Keysight ThreatARMOR™

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Keysight Technologies
Company size (employees)10,000 or more
Type of solutionCloud/SaaS

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

• A threat intelligence gateway, ThreatARMOR enables you to block up to 80% of hostile traffic, botnets, and ransomware — dramatically stemming the flood of alerts to your SIEM.
• While bad actors may circumvent firewall filters, ThreatARMOR offers a more resilient defense, blocking threats by location, not behavior with continuous threat updates
• Achieve a 15x return on investment in a single year by reducing SIEM alarms and SecOps alert fatigue with optimized operations with full-line rate performance

Brief Overview

Keysight ThreatARMOR™, part of Keysight’s Security Operations Suite, reduces risk, minimizes attack surfaces, and stops non-actionable threats from ever triggering SIEM alerts in the first place. A threat intelligence gateway, ThreatARMOR™ automatically blocks up to 80% of malicious and invalid traffic. Backed by a non-stop threat intelligence feed, ThreatARMOR™ detects and prevents inbound and outbound communication from known-bad IP addresses, hijacked IPs, and untrusted countries. While bad actors may circumvent firewall filters, ThreatARMOR™ offers a more resilient defense — blocking threats by location, not behavior.

ThreatARMOR™ also blocks malware and ransomware connections, connections to known phishing sites, and connections probing for weak IoT devices and other vulnerabilities. Keysight’s Application and Threat Intelligence (ATI) Research Center has been collecting threat intelligence for over 20 years and continuously populates our threat cloud with information from our global honeypot networks, security researchers, malware analysis, and curated threat feeds. Every single blocked site is examined every day for re-validation, and complete proof of malicious activity is available on-demand for every such site. ThreatARMOR™ also accepts custom threat feeds and easily integrates into SOAR systems via API.

Most perimeter security devices like NGFWs are optimized for deep packet inspection, but are not designed to block malicious, hijacked, and untrusted IP addresses at massive scale. Even if they can import a threat intelligence feed, trying to block tens of millions of IP addresses is not possible without significant latency and performance impact.

ThreatARMOR™ complements NGFWs by offloading blocking at massive scale, so they can allocate more resources to content inspection, user policies, VPN termination, and other features —while generating fewer security alerts. Plus, by blocking most illegitimate and malicious connections, ThreatARMOR™ helps security teams prioritize, investigate, and identify targeted, intelligent threats which might otherwise get lost in the shuffle.