The sophistication of cyber threats, and the complexity of maintaining traditional point network security solutions, is driving the adoption of managed security service solutions utilizing threat intelligence. As your organization upgrades your security posture to be more proactive, you want threat intelligence that is actionable and can be integrated with protection actions. Lumen Adaptive Threat Intelligence (ATI) service helps address these business challenges by providing monitoring and alerting of internet-based threats to help protect your users, website or critical applications on the internet.
ATI is an always-on, network-based, near real-time monitoring, threat correlation and alerting service that provides alerts about the traffic to and from your IP addresses monitored by Lumen, and other IPs on the internet. ATI monitors data samples flowing across the Lumen global network infrastructure obtaining information about traffic flows between your network and the other end of the IP communication. The sampled information is subsequently correlated by ATI against the Lumen database of known malicious IPs. If the sampled information matches a malicious IP, a record is created (an “event”) that is forwarded in near real-time to the ATI portal. Information about Events is also aggregated and sent to you via email periodically. The service is available in two cloud-based options called Enhanced and Premium Adaptive Threat Intelligence service. If you subscribe to Premium ATI, events may also be forwarded in near real-time to your security information and event management (SIEM) platform.
Lumen has made a major investment in developing a threat research and engineering group called Black Lotus Labs. The Black Lotus Labs team has developed threat sensing capabilities using one of the world’s largest IP backbones. Malicious behaviors are detected off the backbone and classified using sophisticated machine learning algorithms and automated validation infrastructure. Additionally, Black Lotus Labs validates indications of compromise (IOCs) that are conveyed using third-party resources. The extra effort pays off in the cultivation of a very high-fidelity threat set:
- real-time visualization of their interactions with malicious entities
- botnet research and take-down efforts keeps the backbone safer
- automated deployment of countermeasures when new threats are discovered via Black Lotus Labs
- leading botnet research and publication