet reports, Local and cloud management
  • Irritatingly noisy fans

Enterprise security systems are at breaking point as they face an ever-increasing assault from cyber-attacks. Firewalls and security appliances aren't the only things collapsing under the pressure either as understaffed and overworked support departments are having to deal with a daily barrage of security alerts.

Ixia's ThreatARMOR provides a simple solution as it's designed to work with existing security products and make them much more effective by taking some of the load from them. The appliance fronts the network perimeter and blocks traffic coming from known bad IP addresses and untrusted countries.

Ixia has plenty of experience in this area as ThreatARMOR utilises its Application and Threat Intelligence (ATI) Research Center services. Used by Ixia's security and testing products, this subscription service provides intelligence on threats including hijacked IP address ranges, malware, botnets, C&C servers and more.

The appliances maintain the database locally which is updated as often as every five minutes. The list is not signature based so there are no issues with false positives and Ixia's ATI team rescans all IP addresses in the list at least once a day so sites that have cleaned up their act are removed.

The console's Overview page shows you all you need to know about where bad traffic is coming from

Lightning deployment

On review is the ThreatARMOR 1G which has four Gigabit data ports and an extra pair of ports for local management and update downloads. Ixia also offers a 10G model offering four 10-Gigabit SFP+ data ports.

The data ports incorporate hardware bypass switches so hardware failures won't interrupt Internet access. We tested in a live environment and simply plugged our external Internet feed into the first data port and connected the second to the WAN port on our firewall.

We then linked the second pair inline between our LAN and firewall. This allowed the appliance to report on blocked traffic originating from the LAN and provide the device's real IP address.

The Dashboard provides plenty of information about blocking activities and detected threats

Go forth and block

Ixia is so sure of the ThreatARMOR's simple deployment that it hasn't even written a user guide. This confidence isn't misplaced as we found it remarkably easy to use.

The home page global map shows blocked countries highlighted in red while a table below reveals a performance score along with total and blocked connections and traffic. The performance score is derived from the number of blocks relative to overall traffic volume.

For most environments, a score of 50 tells you all is working well. A much lower score suggests that the appliance hasn't been deployed correctly whereas a score closer to 100 indicates an attack or malware infection.

The Dashboard view has a smaller global map with a list of the top blocked countries alongside. To its right is a list of the last four blocked countries, IP addresses and detected threats while below are summaries of the most and least allowed countries.

The appliance defaults to a passive reporting mode which can be changed to active blocking from the Settings page. If you're worried the appliance is causing a problem you can trigger the hardware bypasses from here as well.

Ixia's rap sheet leaves you in no doubts as to why traffic is being blocked

Rap sheet

For testing, we ran our standard script on a LAN system which calls on around 3,500 dubious websites. Within seconds of starting it, the Dashboard began registering blocked IP addresses and showed the number of blocked connections and the reason.

ThreatARMOR uses five threat classifications malware, phishing, botnet, exploit and hijacked. Each blocked entry tells you which type it is and clicking on one in the Dashboard takes you to the Ixia rap sheet.

This provides forensics information explaining precisely why the connection was blocked. The rap sheet shows details such as the threat URL, a breakdown of attempted Trojan activities, brute force attack credentials, file checksums and even a screenshot of the offending website where applicable.

As we had two inline ports behind our firewall, we could see the local IP address of the system making the outbound connection. Other information available are connection statistics plus reverse DNS lookup results and you can permanently block or allow traffic from specific IP addresses or countries with a couple of clicks.

The cloud portal manages multiple appliances and links up with Ixia's iPhone app

ThreatARMOR Central

The ThreatARMOR Central portal allows you to monitor multiple appliances from the cloud. It gathers information from all centrally managed appliances and presents it in its global map and Dashboard views.

We linked the appliance to our account where it provided most of the features available from the local console. We could change the operation mode remotely but options such as network configuration, update status checks and logging can only be accessed from the local console.

The cloud portal provides a web link for each appliance which you'll need to use to see their individual protection scores. This is also required to see to see the rap sheet details on local IP addresses and connection stats.

Ixia offers an iOS app for iPhones which provides real-time statistics on the move. It can show blocked and active connections along with a list of the last blocked IP addresses and their threat classifications.

Conclusion

Enterprises suffering from a daily onslaught of cyber-attacks will find Ixia's ThreatARMOR can take the heat off their security systems and support staff. Blocking traffic from known bad IP addresses before they reach your network eases the load on critical security systems and will significantly reduce alerts.

We were impressed with the ThreatARMOR during testing (apart from its noise levels) as it provided plenty of information about blocking manoeuvres with its at-a-glance maps and dashboards. Ixia's ATI rap sheet told us all we needed to know about each blocked threat and deployment really is a piece of cake.

Verdict

ThreatARMOR is an elegant solution that immediately reduces the load on your firewalls and can easily pay for itself by negating the need to upgrade critical security hardware

Chassis: 1U rack

Storage: 200GB Intel S3610 SSD

Network:  4 x Gigabit data ports with hardware bypasses

Other: 2 x Gigabit management ports, RJ-45 serial

Management: Web browser, ThreatARMOR Central

Power: 2 x 275W hot-plug PSUs

Support: £3,158 ex VAT per year

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020