Introducing ThreatAMOUR

Today’s ever-increasing attack surface taxes the company’s security systems—firewalls, intrusion prevention systems, Security Information and Event Management (SIEM) systems, and the team that has to review and react to relentless alerts. Reducing the attack surface by deflecting unwanted traffic before it burdens these resources improves efficiency, ROI, and the company’s overall security posture.

Why not make your job easier? Ixia ThreatARMOR security appliance provides a new front line of defense, blocking known-bad traffic and botnet communications to free up bandwidth and security tools, and reduce “alert fatigue”.

ThreatARMOR uses data from Ixia’s Application and Threat Intelligence (ATI) research center to automatically block confirmed threats, hijacked IPs and even entire countries in bulk.

ThreatARMOR is a Threat Intelligence Gateway that automatically blocks traffic to and from criminal and illegitimate sites such as botnet controllers, ransomware and phishing sites, hijacked IP addresses, and untrusted countries. It prevents network probes, phishing clicks, and the C&C connections malware needs to download instructions or leak data. This reduces the risk from attacks such as Zero-day ransomware mutation along with up to 80% of the malicious connections that threaten the network and generate floods. Ixia’s ATI Research Center provides an always-on stream of geolocation and threat intelligence for ThreatARMOR-individually validating every single blocked IP address, every single day. Detailed Rap Sheets provide clear, on-screen proof of malicious activity for all blocked sites to mitigate the risk of false positives.


  • Reduces attack surface by eliminating known-bad traffic
  • Stop traffic from unwanted countries
  • Quickly identify compromised internal systems
  • Stops connections, both inbound and outbound, involving known malware, botnet, and phishing sites
  • No false positives – clear proof of criminal behavior for all blocked sites
  • Always-on cloud update service from Ixia’s ATI Research Center
  • Dual redundant power supplies and integrated bypass for maximum reliability
  • Available as 1GbE copper and 10GbE fiber speeds
  • Provides resilient, failsafe inline operation
  • Easily installs in less than 30 minutes

Block up to 80% of Malicious Traffic—Including Botnets and Ransomware


Ixia empowers ThreatARMOR with the intelligence required to protect your network and users by reducing the attack surface

As the complexity and intensity of Internet threats has evolved, the range of security technologies needed to secure the network has increased rapidly.

New layers have been added to the perimeter to deal with these emerging threats, fortifying the existing firewalls and IPS/IDS systems with threat detection, malware inspection, content security, DLP, DDoS mitigation, and more – at great expense.

ThreatARMOR™ establishes a new front line of defense in your network, removing threats from your network and improving your security ROI by eliminating unwanted traffic before it hits your existing security infrastructure.

ThreatARMOR doesn’t use signatures and there are no false positives. Any blocked sites are supported with clear on-screen proof of malicious activity such as malware distribution or phishing, including date of most recent confirmation and even screen shots. The site list is kept constantly up to date by Ixia’s Application and Threat Intelligence (ATI) Research Center that individually validates every site and provides a cloud-based update every 5 minutes.

Using the ATI application feed, this product solves one of the biggest challenges facing network administrators – complete network visibility that extends past layer 4 information. Many applications today run over HTTP within your network or cloud infrastructure, and thus can be obscured. The ATI Processor provides expanded visibility that gives you deep knowledge of your network, including application bandwidth, handset and browser type, and geo-location of application traffic. The ATI Processor has patent pending ability to dynamically detect new applications without signatures. It also provides mobile device identifier and browser information.

Ixia’s Application and Threat Intelligence (ATI) program provides a comprehensive service and support resource for optimizing and hardening the resiliency of IT infrastructures, including:

  • Over a decade of experience testing the threat detection and blocking capabilities of the world’s largest service providers and equipment manufacturers
  • Real-time cloud threat intelligence that enables Ixia’s ThreatARMOR™ to reduce your attack surface and provide continuous protection. ThreatARMOR eliminates traffic originating from known malicious IP addresses (malware distribution, phishing sites, botnet C&C sites, SPAM distribution, BOGONs hijacked domains and unassigned IPs)
  • Application insight enabling Ixia’s network visibility products such as the ATI Processor to provide complete network visibility extending beyond layer 4 into granular application behaviors
  • Intelligence in simulating realistic conditions and relevant attacks consolidated into a large database of exploits, DoS, DDoS, phishing, live malware and applications
  • Simulation of 100+ evasion techniques
  • Information to recreate real-world network traffic using more than 300+ applications
  • The Evergreen feed to provide constant updates for applications that are critical in validating lawful intercept, data loss prevention, and deep packet inspection devices
  • Always-on global IP geolocation database
  • Application- and geography-based application filtering
  • Rich contextual NetFlow / IPFIX generation

See Live Threat Immediately

Click image to expand

Fill out the below form to request a demo or more information.

[ninja_form id=”6″]

Commonly asked questions:

Question: Doesn’t my firewall already block access from malicious IP addresses and outbound communications to botnet C&C sites?

Answer: No. Chances are, your firewall probably doesn’t block these. Doing so requires 1) timely and trusted threat intelligence on all the world’s malicious IP addresses; and 2) support for hundreds of thousands (if not millions) of rule sets. In fact, most firewalls support at most about 10,000 rule sets.

ThreatARMOR complements your firewall, allowing you to use more of its powerful features to inspect relevant network traffic.

Question: Doesn’t my intrusion prevention system (IPS) already block access from malicious IP addresses and outbound communications to botnet C&C sites?

Answer: No. Chances are your IPS may not block either, especially if the traffic is encrypted. But with ThreatARMOR and Ixia’s Application & Threat Intelligence, blocking inbound access from these malicious IP addresses and outbound botnet communications is simple, even if traffic is encrypted. ThreatARMOR

complements your IPS, allowing you to use more of its powerful deep packet inspection (DPI) features to inspect relevant network traffic.

Question: Can’t I just filter traffic from individual countries using my firewall?

Answer: You could, assuming you have the available threat intelligence. But, you would be very limited in what you could accomplish.

Most firewalls run out of capacity around 10,000 rules and a country like Russia has more than 5,600 individual, dis-contiguous IP address ranges alone. You would likely be able to block only a couple of countries at best.

Once again, ThreatARMOR complements your existing firewall, allowing you to use its powerful access control lists for more complex network rules.

Question: Can’t my SIEM tool automatically block IP addresses that cause security events?

Answer: Yes, your security tools may register some security events, and your SIEM tool can create a rule to block the offending IP addresses. But why tax these powerful tools with inspecting and reacting to unnecessary traffic?

Reduce your overall attack surface with ThreatARMOR and free these powerful security tools to inspect relevant network traffic.

Follow by Email