Packet Rancher

Does Arbor Networks hold key data that could help save us from bad stuff on the Internet?  Are they holding out on us?  Let’s explore.

Arbor Networks is a network appliance manufacturer that has some interesting products excluding the newer deep packet inspection (DPI) boxen known as the eSeries used by the likes of service providers to shape traffic.  This is a practice we all love to hate so we’ll ignore it and this device for the sake of this post.  The fascinating part of the portfolio consists of some neat devices that they’ve had for as long as I’ve known about them in the Peakflow line.  These guys analyze and collect data (via sniffing mirrored ports) then summarize your network’s utilization in pretty graphs and charts so you can get an idea of what is happening in your network at glance.  Used mostly by service providers but a little by enterprise, it also has capabilities to detect things like denial of service (DoS) attacks, zero day exploits or other weird things that could potentially be a security concern.   By terms of the license on the box, some of the data it collects is sent home to Arbor where all of the other collectors send their info creating a larger pool of info.  This anonymous data that is sent from the largest networks in the world (see: Google, Level3, Global Crossing… you get the idea) is where it starts to get cool.

Arbor uses this aggregate data for what they call Active Threat Level Analysis System (ATLAS).  It’s name is very apropos considering it is a pretty accurate depiction of where some of the most shark infested waters are on the Internet.  Most of what’s in ATLAS was limited to information used in tracing security threats like figuring out which networks a DoS attack was coming from and how it was routed to it’s target which is useful in stopping the attack.  Network World had an article today about ATLAS 2.0 and how it is going to have more extensive data.  All of this got me thinking… wouldn’t it be cool if EVERYONE could do something with this anonymous data?   What if software programmers had APIs to get at this?  I mean sure, Arbor could make some cash licensing the access and they probably have some restrictions on their agreements with the providers that prevent it but what if they found a way and opened it up for free?  I’m talking we have some key data points people smarter than me could figure out clever things to do with.  INFOSEC security researchers would kill for stuff like this and probably would be able to create some pretty killer forensics profiles to prevent future attacks or outbreaks.  Maybe someone wants to write software that accesses this data while doing a lookup of an IP on a connecting SMTP server.  It could be possible to dig into the Arbor data and determine if the connecting server’s e-mail delivery patterns look legit (again algorithm by someone brainy, not me) in the past hour and treat the message appropriately.  Consider firewall software that could do lookups against this database in which Arbor could assign negative flags on IPs with a seemingly bad reputation.  Tons of different possibilities are there permitting the APIs are formatted and usable.  This would be up to Arbor to make sure of.

So what does Arbor get from giving away all of their secret sauce for free?  First thing that comes to mind is notariety.  Once security and network software engineers making all sorts of different projects that could use this info find out, word would spread.  I mean, the open source and open API bandwagon is all the rage, right?  Post notariety, they’d get more interest and hopefully sell more boxes that make ATLAS rich with more data.  It just seems to make sense.  As so many companies are finding these days, sometimes business is counter intuitive in that you have to give away your key products or intellectual property to gain greater attention and garner more interest in your other products and services that you charge for.  Look at Citrix making XenServer free.  Sun completely open sourced Java which no one thought would ever happen.  C’mon, Arbor.   You know you want to.

jason Service Provider, Tools api, arbor networks, internet