Trend Micro has a new service it claims can protect large networks from large-scale botnet attacks.
Called the InterCloud Security Service, the real-time system uses a range of patented detection techniques to spot patterns typical of botnets, isolating their traffic before harm can be done, the company said. The technology’s core Behavioral Analysis Security Engine was due to be shown for the first time at this week’s DEMO 2006 event in California.
InterCloud will be aimed at owners of large networks, such as ISPs and universities, but the protection offered will have a knock-on benefit for ISPs’ corporate customers if it proves successful.
Botnets are usually made up of swarms of hijacked consumer PCs called “zombies” and have become the number-one means of spreading malware, sending high-volume spam and executing distributed denial-of-service (DDoS) attacks. There is even evidence that botnets are being built to order and resold, once assembled, to criminal third parties.
“Up to this point, ISPs have been largely at the mercy of botnet activity, robbing them of network resources and threatening the welfare of consumers and businesses daily,” said Trend CTO David Rand. “With the release of this service and the bot-expert resources devoted to it, Trend Micro offers service providers and large institutions the first botnet mitigation solution.”
Finding botnets is easier said than done. The technology claims to be able to find them in real-time by analyzing large volumes of DNS queries and Border Gateway Protocol, somehow cutting through the attempts by botnets to avoid detection.
Backing up the service are a team of botnet-sleuths, security specialists working for Trend who are mostly there to provide background intelligence and reports on a problem that has risen to the top of most security managers’ worry tables.
Botnets do a great deal of damage every day, though usually it is the malware they distribute in an automated way that grabs the headlines. However, earlier this year an individual was convicted of using a botnet to infect PCs belonging to a hospital, shutting down the intensive care department.
In January, McAfee launched an add-on for its IntruShield intrusion detection appliances that claims to be able to spot and block botnets.
-John E. Dunn, Techworld.com (London)
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.