As cyber crimes plague the IT industry, malicious threats have evolved from the simpler worms of recent years to the more sophisticated, harder to battle botnets.
Botnets are operated via remotely controlled and compromised PCs, often to exploit spam and conduct denial of service attacks for profit.
Unlike worms, botnets are not randomly targeted. They remain invisible to many antivirus solutions and are a key feature in stolen identities and privacy breaches, corporate IP theft, network downtime, loss of productivity and inflating operational expenses.
Anti-botnet system provider FireEye (fireeye.com) is working to address the growing epidemic of botnet attacks by enhancing its product capabilities using some of the same principles used in building the botnets themselves. The company recently announced a new strategic blueprint for protecting consumers, service providers and corporate networks against botnet-driven attacks.
"The new strategy is [a] completely from-the-ground-up approach to detecting malicious activity, identifying botnet propagation, command and control coordinates, out of those malicious flows and networking that information across multiple devices deployed by an ISP and corporate environment in real time," says Ashar Aziz, CEO of FireEye. "By creating an anti-botnet we're creating a network of devices put together to combat the botnet itself.
The solution includes a line of appliances called Botwall 4000 that enable Internet service providers to block botnets and stealthy malware from exploiting enterprise data and computing resources.
Botwall appliances feature the FireEye analysis and control technology engine which scours network traffic for botnet malware and botnet command and control server communications within virtual victim machines.
The devices work with the FireEye Botwall Network, a globally deployed, "in the cloud" service that integrates global intelligence with local botnet analysis.
"The Botwall Network is comprised of our appliances sitting in the ISP environment as well as in the corporate environment," says Aziz. "Other vendors will try to do some manual, global signature detection and force and apply that on the corporate network. What we do on the corporate network is local analysis."
The network catalogs and disseminates botnet characteristics taken from analyses conducted by interconnected networks of Botwall appliances deployed at service providers around the world. Customers using the product can subscribe to the Botwall Network to access the constantly updating information.
FireEye says its anti-bot network solution enables ISPs to prevent identity theft infrastructure, shut down spam relays and restore the bandwidth subscribers have paid for.
"Our devices are not intended to be visible," says Aziz. "They're actually silent observers of malicious activity, and therein lies the power of what we do. We are effectively invisibly monitoring all this malicious activity that gives us a layer of security over and above other people who try to create Internet-scale observation systems."
Return to hosting news headlines
View Hosting News Archive