Arbor Networks MNA Data Sheet

Arbor Data Sheet
Arbor Networks MNA
®
Mobile network visibility and threat detection
For more than a decade, the majority of the world’s Internet Service Providers have
relied on Arbor Networks® SP solution to enhance their visibility into advanced threats
and to help protect their fixed network infrastructure and services. Today’s service
provider networks have become much more complex environments as mobility and
cloud-based services have become essential enablers of our digital lifestyle. Along with
these innovations have emerged new classes of threats to network service performance
and availability. In fact, according to Heavy Reading’s 2014 Mobile Network Security
Survey, 50% of mobile network operators have experienced a network outage or service
degradation lasting at least an hour due to malicious attacks.
Key Features and Benefits
Seamless SP Integration
MNA is a fully integrated extension of
SP—providing network operators with
unified visibility and threat management
across their fixed and mobile networks
from a single console.
Packet Core Signaling Traffic
Visibility
MNA provides real-time and historical
analytics into critical 3G (HSPA) and 4G
(LTE) GTP-C message flows—improving
understanding of signaling patterns and
unwanted traffic activity in the mobile
core as the basis for securing it.
Packet Core Anomaly and Threat
Detection
MNA detects and alerts on malicious
and non-malicious GTP-C traffic
anomalies—providing early warning
of threats to network and service
performance and availability.
And this trend is likely to continue as threats morph and migrate transparently from fixed
to mobile environments. Enter MNA, Arbor’s fully integrated extension to the SP solution
that delivers real-time traffic visibility and network awareness into the mobile packet core
so unwanted traffic is detected early and fast—before it threatens service performance
and availability.
Pervasive Network Visibility and Threat Protection in a Single Pane
For mobile network operators considering the MNA solution—and especially for those
providers already relying on SP to protect their data centers and backbone—extending
this solution to their mobile packet core offers several significant benefits:
• Integrated, best-in-class fixed and mobile network visibility, telemetry and
advanced threat protection from a single vendor.
• Broader detection of network-based threats originating both from within
(user-originated) and outside (Internet-originated) the mobile packet core.
• Reduced total cost of ownership due to familiarity with the Arbor platform, user
interface and ATLAS® intelligence feeds—enabling faster rollout in the short-term
and greater solution lifecycle and operating efficiencies over the long-term.
Scrubbing
Center
Arbor Networks
TMS
Radio Access
Networks
Mobile
Packet Core
Backbone
Internet
SP Core/
Edge Collectors
Arbor Networks
MNA Collectors
Arbor Networks
SP UI/Leader
Legitimate Traffic
DDoS Attack Traffic
Arbor Networks SP Console
MNA: An integral part of SP that extends visibility and threat detection
into the mobile packet core
IPX
MNA 6000 Appliance Specifications
Packet Core
S5
S-GW
S8
Backbone/Services/Internet
P-GW
Arbor Networks
TMS
S11
MME
Physical Dimensions: Chassis: 2U rack height;
Weight: 42 lbs (17.7 kg); Height: 3.45 inches
(8.76 cm); Width: 17.14 inches (43.54 cm);
Depth: 20 inches (50.8 cm)
SGSN
GGSN
SP Core/Edge Collectors
Gp
Power Requirements: Redundant dual power
sources; AC: 100-127V/200-240V, 50 to 60Hz,
6/3A; DC: -48 to -60V, 13A max
Interfaces: 4 x 1GE Copper and + 4 x 10GE
SFP+ interfaces (SR or LR)
Gn
GRX
Arbor Networks
MNA Collectors
Arbor Networks
SP UI/Leader
Arbor Networks
SP Console
Mobile packet core interfaces monitored by MNA
Storage: Four 480GB solid-state drives
(total usable = 1.2TB) running RAID 5
Environmental: Operating temperature: 41° to
104°F (5° to 40°C); Relative humidity: 5 to 85%
(operating); 95% at 73° to 104°F (23° to 40°C)
(non-operating)
Regulatory: RoHS 2002/95/EC, IEC/EN/UL
60950-1 2nd ed., E2006/95/EC, 2001/95/EC,
FCC Part 15 Subpart B Class A, EN 55022,
EN 55024, EN 61000-3-2, EN 61000-3-3,
EN 61000-4-2, EN 61000-4-3, EN 61000-4-4,
EN 61000-4-5, EN 61000-4-6, EN 61000-4-8,
EN 61000-4-11, IC ICES-003 Class A, ETSI EN
300 386, ETS 300-019-2-1, ETS300-019-2-2,
ETS 300-019-2-3, ETS 753, CISPR 22 Class
A, CISPR 24, Gost, BSMI, VCCI Class A, KCC
Class A, UL Mark, CE Mark, ETSI, NEBS-3 (DC),
NEBS-1 (AC)
Provide Greater Visibility into the Mobile Packet Core
You cannot address what you do not know. MNA is designed to shine a bright light in a
mostly invisible part of the mobile network. It passively collects IPv4/v6 control plane
traffic traversing the HSPA/LTE packet core (including GRX/IPX roaming traffic) from
existing taps and probes. It stores this time-series data for centralized analytics and
visualization, so operators have up-to-the-minute telemetry on all network GTP-C flows
being monitored including:
• The frequency and severity of any packet core signaling anomalies.
• The specific infrastructure nodes causing or affected by these anomalies.
• ‘Top talker’ IMSIs associated with anomalous signaling traffic.
• The associated signaling messages and ‘transaction’ cause values.
Enable Anomaly Detection in the Mobile Packet Core
Proper visibility into the packet core control plane means knowing what represents normal
user signaling activity and, most important, recognizing abnormal activity. MNA exposes
anomalous network behavior so operators can efficiently determine whether the events
are non-malicious or malicious in nature and can take action if they pose a threat to
service availability and performance. Highly configurable detection and alerting algorithms
help network managers quickly parse:
Corporate Headquarters
76 Blanchard Road
Burlington, MA 01803 USA
Toll Free USA +1 866 212 7267
T +1 781 362 4300
North America Sales
Toll Free +1 855 773 9200
• Signaling storms and malformed signaling: possibly indicating a misconfigured
Internet server, user device, errant application or DNS attack.
• Excessive or abnormally low signaling volumes: which could point to a
distressed node or a volumetric/’low and slow’ malicious attack.
• Spikes in “service not supported” or “context not found” cause values:
suggesting a sudden influx of misconfigured end-user devices or possibly an
attempt to compromise network infrastructure.
Europe
T +44 207 127 8147
Asia Pacific
T +65 68096226
www.arbornetworks.com
© 2015 Arbor Networks, Inc. All rights
reserved. Arbor Networks, the Arbor Networks
logo, Peakflow, ArbOS, Pravail, Cloud Signaling,
Arbor Cloud, ATLAS, We see things others
can’t.™ and Arbor Networks. Smart. Available.
Secure. are all trademarks of Arbor Networks,
Inc. All other brands may be the trademarks
of their respective owners.
DS/MNA/EN/1015-LETTER
Rich graphical reporting and threat
detection/alerting tools