Arbor boosts management, rules in Peakflow DoS 2.1

Arbor Networks announced version 2.1 of its Peakflow DoS anti-denial of service attack tool Monday, adding support for a wide range of third-party products and refining management options. The company also gave a glimpse into a future that brings it beyond denial of service and into the network traffic management market.

The Peakflow device detects and fights denial of service and Internet worm attacks by determining a baseline of network activity, detecting deviations from that baseline and examining and filtering them, if necessary. The new version of Peakflow, which is built on new hardware designed to quadruple its performance and allow the box to handle up to 10G bps (bits per second) of traffic, adds support for products from Cisco Systems Inc. and NetForensics Inc, according to Ted Julian, chief strategist and co-founder of the Waltham, Massachusetts-based Arbor.

Peakflow 2.1 adds support for Cisco's Pix firewall, allowing firewall rules to be created from the data generated by Peakflow, Julian said. The device has also been certified by Cisco as compliant with AVVID (Architecture for Voice, Video and Integrated Data), meaning that the device has been tested and certified by Cisco as working with the company's products. All the attention to and from Cisco is not a coincidence, as Cisco was one of Arbor's earliest investors.

The new version of Peakflow also adds a number of management enhancements, Julian said, including the ability to send alerts to NetForensics' Active Envoy management system and to determine which alerts go to which administrator. Active Envoy is a console which aggregates security alerts from a number of security products, including virtual private networks, firewalls and intrusion detection systems.

Administrators are also given more power to delegate work in version 2.1, Julian said, noting that specific types of alerts can be assigned to specific administrators in order to increase efficiency. Administrators can also now define their own anomaly signatures and automatically install attack signatures, rather than having to do them manually, as with previous version of the product, he added.

Lastly, Arbor showed a glimpse of its future, in which the company will move away from tackling only Internet attacks and towards managing network traffic more broadly. That future will be built around the Peakflow platform, which consists of the company's hardware, operating system, anomaly detection engine, tools and utilities, of which Peakflow DoS is the first component, Julian said. Moving a step closer to that future, Peakflow DoS 2.1 also adds a traffic management component which will allow administrators to measure, analyze and manage traffic flowing through their networks. he said.

The Peakflow platform has always been in Arbor's long-term plans, according to Julian, and the DoS component was put forward first as it was the most urgently needed and best commercial bet.

Peakflow 2.1 is immediately available worldwide at a starting price of US$80,000.