Anti-botnet vendors plug in

By Matt Hines, InfoWorld |  Security

"This is the actual infrastructure that connects all the malware, spam,
and denial-of-service attacks," he said. "A feature built into an
end-point client is not going to solve the problem on its own; large enterprises
and carriers are looking for something today that is going to help them keep
their assets from being victimized."

In addition to the carrier crowd, Aziz said that a growing number of large
enterprises are seeking to take things into their own hands to ensure that their
networks aren't being exploited by botnet commanders.

Not only are large companies fearful of having their assets used as proxies
by all sorts of attackers, and any potential fines that such activity or related
data loss could lead to, he said, they are also hoping to avoid the embarrassment
of having machines inside their walls publicly revealed as spam and malware
delivery stations.

Throughout 2007, researchers at network security technology vendor Support
Intelligence repeatedly detailed spam runs emanating from well-known businesses,
including Bank of America, Intel, and Nationwide Insurance, that were thought
to be driven by botnet-infected computers.

At the core of the company's anti-botnet technology, delivered via its appliances,
is its FireEye Analysis and Control Technology (FACT) engine, which looks for
suspicious traffic, confirms attacks, and blocks access from infected devices
to other machines on a network.

Using the information being drawn from its customers, which already include
a number of large North American carriers and Fortune 1,000 companies, according
to the CEO, FireEye claims that it also has the ability to backtrack its way
through the networks of infected machines to scope out the size of botnet operations
and work with carriers to snuff out the infrastructure.

Aziz contends that even if anti-botnet technologies become digested in broader
suites by most companies or through carrier-provided services, FireEye -- whose
virtualization-based technology was originally positioned for use in network
access control (NAC) systems when it was founded in 2004 -- will be able to
turn a profit by providing the intelligence needed by those systems to identify
and track the attacks.

"The capability to build this intelligence about the botnets themselves
is a sizable business opportunity. These companies offering services will need
to constantly feed new data into their gateways," he said. "We feel
this is a viable business model, finding the infrastructure that is out there
and helping people understand where it lives and how it works."

Damballa, which takes it name from the realm of voodoo spirits, is already
marketing its capabilities to both enterprises and carriers in a number of different
models.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question