ATI is an always-on, network-based, near real-time monitoring, threat correlation and alerting service that provides alerts about the traffic to and from your IP addresses monitored by CenturyLink, and other IPs on the internet. ATI monitors data samples flowing across the CenturyLink global network infrastructure obtaining information about traffic flows between your network and the other end of the IP communication. The sampled information is subsequently correlated by the ATI against CenturyLink’s database of known malicious IPs. If the sampled information matches a malicious IP, a record is created (an “event”) that is forwarded in near real-time to the ATI portal. Information about Events is also aggregated and sent to you via email periodically. The service is available in two cloud-based options called Enhanced and Premium Adaptive Threat Intelligence service. If you subscribe to Premium ATI, events may also be forwarded in near real-time to your security information and event management (SIEM) platform.
CenturyLink has made a major investment in developing a threat research and engineering group called Black Lotus Labs. The Black Lotus Labs team has developed threat sensing capabilities using one of the world’s largest IP backbones. Malicious behaviors are detected off the backbone and classified using sophisticated machine learning algorithms and automated validation infrastructure. Additionally, Black Lotus Labs validates indications of compromise (IOCs) that are conveyed via third part resources. The extra effort pays off in the cultivation of a very high-fidelity threat set: