Arbor Networks, whose technology detects abnormal network traffic flow, now offers its PeakFlow monitoring tool for use in virtualized environments. PeakFlow X Virtual 4.2 is the alternative to PeakFlow X software that monitors packet flow through network routers and switches, alerting system administrators if traffic spikes above normal patterns, such as in the case of a distributed denial of service (DDOS) attack. The virtual version of the software is designed to run in VMware's ESX and ESXi hypervisors.
PeakFlow SP was introduced in 2000, targeting telecommunications service providers such as Verizon, AT&T, British Telecom and others that operate vast global networks and also serve as Internet service providers (ISPs). The appliance sampled about one packet in 100,000 to extrapolate from there network traffic patterns. In 2006, Arbor introduced PeakFlow X, which was targeted at enterprises and sampled 100 percent of network traffic, said Tom Bienkowski, director of product marketing for Arbor Networks.
Increasingly, though, service providers are showing an interest in also using the enterprise version of PeakFlow as they become managed security service providers (MSSPs) to their customers, said Bienkowski. Frost & Sullivan estimates that the size of the global managed security service market will grow to about $2.5 billion in 2015, from about $1.5 billion this year. Offering the virtualized product makes providing that security more cost-effective for MSSPs. "The virtual version of the X products allows these service providers to deliver those managed services much more economically. It's much easier, there's less rack space -- all the advantages of being virtual," Bienkowski said.
DDOS attacks are growing in size and severity, he added. Arbor Networks' own analysis reports DDOS attacks in 2007 of as high as 40Gbps, up from just 10 Gbps in 2004, and the rise of cloud computing is only going to create richer targets for attacks and more opportunities for companies such as Arbor Networks, said Jennifer Pigg, an analyst with Yankee Group. "[In the cloud] there are things moving in and out of the network that you can't pin down the location for, you don't know where the resources are located so it becomes a real security vulnerability, and it becomes that much more difficult to trace where there is something like a denial of service attack," Pigg said. Arbor Networks can appeal to a large market of both ISPs and enterprises that are creating clouds for their own use or as a public cloud offering, Pigg added.
Arbor Networks competes against companies like Lancope, with its StealthWatch line of network monitoring technology, and Mazu Networks, whose Mazu Profiler software also does network behavioral analysis. But Pigg said there are other companies in the domain name system (DNS) space that also provide DDOS notification, such as Neustar and Nominum.